IETF Logo Mail Archive

Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 30 September 2019 09:23 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307AD12000F; Mon, 30 Sep 2019 02:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9ovH3Yy7Ptk; Mon, 30 Sep 2019 02:23:28 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70053.outbound.protection.outlook.com [40.107.7.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 040D812013C; Mon, 30 Sep 2019 02:23:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ub6d50vqxaoYDjXUGV8sD3MFxODSneNnyRDGwJp+lFl6V+iyHuthGJcbcL3S1hjIEJTeiWR7ZfMLcD+CMGqiXMZ4U9KCYy90g9SLurec9rEV3LrHLqddg0ofEOpgdsaRGm51aJV9EZqep8u04wxI0khUoSHRFsHoc2F3Ntrk5yfSuewIU+inJHDxrBLI1uKAraRe4cb1DELbTXxhVoqQGyM1LCcdfSKkHp9EozjtuE+b7FRc9hhqoMP/VWd+gy4dQqmLSvaVVzophgzuXSA+DBNdn3tTQG+NJ3Go52fTDv054jm9e2hz+7H3tUeBYygvCkkAk5G0wke0uiyYUSOamg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8WvIATa4P4DUotZ6b+GtdVIzUm0pkVcXqUWV4/KC2A=; b=JxS2WK19M4UYs4FTjag+AkzHQuph8nQyPa2vazh2FaDL6X2yqhbHXM7zZrcpb9qNW/AYlfHHyz84lRKRiyVo6Weuv7UtTDGM/UghEhPs3DTueFtewyI6sNThUu+fcdcOVopZVdDgtSqtq6AOzvL5Lz4YY/616xQ3B/PHC5iREexV/ZSZc2/dc40UrCjQut0zBprHm1aXjXC9gnSQxc00TQr4EvkTWaqRNcSlhIOjUjD/P0wh9P3vLpvMXXLWkfc03NmDI8FyjSiyyEF2QBRtojQdVNxvrKZ/P9uIc/sTeUbiIwWcsVemkZ7TbsOHsRZuJyf5H0SeeKHn5oRlZtEwCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8WvIATa4P4DUotZ6b+GtdVIzUm0pkVcXqUWV4/KC2A=; b=a8e8XQ1/AT9BCtik1DUoHKr17/fI/ts8dDBQtq0J2zoFXXSBEU/YeaI2g46bVq/m/ZTcVPJgehXc2+GhVYIk4ee4T2NB3SFwSl8P/5hTqNteXWyORn4D3J4HK1JDTAIRshca1sZqsYVYMGWal9eyS9kDY0MNZUqkF+j7tzzK2sU=
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com (20.177.194.155) by DB7PR07MB5660.eurprd07.prod.outlook.com (20.178.108.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.11; Mon, 30 Sep 2019 09:23:25 +0000
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4]) by DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4%7]) with mapi id 15.20.2305.017; Mon, 30 Sep 2019 09:23:25 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dtn@ietf.org" <dtn@ietf.org>, "magnus.westerlund=40ericsson.com@dmarc.ietf.org" <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, "draft-ietf-dtn-tcpclv4@ietf.org" <draft-ietf-dtn-tcpclv4@ietf.org>, "BSipos@rkf-eng.com" <BSipos@rkf-eng.com>
Thread-Topic: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
Thread-Index: AQHVdTEl2KgTuarat0KdPeTeXQd+xadD9wgA
Date: Mon, 30 Sep 2019 09:23:25 +0000
Message-ID: <a316a8c1c9dc4d80736c63ad0e9e4f40f2c3ef10.camel@ericsson.com>
References: <BN8PR13MB2611999367F93B013AD15EE79F810@BN8PR13MB2611.namprd13.prod.outlook.com>
In-Reply-To: <BN8PR13MB2611999367F93B013AD15EE79F810@BN8PR13MB2611.namprd13.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.130.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 693d6ff3-a07b-4066-eec3-08d74587d8a1
x-ms-traffictypediagnostic: DB7PR07MB5660:
x-microsoft-antispam-prvs: <DB7PR07MB5660D036B10B11B34864AFCE95820@DB7PR07MB5660.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 01762B0D64
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(39860400002)(396003)(376002)(366004)(189003)(199004)(44832011)(446003)(7736002)(6506007)(99936001)(102836004)(25786009)(36756003)(486006)(2906002)(71200400001)(71190400001)(2501003)(6512007)(110136005)(316002)(11346002)(5660300002)(2616005)(476003)(305945005)(6246003)(99286004)(8936002)(14454004)(66616009)(66946007)(229853002)(66476007)(66556008)(256004)(66446008)(64756008)(8676002)(86362001)(66066001)(478600001)(81166006)(186003)(81156014)(76176011)(26005)(118296001)(6116002)(3846002)(6436002)(6486002)(91956017)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB5660; H:DB7PR07MB5736.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /rRfaqskMqLVw/KyYHiAi38gEpTY9fByzDvG8kzsuAE3BEcGsX3Bmw/X7YlRBS8QWH0pk4gVKlED6ggsuLLCGupPvtWrNHoPXpc3HkV1Cd4HWvc834jpGeu8t9HBq5jmsQtGoFHRkSEC8veOBS2b5PO1Bfwjsj+FK/lNK/ypy9VAmXPPy/gjLVuW9WPwrPhmImCtIvPyI+XjnvSs5wGP8Ya2dVq9UaNHn03+9Fb7VhLXMwanhlHvQMHz0pcQ7HT6jOiRFcApeR1Np2xOa8D/TBy50l6LbjMzxvqDz/xF3Bu2rjLdnStCCUkPxsaxxlQ5MS4dxk+OluvEy+dhFLwhv+KUK0Wqt7fASIC3+sHK5daTzFg8EpU43BwI/3zlwWCl0/nBOxiIEqFE/UhSrMcNBISPUlQflEvHeiRO+aIRV8o=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-24kD6LuMkmOIiFFUaqzf"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 693d6ff3-a07b-4066-eec3-08d74587d8a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2019 09:23:25.2737 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fNcwy9+fMWNlQuICUxAIHasdx+3JiK6A8/KGBWWriBTLrCdLgGrPeNaq7Hk5qtBOGsu7RXKG1nLxrOmaiwxZvVUBeNMIO0v3JPpzLWSBauc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5660
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/L8pQ-s44IdpXDP6_5XexlFncLec>
Subject: Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 09:23:30 -0000

Hi Brian,

On Fri, 2019-09-27 at 18:23 +0000, Brian Sipos wrote:
> Magnus,
> From your earlier message regarding BCP 195, that is excellent news that no
> change is needed.
> 
> Regarding SNI, your expectation is correct and the current phrasing is not
> explicit enough. Where it says:
> > The SNI SHALL contain the same host name used to
> > establish the TCP connection.
> 
> it should more accurately say:
> > The SNI SHALL contain the host name of the passive node 
> > which was used to establish the TCP connection.
> 

I think this formulation is a bit strange. The host name may first of all never
have been used to establish the TCP connection, that assumes a DNS or similar
name lookup schemem to find the peer. Secondly, I think it needs to more direct
say that you include the host name that are associated with the intended peer's
identity. This both for TLS server certificate selection, but also traffic
routing to the correct bundle protocol level entity. 

There exists to me a chain here that looks like this:

host name -> TLS Server Identity -> a set of Node IDs


Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email