IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: Private IPs, DDR, and PR#11

Tommy Jensen <Jensen.Thomas@microsoft.com> Thu, 08 July 2021 16:17 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C948E3A27AB for <add@ietfa.amsl.com>; Thu, 8 Jul 2021 09:17:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.196
X-Spam-Level:
X-Spam-Status: No, score=-2.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkFNdgCai_Z2 for <add@ietfa.amsl.com>; Thu, 8 Jul 2021 09:17:49 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on0713.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::713]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1338A3A279F for <add@ietf.org>; Thu, 8 Jul 2021 09:17:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WwSTVT6gq8Ied8W/+J0SKICaVTtHCgLCxIp1TaG9y01hkjw7b8GVFhIocdQpFprHpMobmkN+M+owcwMvCJFJAbUMkE4hbOz98wNW/OH7jrqX9xUB4ol9EfWkMeFNKkj6Q9EyTfBAYzulFl2VtYttBFWr8PRCmCZJSl3gyC+oiUQkrTS1S85fQGi5yHSrIWslymtaz32RBl6LaBn2VS45PzOC2XmqH/Ntw7MbGjKMEzL+wj/Iu5Ig8le4ftb3EdFduXJHutdQLAbUqnGGtIouHwyvi/WSqwqmc1iv5bqg9/JqDRtYyfyDn1WnDK7gpY9WhYmZVOJ5EbWkLTAsTeDvyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RykhsTpFqSG//oXwvmAzbyrw6vEHFqVQA9NaYw9geGo=; b=kx1lvk0Wfcd2fj5IZj5j/7wbEie4lpMuvHnZUn4rSwDtENek/l2sOoo31QOWKou1s7/dRLPaEw1nlUmi/Lp/HJ1r4pXINniT9khKZ0rEUUEdu7cdsC/1y00gVUZ5L1KJwsjzToVJ3FNC4yAMVlDKTIuMz/eS2flkvHRInrTR6Eaijt+ALpn4GNTjnyvVHbGjz7XfdGovR0KL1VaO7Scv0E/Jn/Ucvn88KsUgU8fz3wyaiUsBiHlijQTngC+S266mjA2tI+CSj0yDlgh9WHoJ2j4AmrZX5SRLFeN3G8pup3lB+xPED1y1wvkxNQipFL3uMNM1onGymIRNcem+HM1Zdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RykhsTpFqSG//oXwvmAzbyrw6vEHFqVQA9NaYw9geGo=; b=biQXtaPpnW65KOvb326JlhNYoOWArop4bUHbxrc1XZk/E7VjusV/90Bw/3oAkJv+TdVl4DsTXMKiz2lZh6CznZOiB4DT1Fga/Xqueymf2c6g5VBoJXWmRX4z+tz+cAd8I7PmWkXwJYD1PoLy+kayWnWOQlFtNvt/jhwyu4ne8jM=
Received: from DM5PR00MB0342.namprd00.prod.outlook.com (2603:10b6:4:9f::33) by DM6PR00MB0684.namprd00.prod.outlook.com (2603:10b6:5:21c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4342.0; Thu, 8 Jul 2021 16:17:44 +0000
Received: from DM5PR00MB0342.namprd00.prod.outlook.com ([fe80::b1d6:d0a5:e759:1c7d]) by DM5PR00MB0342.namprd00.prod.outlook.com ([fe80::b1d6:d0a5:e759:1c7d%9]) with mapi id 15.20.4351.000; Thu, 8 Jul 2021 16:17:44 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: "bemasc=40google.com@dmarc.ietf.org" <bemasc=40google.com@dmarc.ietf.org>, "ekr@rtfm.com" <ekr@rtfm.com>
CC: "add@ietf.org" <add@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Add] Private IPs, DDR, and PR#11
Thread-Index: AQHXc0EPt32ZgwiQ1EOyNER4DPDOOKs4Z0oAgACaoICAAAybAIAAK6WAgAAIiwA=
Date: Thu, 08 Jul 2021 16:17:44 +0000
Message-ID: <DM5PR00MB0342CD0554C5A7007AB949EDFA199@DM5PR00MB0342.namprd00.prod.outlook.com>
References: <CABcZeBOf2C9dSoYr2w6tEOLkpL_pBu5EhBh3HJWKf+iyAfafKg@mail.gmail.com> <CAHbrMsBDT1G2qT8g1e+5yOdQkq7nfKw1vNemYE4zJ7J5qL8z=A@mail.gmail.com> <CABcZeBMYavozy81+OiytxsE7QZ0EOPfucx6wHzFbB9M9ag5Z8w@mail.gmail.com> <CAHbrMsD20xGp5qsS069r0gYMF4wyV-yOVgghkTnBQNmFDAcNFA@mail.gmail.com> <CABcZeBP5CspvyBejA9m+TSp1Y0=X5P4PD3b=1tJmLgBkbDuqKQ@mail.gmail.com> <CAHbrMsDdgke8ohHNGQxrer_P=N6k0AMoucxQotsbuOqLWKVQ7Q@mail.gmail.com>
In-Reply-To: <CAHbrMsDdgke8ohHNGQxrer_P=N6k0AMoucxQotsbuOqLWKVQ7Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-07-08T16:17:42Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=f59fabe6-cd2f-4fb6-8ec3-33b32fb662c8; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aeadab85-1e00-4148-eee3-08d9422beb11
x-ms-traffictypediagnostic: DM6PR00MB0684:
