RE: Last call feedback: draft-mm-wg-effect-encrypt
"MORTON, ALFRED C (AL)" <acmorton@att.com> Tue, 14 March 2017 22:01 UTC
Return-Path: <acmorton@att.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 589AC129B70; Tue, 14 Mar 2017 15:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.997
X-Spam-Level:
X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.796, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kUCsGoTtN7sD; Tue, 14 Mar 2017 15:01:51 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDEB5129B1D; Tue, 14 Mar 2017 15:01:50 -0700 (PDT)
Received: from pps.filterd (m0049462.ppops.net [127.0.0.1]) by m0049462.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v2ELtGCZ012331; Tue, 14 Mar 2017 18:01:41 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049462.ppops.net-00191d01. with ESMTP id 296r1k1f3n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Mar 2017 18:01:41 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2EM1dPk012995; Tue, 14 Mar 2017 18:01:40 -0400
Received: from mlpi407.sfdc.sbc.com (mlpi407.sfdc.sbc.com [130.9.128.239]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v2EM1Uhi012750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 14 Mar 2017 18:01:31 -0400
Received: from clpi183.sldc.sbc.com (clpi183.sldc.sbc.com [135.41.1.46]) by mlpi407.sfdc.sbc.com (RSA Interceptor); Tue, 14 Mar 2017 22:01:19 GMT
Received: from sldc.sbc.com (localhost [127.0.0.1]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id v2EM1JMD016954; Tue, 14 Mar 2017 17:01:19 -0500
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.178.11]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id v2EM1FOB016441; Tue, 14 Mar 2017 17:01:16 -0500
Received: from exchange.research.att.com (njmtcas2.research.att.com [135.207.255.47]) by mail-blue.research.att.com (Postfix) with ESMTP id CD7C0F052C; Tue, 14 Mar 2017 18:01:14 -0400 (EDT)
Received: from njmtexg5.research.att.com ([fe80::b09c:ff13:4487:78b6]) by njmtcas2.research.att.com ([fe80::d550:ec84:f872:cad9%15]) with mapi id 14.03.0319.002; Tue, 14 Mar 2017 18:01:14 -0400
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: "Badri.Subramanyan@ril.com" <Badri.Subramanyan@ril.com>, "kathleen.moriarty.ietf@gmail.com" <kathleen.moriarty.ietf@gmail.com>, "saag@ietf.org" <saag@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: Last call feedback: draft-mm-wg-effect-encrypt
Thread-Topic: Last call feedback: draft-mm-wg-effect-encrypt
Thread-Index: AQHSmEkg/clGABfaOEacwArHo1mOHqGMUL1AgAD0g4CAB6IkUA==
Date: Tue, 14 Mar 2017 22:01:14 +0000
Message-ID: <4D7F4AD313D3FC43A053B309F97543CF25F3252D@njmtexg5.research.att.com>
References: <CAHbuEH4+bd=0PJa1rWDQN6tbeRK5vXKdbcUwsj2=zf9V8ejeDg@mail.gmail.com> <c056c07568974f37aa0366bbe8a93422@SIDC1EXMBX24.in.ril.com>
In-Reply-To: <c056c07568974f37aa0366bbe8a93422@SIDC1EXMBX24.in.ril.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.246.164]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-14_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703140168
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CTmDYRDvbt87LhH3MyuMMp_2BxM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 22:01:52 -0000
Hi Badri, one follow-up question below: > -----Original Message----- > From: Badri.Subramanyan@ril.com [mailto:Badri.Subramanyan@ril.com] > Sent: Friday, March 10, 2017 2:35 AM <snip> > > If the streams are encrypted, then the ALG feature would be rendered > > > useless. This would limit the capability of any network element to > > > make smart policing and routing decisions based on application layer > attributes. > > > Kathleen wrote: > Do you know if these can work with a 2-tuple or 5-tuple? Is there an > impact from encryption via TLS for instance? If so, what is that > impact? > > [Badri] The rules in most of the cases is 5-tuple to accurately depict a > flow. Yes, there is an impact from encryption via TLS as most of the > implementations of ALG get information regarding supporting protocols by > parsing data. With TLS encryption, the ALG loses the ability to parse, > hence get information on the supporting protocols. > > > Kathleen wrote: > What is used by ALG to correlate streams? This would be helpful to > understand if this particular method for ALGs does become 'useless' > and also to figure out if other options may exist to perform the > functions needed. > > [Badri] RFC 2663, Section 2.9 gives information about ALG. There isn’t > one defined method to implement it and some of the methods used by > vendors are included below. > > 1. Parse the content of the primary stream and identify the 5-tuple of > the supporting streams as it is being negotiated. > > 2. Intercept and modify the 5-tuple information of the supporting stream > as the it is being negotiated on the primary stream. This is a little > more intrusive in nature. > > [ACM] After Src&Dst Address and Port, what is the 5th Element of the 5-tuple in your experience? Protocol number and Packet Priority Marking (DSCP) are two candidates... let us know, thanks! Al
- RE: Last call feedback: draft-mm-wg-effect-encrypt Badri.Subramanyan
- RE: Last call feedback: draft-mm-wg-effect-encrypt Badri.Subramanyan
- RE: Last call feedback: draft-mm-wg-effect-encrypt MORTON, ALFRED C (AL)
- RE: Last call feedback: draft-mm-wg-effect-encrypt Badri.Subramanyan