IETF Logo Mail Archive

Re: [babel] minor DTLS comment

Dave Taht <dave.taht@gmail.com> Mon, 07 January 2019 21:43 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1043112D4F0 for <babel@ietfa.amsl.com>; Mon, 7 Jan 2019 13:43:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FAA_qSqmPRIk for <babel@ietfa.amsl.com>; Mon, 7 Jan 2019 13:43:36 -0800 (PST)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD03A12D7EA for <babel@ietf.org>; Mon, 7 Jan 2019 13:43:35 -0800 (PST)
Received: by mail-qt1-x82a.google.com with SMTP id t33so2234549qtt.4 for <babel@ietf.org>; Mon, 07 Jan 2019 13:43:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5F9QR09LZFySAUtGaWww1e6DaX1coLjVu8GSMY+5kA8=; b=YO3RZ2vc1CKSyEbHHAg3Zp5KYSgtudqaAmFe855NXeeDuSGJIi5niOvWG+udRC1tJk dYJxBL3UsWXbLy6YpvH4X2RE823Lh3xjPO82heoageRD+YRXERoZ7y7Jv5C/6MhlJ9+D 1hQmXk4P88cQrPjzP9w5ABRHpy0LrrrP11Lx5ZK9bi/A11sxMUfS/QljFXbZTM73UrRT pFgovpju6VQkER5KaIXtCawSJn6kwt4xr/Km0WZ2m+jMM87UDggJyPGp+PIU1blrS7ZP 6ltypw3yNeCUp+4rsL8TSswLoq9ZgTtys52ptky16YnUytPTf24US3CU8t8gVx2i0wR0 +2EQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5F9QR09LZFySAUtGaWww1e6DaX1coLjVu8GSMY+5kA8=; b=lkLhqZ/Y7H0yfYT5UMYhSeMNVEwTCsSVWZmG0lgJBoNJahpD/YLD2l6xBjoO72ea1X Hic5a1PmjolJ3Yfso/lA9iW9rdt+eHyjk8NnamUjaHzCQTbTx/S6QcphFid/e6b1AHZj NksqERcIQhAomEXKe3OcftKU1f6NosWS8Mui7TGf6WJha0edqnlppaL+HdVLAS/zEQMI BJIw2ITAPLRJ1KHvnbTiuygYcoyqUEZVOk5UDKB+m4yn2ncukvaxXK3mZpwv44/F0zN8 beeozdMSCyf/BPtk3JfgGa5QC2lp8FyakPw9rtIGdYNid7Z6zxxb6SwErvI+Lg2RY4Mq 4wBg==
X-Gm-Message-State: AJcUuke4obm3CmwMyDHuyBLhLSt/WhqeIfkv1uVakl7DynT4rS5M+Ry7 q8yzhBRLz5vwHDR7VuaNqHUqrFsdHGcATV91YCk=
X-Google-Smtp-Source: ALg8bN7mCZAu/uO5C+QO3akFOA3IVRPzQHubKt3Nf5NuzhpIOaxh1QPF7Yxdlylv3TWSnR9O9KyJjguqeehTzbymH0k=
X-Received: by 2002:a0c:aa56:: with SMTP id e22mr63748868qvb.158.1546897414815; Mon, 07 Jan 2019 13:43:34 -0800 (PST)
MIME-Version: 1.0
References: <2D09D61DDFA73D4C884805CC7865E6114DF82DC1@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAPDSy+4jxWmQ611mfQiiPrFfG3P1m7w8RNA4HNuTrJU6NQ0y_Q@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114DF8360C@GAALPA1MSGUSRBF.ITServices.sbc.com> <CAA93jw7f+yG88CqoiN1UvSRs1AEtOVU_bonQGAa6gmGQjuwKYg@mail.gmail.com> <CAPDSy+766Gxpu0=B6NVVoO=dSCY-9m-Cq2A7+FkZ4pP=0=J_iw@mail.gmail.com>
In-Reply-To: <CAPDSy+766Gxpu0=B6NVVoO=dSCY-9m-Cq2A7+FkZ4pP=0=J_iw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
Date: Mon, 07 Jan 2019 13:43:22 -0800
Message-ID: <CAA93jw7J1hnPt=3Ed2EbHx0Y+7C+Dvy+-0Ddig9jBSyU0xNCpg@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: "STARK, BARBARA H" <bs7652@att.com>, Babel at IETF <babel@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/S2RrEAKTYUQvNqn0JETHwRyzvio>
Subject: Re: [babel] minor DTLS comment
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 21:43:38 -0000

On Mon, Jan 7, 2019 at 12:56 PM David Schinazi <dschinazi.ietf@gmail.com> wrote:
>
> Thanks Barbara, how about this slightly more pedantic option?
>
> Babel over DTLS operates on a different port than unencrypted Babel.
> All Babel over DTLS nodes MUST act as DTLS servers on a DTLS port, and MUST
> listen for unencrypted Babel traffic on an unencrypted port, which MUST be
> distinct from the DTLS port.  The default port for Babel over DTLS is
> registered with IANA as the "babel-dtls" port (UDP port TBD), and the

in /etc/services it's:

http and https
smtpd and smtpds

etc.