x-microsoft-antispam-prvs: <DM6PR00MB06840F686C3C94F1CD1F9E6CFA199@DM6PR00MB0684.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: b+VSWHEBZOxmmvLqYpkfh6MgvI3GGoF5k9iEJkAPJKaH0qfk+WfdhxHvlytgXE8A/FsxZAm6rpzHenmivASgwPc6I53zkRANqeMZQp34HQeNnSQd2PkGakLB1LBtzRGRjERS5zPdpe0n9q2RhUApM3GEwvotzbEWhiVUchyllCxhXqVuYFjvjGRtcNELgiYCj49afU9xNKU3jGgl90zwa9Jr9kZnOT9NVO7gJhYMzlUlvLGerFLqdtOy9OCWV51K08W1czEwxxLbiR7oV7iNp8psJTgxqC7O0EPnm/o+HZHdnuFa7hlbd3rHXvz2nhF8n9zFVimG9Oco/893qLKX6Zu4e1rfSU+tHP8/V+EMcu9KTEH5bGs23dhWfCZHiHG+sK24/jGIeqeMVgPpJciSU1eNONgyJqEC042XA9H7gX3/XswKciiKyc/Uk0fnFfBNEg0xypZ/FydXPnyoyZV0efjI8hbj8j/HDxi5wgU5oj3k6RsVTN7xypvAQmcIpKBOqfGrOgg+NQ308FdOw1z3GaeZtWcaJj4ENvMqLhYxDOOXfmbdgUewMz+do9Ye+VIoJTnAVTMTO9ia4xpM54qGyugwIX3+vIlM2lTwl8cybcc+qTRkS8IyMGhdRi83rAfoMfhMKWStoyqjYC1D4YZZvcRXjeeDexJd+6UsgG8DyFw6p0IfRXarBeSMZFlekHwFOey+L1pXXAcLWGMle+cB+9+PfEb5d/k1sLstaI50uy8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR00MB0342.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9686003)(4326008)(8676002)(76116006)(66556008)(83380400001)(6506007)(166002)(2906002)(82960400001)(82950400001)(38100700002)(966005)(53546011)(8936002)(86362001)(110136005)(71200400001)(186003)(478600001)(64756008)(5660300002)(316002)(55016002)(66446008)(66476007)(33656002)(66946007)(122000001)(8990500004)(52536014)(10290500003)(26005)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: L5p5D7wtMZ1C2FH8BvSnEfmiInuqt/yfJKrVLdYE/Z7lFbZoUuxztlPMOMuuKs5D6U4SNpSkJnnx8B2d/gcSmWoYNI1i4HeDH4J4pzPjQpjDkG+V/KmrnW4cKV26dMNDPJAUqvodyu++5ZSmk6UxhQi1Cg82mdHw0nxDnKohyTdr7VbghHAw2BKGDXBY5rqqBi0rI6jhr+lr2yxBFA+GAlJuv17SDM9+JKmV6sorqzNsOB6db97+vWBazGyntikySDaMIXaRSljc8Oyl2XwwfP1FJ3gOBYuJ/LzlcToxFaJP36BtU6dXixXeV1gJ0FJIoPt//bgqgvEsGXBUahXuQ5qZDqEYtF7fomERAnXTvEt1S/hzjCp0KjPjYhKA9EYE/ctCss/zVp1WWvBkd0s/ldhwQzChUzNDma9juRGaYdFgls0Xuj/NH4iq1609/9ygUMf1/ZZ6vbsDr/piM4ZtE8fZFzEAFd+TDKyjmWxXlqBNX8kwh33M6kUUO1NkbStJLdK0Ok+Z62ssoXvjzKn817l+04YV2Ivrmx2SLP0glnqORN0GZsENeBSk+V3beQX2VX2B8mjUETtcZiQ9FE/fB+ayVXRsCVX8kBfr/h0wUZjAbyisnSfzbdGo6nZybV2PxHV2uXnYcKZ5e/6t7KJ97IP/1N8UI1V7NcSdiaO8gMpX5yG0cNNgMRH19CMj34uOXOXi19pizn4x8UOYQWg1gwxbdl5bYoPiz3owm2HxXH808p2Hs79Yb9SobGFhkzQN+b25HdmWtSa1r62floH0w+NFAwmsN9dkjJcnadjyf7HJ2ZRtcDE0Eo1+qBck01amvadB2zdoxaD2yfRhUisQssseo3gPXEciQEIjplJ0KJKMtIRbM/U3v2/B2B4HPC8lHuzHr50+H20Njz1c8xDrZGGMceA0B+thCVSyK3f1g7VeI/Klwf479Xysg+mKiL6CKYmNAguUnClSMxJF2buzB53ZIMyjxI4yOFqKtNo8AbpKks89+qB8ggYRdk3BgtTIlEafdNZs0HTo392Hhz8lUXW2n0k+Dli9BFY6ShCc4g0VKk2gZjbWyqhC+8cSGxCrgxfH+LZ3vYaE/xBHjp38ROeeapNxUGFACMAv8mBnmbj2AgcjAJhUKzQBomlznjpU79VUSGm+Z6zMRtQR9ZyAcXDbGoUCAol1woL/9gng+5NUcdJRtrVfLhDtEz5fMNyea91gv82gjEy20k7hI/TPOKx9I3cTzynKQW//wS9aZf8/f9A7c0o3lPviYSZv8YaHzP0chTiUDRIMPOfaTg7AHoukaH2HgIV/cyaw+5fkQTmTX1WdiG4BLe3wjnGkJr2k
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB0342CD0554C5A7007AB949EDFA199DM5PR00MB0342namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR00MB0342.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aeadab85-1e00-4148-eee3-08d9422beb11
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jul 2021 16:17:44.3194 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YUWHwAOh1WxNfsTSJLmGo8urzYE7qElAxj/2CQNK047B5AlUq2palVws+2gtEYON/iiX8/HlfnpmLFZBYLJsIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0684
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/KEyO0q75urUglytptB-AXcBmP8g>
Subject: Re: [Add] [EXTERNAL] Re: Private IPs, DDR, and PR#11
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2021 16:17:54 -0000

