Return-Path: X-Original-To: dnsop@ietfa.amsl.com Delivered-To: dnsop@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22937C1840E7 for ; Wed, 24 Jul 2024 11:51:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.905 X-Spam-Level: X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=viagenie-ca.20230601.gappssmtp.com Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OeQEXV6Ol6Oy for ; Wed, 24 Jul 2024 11:51:11 -0700 (PDT) Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 337C5C18DBA3 for ; Wed, 24 Jul 2024 11:51:10 -0700 (PDT) Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1fd78c165eeso959975ad.2 for ; Wed, 24 Jul 2024 11:51:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viagenie-ca.20230601.gappssmtp.com; s=20230601; t=1721847070; x=1722451870; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=wKgwdMHeO8xNn6NEluolX26szExL2E4+oE63PYUMqkI=; b=U9asiIKCfpSs2gHdd9Zm8gYR23fmryMoqHBaEFFPsA+dGT9amdcxCLLna7mXW7F79c FaIqfISk5rffQ1/vzCKU1+UB+SWEGxqSVn3kjqkh+YGd/ijB4bxnqy471WT2DO3MmNtz UbaEuiAc6Qjn+08MzYsi3+Y7AY7cKdXv4VNdfywfd4dIlMzFYR17nj3wiF7lVzHSWmGX 9uIANfK+cRo0ocq2Av8bne0fWRbnM3Npwxe7UV+HbaLKnS5dwITcP5aYa5FBYXkoPu5T q8a/weM3EUGY/gTzs3+FpCD2jQTvannJ2zXDDT1UzOQdOzS0rGgiwC+JjoglUQQT9eEU L8DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721847070; x=1722451870; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wKgwdMHeO8xNn6NEluolX26szExL2E4+oE63PYUMqkI=; b=QSjuR0cEXQj+GM5bTeWFRee4TfNoo+UUOSU3csjopiPvTRQSw6Wz+//Lg73f5p1M+3 3dWmfyL1frjYhxCHp575+Vre1/8KxT0DvE6k4bFGq6tHzGdtgX1D0Hx9kKJT/qapnYeP k4loTFgcwzRix65CSUqAXxbbskW2seXGB8JtrKaAOHKLf4b7kpdzGyVMulzZNhnr8hcP fi8z/loTGbjTalwwmyx5m7szq8rMq9GnH1981075VY8C5lABvpZGli7IYXQqd9VN6MbS xY4Zy3hQVaBUmam86qxMDlTlq5BNvq1mGF7ibM+bYXTAPFM1w3cLTD+zww7ATpf2LuMX jhKA== X-Forwarded-Encrypted: i=1; AJvYcCXBwtVoTqbQ8bo2nMvuqqHxVWk4wyjkPn7enMIdBQMDrbfJ+W1zWoZPuo+KqF5vWkN0/vsa/36MamIGPC+E/g== X-Gm-Message-State: AOJu0YwGbQV3bUD/8agARFyfGsqiiaYYNjCEIAgoGRfMAI8eYzyhu9bA Sr1B3VFECf8XZ/mHcmtsCeZyNs6koz6c4vz4xVg2HV1qsEBiwf7JWDgIwLUO3aTKiu3ufo0C9Ej a7us= X-Google-Smtp-Source: AGHT+IGrWL7qNlMlEqDi+5APujXwS5RZowoiK/rPF4F3zqzQWoCCc4ccpIGANPizxYz0dPvPxYK1uA== X-Received: by 2002:a17:902:e891:b0:1fd:6766:6877 with SMTP id d9443c01a7336-1fed3838685mr5784205ad.2.1721847070057; Wed, 24 Jul 2024 11:51:10 -0700 (PDT) Received: from smtpclient.apple ([2001:67c:370:128:116a:cbf3:26f4:99ca]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fd6f25b684sm97090215ad.38.2024.07.24.11.51.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2024 11:51:09 -0700 (PDT) From: Marc Blanchet Message-Id: <41A7771E-8D08-4272-B457-F9FE61CD77A3@viagenie.ca> Content-Type: multipart/alternative; boundary="Apple-Mail=_E8B15D10-D774-4FD1-AB70-CE2405CA907F" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3814.100.5\)) Date: Wed, 24 Jul 2024 11:50:58 -0700 In-Reply-To: To: Lorenzo Breda References: <65daf988-f696-4f35-5a72-5b11ef4893b8@spacelypackets.com> <0685c4ca-0b10-d7a8-ccd4-507dc6755d1a@spacelypackets.com> X-Mailer: Apple Mail (2.3814.100.5) Message-ID-Hash: Z3ZIABRGJ3U52RFBLYCIQX624JOIPXER X-Message-ID-Hash: Z3ZIABRGJ3U52RFBLYCIQX624JOIPXER X-MailFrom: marc.blanchet@viagenie.ca X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Scott Johnson , DTN WG , dnsop X-Mailman-Version: 3.3.9rc4 Precedence: list Subject: =?utf-8?q?=5BDNSOP=5D_Re=3A_=5Bdtn=5D_An_Interplanetary_DNS_Model?= List-Id: IETF DNSOP WG mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Apple-Mail=_E8B15D10-D774-4FD1-AB70-CE2405CA907F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > Le 24 juill. 2024 =C3=A0 11:42, Lorenzo Breda a = =C3=A9crit : >=20 >=20 >=20 > Il giorno mer 24 lug 2024 alle ore 09:02 Scott Johnson = > ha scritto: >> Hi Lorenzo, >>=20 >> [omissis] >>=20 >> Pardon the background tangent; >=20 > It was pretty interesting. > =20 >> I will now address your point regarding=20 >> valid URIs in one network becoming invalid URIs in another, and how = this=20 >> can be addressed. As noted above, there are two places, BP network=20= >> ingress and egress, in which there is a break in segmented=20 >> (HTTPS/IP<-BPSEC/BP->HTTPS/IP) protection. It is at this place where=20= >> tampering could take place. I don't see this as a bug, but a = feature.=20 >> This is the place where we take the IP payload, turn it into a BP = payload,=20 >> and extract data from the application headers to be placed in a BP=20 >> extension block, which is used to construct the remote request. This = can=20 >> also be the place where .earth can be appended to any url in the body = of=20 >> an email or web page, etc destined for somewhere other than Earth. = Don't=20 >> get me wrong; I am no fan of deep packet inspection, or breaking = privacy=20 >> or integrity. This model is designed to ensure cryptographic = protection >> throughout the "on-wire" delivery, but operational constraints = dictate >> that this happens in a segmented fashion. >=20 > Deep packet inspection is a technical issue, rather than a "merely" = governance one. The inspection/correction system would need to have a = pretty good knowledge about the structure of the transmission, it would = be break signatures (eg on API payloads and on emails, which both are = useful applications on the system you described - emails are = unexpectedly surviving any evolution of the Internet) and it wouldn't = work on transmissions which are encrypted on a message level (encrypted = documents, emails). >=20 > Why are you against leaving the current TLDs implicitly on Earth by = default? Right. One do not need a special TLD for space. We can use what we have = and it just works fine. One has just to be careful on remote resolution = so that it contains what is needed: trust chain, local names, ... This is discussed in: - running IP in deep space (no BP<->IP): = https://www.ietf.org/archive/id/draft-many-deepspace-ip-assessment-01.txt - running DNS in remote places: = https://www.ietf.org/archive/id/draft-many-dnsop-dns-isolated-networks-01.= txt Regards, Marc. >=20 > -- > Lorenzo Breda > _______________________________________________ > dtn mailing list -- dtn@ietf.org > To unsubscribe send an email to dtn-leave@ietf.org --Apple-Mail=_E8B15D10-D774-4FD1-AB70-CE2405CA907F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

