IETF Logo Mail Archive

Re: rfc791 coming up to 40 years ... what to do (remember, celebrate, ...?)

Alejandro Acosta <alejandroacostaalamo@gmail.com> Thu, 25 March 2021 12:12 UTC

Return-Path: <alejandroacostaalamo@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8C823A1F7C for <ietf@ietfa.amsl.com>; Thu, 25 Mar 2021 05:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJKCkT6H9-Vg for <ietf@ietfa.amsl.com>; Thu, 25 Mar 2021 05:11:57 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B04E03A1F79 for <ietf@ietf.org>; Thu, 25 Mar 2021 05:11:57 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id a11so1430699qto.2 for <ietf@ietf.org>; Thu, 25 Mar 2021 05:11:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=A5HOtGJ6+5ToLvduFkhDu4mw8D2FTCywkqkxCjEQnEc=; b=OTtdwtAntNhUbR4gK/VlelZwKAZZ5ABcZzWyT3zkYAY/eHFpaCiwHA2cDYyLraiOc3 SI9bqezSqQGK8ZLaSQCnA2sb75FqLfjODjVrFP/+7r40htGhuH9GfMZHR3kUyM/NlzBF 2vaKb4Y49ePAn29v6GzBpdluhhXZsWbI4ZMoBg0hC/Lg1H6tBnOqs3GjhrQ0qoi0+0Ko LbDZbtYXm1Y0ivN+Sgk5GFpDwyFTMI2FO0X6EgZdOHP6wy3a/Gvxg6kyKq2VnQ+02/tm YJgaKT+FJu5knJEdYoI7ZMsG9+wow3plP6Ay3c/VUrSCVyxDZpIBOE6w4nA3RjzYRvBm bOdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=A5HOtGJ6+5ToLvduFkhDu4mw8D2FTCywkqkxCjEQnEc=; b=a8JrcbcG4hDQgbLmnJ72RX7ANDcaz4l8l55rq2T7mFnyo0hEN7L9HZxcZeOlX9fJhJ 65pEIbx4xEzU9gjWqmK2FUQMQzvTUZndIBapxbXGHXBmtgGN30WvkINF0D5evrTAzMjz WXgYEdqc8BUSVG3F5BNALLDy/8wd/n2o8TX8frvnbL4WaBWzO7wm+ybeA5+AoHE1rnMe 9wAw1OecRmJ1OnpY0kiRspg0YFHlWDpTCgMgJvZGSW8WjhZFLWMDS6FQc5BPakPjeShp Ms5R6snFjMBvbgM2z5THH2d5UkbwalJzGEGKNhMXMcu1mp+9899UeICTld0JVjKjNr2j rEnA==
X-Gm-Message-State: AOAM530bOFC2PlJ7n4de46ZR4+5EsmaHSq1PvH1xSZOTjFgvo/Vp8KG+ TrYHQwLqTHMrRzkYvNWyCe1PLt7M35EViQ==
X-Google-Smtp-Source: ABdhPJwkiOIXAGmFqiSm+qWf4HDWBqJk5XPauIhVY/kTM6nGZ8OVUhiNRHLlmqMjP/ULODW0pSqhOg==
X-Received: by 2002:a05:622a:549:: with SMTP id m9mr961366qtx.359.1616674315327; Thu, 25 Mar 2021 05:11:55 -0700 (PDT)
Received: from Windows10AnyBody.local ([2001:470:5:516:1994:b982:c02d:7371]) by smtp.gmail.com with ESMTPSA id e3sm4037366qkn.39.2021.03.25.05.11.53 for <ietf@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 25 Mar 2021 05:11:54 -0700 (PDT)
Subject: Re: rfc791 coming up to 40 years ... what to do (remember, celebrate, ...?)
To: ietf@ietf.org
References: <4c4460b9-5074-a320-6ebb-8b537f4c22a2@network-heretics.com> <A5F380FA-FB87-46CB-9D77-1FDB4453E8BD@strayalpha.com> <CAC8QAcfLqmf8Hq22fr6SQQxGj7i9p4n0i=WG1fUBX9hnHwT55Q@mail.gmail.com> <CAMm+LwjunKat1rp9QgkmZEKrp0zUAzPDL8Mp35f6saX5dyzu7g@mail.gmail.com> <35816c08-3375-94a4-33d3-f0b2e3eca895@mtcc.com> <2119081b-c04e-2ff8-0530-11c96cc1c74f@network-heretics.com> <baa0a47f-d7b1-85f9-30a5-5eebf9becb4e@mtcc.com> <F1A84553-90BA-4E7F-9B89-7FBA9762C30F@strayalpha.com> <c25db9b8-b000-599e-35ca-f073062efd90@mtcc.com>
From: Alejandro Acosta <alejandroacostaalamo@gmail.com>
Message-ID: <97c919d4-eaeb-ca4a-d71a-2be2addea2aa@gmail.com>
Date: Thu, 25 Mar 2021 08:11:51 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <c25db9b8-b000-599e-35ca-f073062efd90@mtcc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Vk1ZyAL40iO2dfqQpezjK1BkwqA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 12:12:05 -0000

On 24/3/21 8:05 PM, Michael Thomas wrote:
>
> On 3/24/21 4:57 PM, Joseph Touch wrote:
>>
>>> On Mar 24, 2021, at 4:10 PM, Michael Thomas <mike@mtcc.com> wrote:
>>>
>>>
>>> On 3/24/21 3:23 PM, Keith Moore wrote:
>>>> On 3/24/21 5:36 PM, Michael Thomas wrote:
>>>>
>>>>> IPsec certainly suffered this fate, though with filtering I'm not 
>>>>> sure if it would have the right security properties for tunnel 
>>>>> mode. Certainly had we used transport mode IPsec instead of SSL we 
>>>>> wouldn't be coming back 25 years later worried about the TCP 
>>>>> checksum.
>>>> IMO IPsec was DOA because it didn't actually consider the needs of 
>>>> applications.
>>>>
>>> Well there's no actual reason why IPsec needs to be run in the 
>>> kernel except for maybe some issues with IP protocol numbers (can't 
>>> remember if they could be exposed up at that time).
>>> Beyond that IPsec in transport mode doesn't seem to be much 
>>> different than TLS other than covering the transport headers too.
>> Turns out that can be important for things like BGP (that’s why we 
>> had TCP-MD5 and now TCP-AO).
>>
>> IMO, what IPsec got wrong was tunnel mode; it should have just been 
>> transport mode and IP-IP tunneling (RFC 3884 explains why).
>>
> Ah, interesting point. On the other hand for most VPN applications 
> I've often wondered why they need to advertise/configure specific 
> tunnel endpoints. Why can't you just follow normal routing to the 
> destination and send back an ICMP to say they need to be 
> authenticated/encrypted if need be. It seems it would solve a lot of 
> weird problems that tunnels cause.


Sounds to me as a terrific idea.


>
> Mike
>

v2.23.0 | Report a Bug | By Email