[Edm] fuzzy grease
"Brian Trammell (IETF)" <ietf@trammell.ch> Mon, 06 November 2023 15:51 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AE60C16F3F5 for <edm@ietfa.amsl.com>; Mon, 6 Nov 2023 07:51:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=trammell.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLxwobMWjnKL for <edm@ietfa.amsl.com>; Mon, 6 Nov 2023 07:51:20 -0800 (PST)
Received: from smtp-8fae.mail.infomaniak.ch (smtp-8fae.mail.infomaniak.ch [IPv6:2001:1600:4:17::8fae]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C11BC17C500 for <edm@iab.org>; Mon, 6 Nov 2023 07:51:19 -0800 (PST)
Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4SPG6X2z62zMq4SL for <edm@iab.org>; Mon, 6 Nov 2023 15:51:16 +0000 (UTC)
Received: from unknown by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4SPG6W6ylTzMpnPr for <edm@iab.org>; Mon, 6 Nov 2023 16:51:15 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=trammell.ch; s=20191114; t=1699285876; bh=0Te7vCTnLOPa/C7wevJzpV0dzt+ZnAyv/BTlZ9y9vO8=; h=From:Subject:Date:To:From; b=zam3mevCbfWri6aXNwzfyXh+RPVMl4oOrp/lSzSiL0sxdFy/UiSJE9qWMo15L3DID bQPtNTwurxB6Gr6HKeIhwfEctNLQJKoXBEHVPfL2kvtEeWrI9e0trbWtq2qDaFocOr eXMLn5WjTKtypjlWlScY7VD1DXfhXQOlnEDAadUU=
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Message-Id: <CAACB3B6-6B93-48CE-B29C-16FA1EEFAB6E@trammell.ch>
Date: Mon, 06 Nov 2023 16:51:05 +0100
To: edm@iab.org
X-Mailer: Apple Mail (2.3774.200.91.1.1)
X-Infomaniak-Routing: alpha
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/k0kdDR-vXNRv1ygbhB0RVt7eCyY>
Subject: [Edm] fuzzy grease
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 15:51:25 -0000
Greetings, all, Expanding on the point I improved at the microphone during Monday’s meeting: IMO we should lean into "Variation of protocol extension points with positive use in mind ... can be thought of, to some extent, as protocol fuzzing.” It occurred to me that greasing *is* a form of fuzzing, with a somewhat different target and a different system under test. A sender’s greasing fuzzes, inline, the distributed system made up of the receiver and anything on path. Greasing encryption-protected codepoints, such that the wire image is protected from on-path inspection, results in more conventional fuzzing of the remote endpoint. (Indeed one could say that all protocol exchanges, even without greasing, are a degenerate form of fuzzing, given that all implementations are at least a little buggy. But that’s a philosophical point.) Okay, cool. Is this insight useful? I’d thought that there might be some possibility to take existing tools and techniques for fuzzing "off the shelf”, but on some review it’s not clear that there’s a “unified practice of fuzzing” beyond various implementations of “put a bunch of random bits (for some definition of random) here (for various definitions of here)”. So greasing with assumed on-path observers is basically just distributed-system fuzzing with a definition of “random" and "here" that is restricted to either greasing-reserved codepoints, or codepoints we don’t think are reserved. So maybe the advice coming from this insight is “where greasing is designed to be less random than fuzzing, we should have a good reason why” (which is itself a special case of “where the wire image contains observable structure beyond pure entropy, we should have a good reason why”, which the IAB has more or less already said). Cheers, Brian
- [Edm] fuzzy grease Brian Trammell (IETF)