IETF Logo Mail Archive

Re: [dane] Network errors ARE attacks - on the end-to-end-principle

Phillip Hallam-Baker <hallam@gmail.com> Mon, 21 May 2012 12:59 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4C521F859E for <dane@ietfa.amsl.com>; Mon, 21 May 2012 05:59:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6LIlCJW9DE9 for <dane@ietfa.amsl.com>; Mon, 21 May 2012 05:59:56 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 990AA21F8573 for <dane@ietf.org>; Mon, 21 May 2012 05:59:56 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so10070653obb.31 for <dane@ietf.org>; Mon, 21 May 2012 05:59:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=i6EglfE4h6JZtCxjVEnVDfBn/q0rNApyz7PfhDSU+Rc=; b=N88nXw1FxzjXPO4d+axrSHEO2Pt2y7+iLnsm6qxKD0qHJzRV+WCrFe3vgGbBd3L5Vp mLBBloH3dlg9p9Q3FLJ2KkluWSOiL4L20to9II+MfVfg4UnzBxMwlQPjiLXeXDw+cVts xGHSphUSwNI0nZpmywN66MlukmRlVDpDcV9Fb1imPZXt9ASuajjZtAWgVbWeYSwfB64e iVzJ5eNjUa8q8ff0rEiKv+mZjxaeOfliOMnng9CgdqaFe0R3zJaSJXJngoIMaom/skIb 89o/LKUOxKHZiYmjo8KPYXWHUFU6CA0blxuFbTckFIS9eT/dkLhmcgDNeI//6f08Ho0a 1F5A==
MIME-Version: 1.0
Received: by 10.182.2.193 with SMTP id 1mr19165823obw.46.1337605196178; Mon, 21 May 2012 05:59:56 -0700 (PDT)
Received: by 10.182.227.34 with HTTP; Mon, 21 May 2012 05:59:56 -0700 (PDT)
In-Reply-To: <A41E2719-EA5D-413F-84F4-A0E70166BF1E@bblfish.net>
References: <201205160943.q4G9hXOJ017665@fs4113.wdf.sap.corp> <1C09F467-004B-4EB7-87C2-92CBDF74E967@checkpoint.com> <A41E2719-EA5D-413F-84F4-A0E70166BF1E@bblfish.net>
Date: Mon, 21 May 2012 08:59:56 -0400
Message-ID: <CAMm+LwiR9UWjkpSV6Wa6Vc-sPtNta-whW0P7Bm5hNxOwQsmZpw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Henry Story <henry.story@bblfish.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Network errors ARE attacks - on the end-to-end-principle
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 12:59:57 -0000

No, his rather emotional account is wrong.

If Gilmore was right then Tor would also be an attack on the Internet
architecture. It isn't.

Before arguing the end to end principle, I suggest that people
actually wrote what David Clarke wrote rather than second hand lore.
It is actually an argument about complexity and the cost/benefit
tradeoffs that result from placing complexity in one place or the
other. David is a pragmatist, not an ideologue.


Without NAT, the Internet would have run out of IPv4 addresses over
ten years ago. Since the design of IPv6 was intended to prevent OSI
networking from winning the standards race rather than actually
meeting the address space crunch, a solution like NAT was inevitable.

Firewalls have an important function, one that is fully understood and
accepted in the INTER-NETWORKING protocols. The core concept of the
internet is not the end-to-end principle but the idea that the
inter-net is a network of networks. The only core principles of the
Internet are that all the systems use the DNS for naming and IP is
used to exchange messages between networks.


End-to-End IP is not and never has been a core principle of the
Internet as deployed. Until 1993 when the Web appeared there was an
expectation that it would take another decade at least before networks
all converged on using just IP. Email was not designed as an end to
end protocol, it had to contend with a dozen WAN and LAN protocols. It
was only when the Web arrived with the encyclopedia galactica online
but only if you had IP, that the tipping point was established and
there was an advantage to TCP/IP end to end.

But even the Web was designed with the concept of proxies from the start.


A border firewall delineates the boundary between the network I
control and the network that I do not control and am not responsible
for. It is an obviously necessary function. I have over 50 IP
connected devices on my home network and that will almost certainly
rise to 100 as IP enabled phones and thermostats and temperature
monitors are deployed. I do not want to spend any time worrying about
applying patches to such devices. They do not require unrestricted
network access, therefore by the principle of least privilege they
must not have it.



On Wed, May 16, 2012 at 7:55 AM, Henry Story <henry.story@bblfish.net> wrote:
>
> On 16 May 2012, at 12:31, Yoav Nir wrote:
>
>>
>> On May 16, 2012, at 12:43 PM, Martin Rex wrote:
>>
>>> John Gilmore wrote:
>>>>
>>>>> But it's better then disabling TLSA at all in the face
>>>>> of DNS errors (where we assume most errors are genuine network errors
>>>>> and not attacks).
>>>>
>>>> "Genuine network errors" from buggy proxies or intentional firewalls
>>>> or intentional or accidental censorship systems ARE attacks.  They are
>>>> attacks on the fundamental end-to-end premise of the Internet.
>>>
>>> Where have you been during the last 10 years?
>>> There is no such thing an a "fundamental end-to-end premise" on the
>>> Internet.  And if it ever existed, it ceased to exist ~10 years ago.
>>
>> 15. Most networks have a NAT, including almost all home networks. Most corporate networks have some kind of firewall. If you want end-to-end, you have to roll your own through IPsec or TLS, and even then you're likely to get load balancers at the server side, and the occasional decrypting proxy on the client side.
>
> The point of John Gilmore's inspirational mail is that end-to-end is the aim of
> the architecture of the internet. It is because it was architected for end to
> end communication that it has had such positive effects. The reasons these working
> groups exist is to remove the technical reasons for this not always being possible, such
> as by for example working on ipv6.  When the technical reasons have been moved out of the
> way the network effects and political pressure can be built up to solve the deployment
> problems. Luckily the network effect works in favour of those who work for freedom.
>
> Henry
>
>>
>> Yoav
>> _______________________________________________
>> dane mailing list
>> dane@ietf.org
>> https://www.ietf.org/mailman/listinfo/dane
>
> Social Web Architect
> http://bblfish.net/
>
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane



-- 
Website: http://hallambaker.com/

v2.8.7 | Report a Bug | By Email