Hey Ben,

I don't think this part is under contention:

> there is a passive adversary on the public link

I think this part is:

> the local network is free of adversaries

Thanks,
Tommy

From: Add <add-bounces@ietf.org> On Behalf Of Ben Schwartz
Sent: Thursday, July 8, 2021 8:46 AM
To: Eric Rescorla <ekr@rtfm.com>
Cc: ADD Mailing list <add@ietf.org>
Subject: [EXTERNAL] Re: [Add] Private IPs, DDR, and PR#11



On Thu, Jul 8, 2021 at 9:10 AM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:


On Thu, Jul 8, 2021 at 5:25 AM Ben Schwartz <bemasc=40google.com@dmarc.ietf.org<mailto:40google.com@dmarc.ietf.org>> wrote:
...
The clearest use case is where the local network is free of adversaries, and there is a passive adversary on the public link.  I think this is likely a common scenario ... perhaps the most common scenario of all.

I'm just going to repeat my question here. Do you have any evidence that this scenario is at all common?

I would start with Room 641A [1] and RFC 7258.

Perhaps you mean that we cannot exclude the possibility of active attacks?  This is true, but I believe there is enormous value in forcing passive attackers to become active (or desist), as this makes their presence detectable and enables remediation.

[1] https://en.wikipedia.org/wiki/Room_641A<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FRoom_641A&data=04%7C01%7CJensen.Thomas%40microsoft.com%7Cf135fcc0a08d495797ea08d942278961%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637613559912025247%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Y1oZ9h19q8sXG8KQlFRgqoEQy7kyTSc1cZoAffTB2tM%3D&reserved=0>

v2.23.0 | Report a Bug | By Email