Rich, Well, I didn't write this to merely get things off my chest. I have been active in the IETF for over 25 years, and this is the first time I have seen an attack pass IETF LC.
Regarding using 5-tuples, random dynamic + 443 port numbers are mostly useless, and server IP address does not provide granular application classification. I don't really care if the server belongs to Google since the same IP address can be used for about 20 different applications with wildly diverging forwarding policy requirements. Gmail can be delayed for seconds, search has intermediate delay but low data-rate, Youtube DASH has critical delay issues at startup and then none afterwards, but high bandwidth, etc. And a large percentage of the traffic may be on an operator CDN, so that different OTTs share IP addresses. And that covers only the traffic management issue I raised. Regarding the more serious malware detection issue, I assume that you expect me to rely on the RFC 3514 marking in the IP header? Y(J)S From: Salz, Rich <[email protected]> Sent: Wednesday, July 2, 2025 6:28 PM To: Yaakov Stein <[email protected]>; <[email protected]> <[email protected]> Subject: [EXTERNAL] Re: New Version Notification for draft-stein-tls-ech-considered-harmful-00.txt External Email: Be cautious do not click links or open attachments unless you recognize the sender and know the content is safe I appreciate that sometimes it's just good to get something off your chest. Why doesn't TCP-level filtering and control work? Nobody's hiding the five-tuple. This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