Le 24 juill. 2024 =C3=A0 11:42, Lorenzo Breda = <lorenzo@lbreda.com> a =C3=A9crit :



Il giorno mer 24 lug 2024 alle ore 09:02 Scott = Johnson <scott@spacelypackets.com> = ha scritto:
Hi Lorenzo,

[omissis]

Pardon the background tangent;

It = was pretty interesting.
 
I will now address your = point regarding
valid URIs in one network becoming invalid URIs in another, and how this =
can be addressed.  As noted above, there are two places, BP network =
ingress and egress, in which there is a break in segmented
(HTTPS/IP<-BPSEC/BP->HTTPS/IP) protection.  It is at this = place where
tampering could take place.  I don't see this as a bug, but a = feature.
This is the place where we take the IP payload, turn it into a BP = payload,
and extract data from the application headers to be placed in a BP
extension block, which is used to construct the remote request. This can =
also be the place where .earth can be appended to any url in the body of =
an email or web page, etc destined for somewhere other than Earth.  = Don't
get me wrong;  I am no fan of deep packet inspection, or breaking = privacy
or integrity.  This model is designed to ensure cryptographic = protection
throughout the "on-wire" delivery, but operational constraints = dictate
that this happens in a segmented = fashion.

Deep packet = inspection is a technical issue, rather than a "merely" governance one. = The inspection/correction system would need to have a pretty good = knowledge about the structure of the transmission, it would be break = signatures (eg on API payloads and on emails, which both are useful = applications on the system you described - emails are unexpectedly = surviving any evolution of the Internet) and it wouldn't work on = transmissions which are encrypted on a message level (encrypted = documents, emails).

Why are you against = leaving the current TLDs implicitly on Earth by = default?

Right. = ;One do = not need a special TLD for space. We can use what we have and it just = works fine. One has just to be careful on remote resolution so that it = contains what is needed: trust chain, local names, = ...

This is discussed in:


Regards, = Marc.



-- =
Lorenzo = Breda
_______________________________________________
dtn mailing list -- = dtn@ietf.org
To unsubscribe send an email to = dtn-leave@ietf.org

= --Apple-Mail=_E8B15D10-D774-4FD1-AB70-CE2405CA907F--