"s" rather than -dtls?

> unencrypted port is registered as the "babel" port (UDP port 6696).
> Nodes SHOULD use these default ports.
>
> https://github.com/jech/babel-drafts/commit/c90cc8204691254e7051405acf6a10088d42cdfd
>
> (Dave, running Babel over alternate transport protocols sounds like interesting future work outside the scope of this draft)

babeld has worked over udp-lite for me, for nearly a  decade now with
a 2 line patch. Not ever got around to testing osx til last week.
Seemed ideal to replace the crc
with a hmac. :(

but in light of the osx limitation, sadly request that YAUP, (Yet
Another UDP port) be requested from iana.

We still have some major congestion control issues to sort out. tcp/tls anyone?

/me hides
>
> Thanks,
> David
>
> On Fri, Jan 4, 2019 at 12:26 PM Dave Taht <dave.taht@gmail.com> wrote:
>>
>> On Fri, Jan 4, 2019 at 12:07 PM STARK, BARBARA H <bs7652@att.com> wrote:
>> >
>> > Hmm.
>> >
>> > " Babel over DTLS operates on a different port than unencrypted Babel.
>> >
>> > All Babel over DTLS nodes MUST act as DTLS servers on a configured port, and
>> >
>> > MUST listen for unencrypted Babel traffic on a distinct configured port.”
>> >
>> >
>> >
>> > An implementation doesn’t have to allow for configuration of ports. They could just be hard-coded.
>> >
>> > I don’t like that I need the context of the first sentence to understand unambiguously what the second port is “distinct” from (i.e., distinct from the unencrypted Babel port).
>> >
>> >
>> >
>> > How about just “ Babel over DTLS MUST operate on a different port than unencrypted Babel.” ?
>> >
>>
>> Sure.
>>
>> (I had proposed at one point that the dtls version operate over
>> udp_lite or even dccp, on the same port number, but have since
>> discovered osx doesn't support either)
>> >
>> > Barbara
>> >
>> >
>> >
>> > From: David Schinazi <dschinazi.ietf@gmail.com>
>> > Sent: Friday, January 04, 2019 2:41 PM
>> > To: STARK, BARBARA H <bs7652@att.com>
>> > Cc: Babel at IETF <babel@ietf.org>
>> > Subject: Re: [babel] minor DTLS comment
>> >
>> >
>> >
>> > Thanks for your comment, Barbara. I agree with you, and have added the following text:
>> >
>> > https://github.com/jech/babel-drafts/commit/a5a372a942ebc7951b2847d88123d75ab8169f2f
>> >
>> >
>> >
>> > Please let us know if you feel it addresses your comment.
>> >
>> >
>> >
>> > Thanks,
>> >
>> > David
>> >
>> >
>> >
>> > On Fri, Jan 4, 2019 at 5:35 AM STARK, BARBARA H <bs7652@att.com> wrote:
>> >
>> > Since the DTLS draft is still open for comments, I do have a small one about how the UDP ports are characterized.
>> > The IANA assigned ports are default values, and need to be portrayed as such. It's allowed (or should be) for deployed instances to use other values. This is pretty much true of all protocols. Certainly the base babel protocol allows other values to be used (which is why the homenet babel profile mandated use of 6696).
>> >
>> > Maybe instead of
>> >    All Babel over DTLS nodes MUST act as DTLS servers on the "babel-
>> >    dtls" port (UDP port TBD), and MUST listen for traffic on the
>> >    unencrypted "babel" port (UDP port 6696).
>> >
>> > say
>> >    All Babel over DTLS nodes MUST act as DTLS servers on the "babel-
>> >    dtls" port, and MUST listen for traffic on the
>> >    unencrypted "babel" port.
>> >    The IANA-assigned values of 6696 for the "babel" port and
>> >    TBD for the "babel-dtls" port SHOULD be used.
>> >
>> > Barbara
>> >
>> >
>> > _______________________________________________
>> > babel mailing list
>> > babel@ietf.org
>> > https://www.ietf.org/mailman/listinfo/babel
>> >
>> > _______________________________________________
>> > babel mailing list
>> > babel@ietf.org
>> > https://www.ietf.org/mailman/listinfo/babel
>>
>>
>>
>> --
>>
>> Dave Täht
>> CTO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-831-205-9740



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

v2.23.0 | Report a Bug | By Email