Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Stewart Bryant <stewart.bryant@gmail.com> Wed, 04 January 2023 13:54 UTC
Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFFAC14F613; Wed, 4 Jan 2023 05:54:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WBAW6wtwXB8Z; Wed, 4 Jan 2023 05:54:19 -0800 (PST)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90400C151705; Wed, 4 Jan 2023 05:54:19 -0800 (PST)
Received: by mail-wr1-x436.google.com with SMTP id az7so8627689wrb.5; Wed, 04 Jan 2023 05:54:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=l9W6K1AQvOmvNZoeIIAtWp3Ah7bG5vAILE1x2NB7nNg=; b=h6iOksrsR/JBG4v9zmnPng0rHAJxQ7zVZnSZ6wzihQcdl8DivPgIs8gWQrlLNZi17E lBTd350vH6yMVtBV5Ltjch6fHN01u6HmZY3onSvsWIhxqQaf1B2ulY/4vUKPcy6bHujw 9hfTBx/ppj1mkwxyr/GSabnEUblINGomOYS95FChelUUBMim3UFtNLRJDQFYvdtBAypz 1+zJ+LrnZGfXFTpyDvBAcDJvVxVaMZ5qKxkCNib7SjukBut2W5nMSklqStoHOoyKB3PQ c3hYiR6cRu+hjW+YzEC4nx39heTBwwESZ6XVF+pYv/wmiGSPkGU/b4kMOOGdj35f50E3 iVGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l9W6K1AQvOmvNZoeIIAtWp3Ah7bG5vAILE1x2NB7nNg=; b=ZFMLAuv4Xc1ryeUWDHw5JxPxUoMejRt/a9BVmdyz9gxoZRpMSmaRa+d7A3MW++lj/D 6SnGW01CpaIx9bXoQyYItm5rmgjgA5JdjxbiAmmpiHvHyo8HZ4FghmKbDcgCZ6RIYAFF xwxFYMVuyAhROum2ss1JHd7bCDfg48e+PmZyfv61oB08uO0lhqrKpZ+9cSf95kkk3r6W FATFvnAjBRhA9BJdOgumNOa/56XReLJEpXVDF4yuLN7ueibdumrzsJGbevA+3+EA9CKa cudljSDI1D0aeqEwMXgOoPoaZzhGVDtSDzqak/PpEazOfAS4E5xTjhYQ3RnRNQ5TQ5u8 FqJA==
X-Gm-Message-State: AFqh2koJVm6vosCHGrP0QugxmwYnbT298sW+dcspaqvLBF4fYG4JTXzu Faq5ZyLTmk7FzP9Bu0GusTU=
X-Google-Smtp-Source: AMrXdXtJZhMJEYE4FjpUHB3BBs2Csb2LINR+ERuNptRxOaKM+IBWO49CUsu+E0mD3ga8Q1zoq6OWjQ==
X-Received: by 2002:a05:6000:408b:b0:242:8404:6b66 with SMTP id da11-20020a056000408b00b0024284046b66mr35410554wrb.1.1672840457436; Wed, 04 Jan 2023 05:54:17 -0800 (PST)
Received: from smtpclient.apple ([2a00:23c5:33a1:2101:bd06:9e46:2ee0:5c2f]) by smtp.gmail.com with ESMTPSA id b16-20020adfee90000000b002a1dd8ff75fsm2859206wro.62.2023.01.04.05.54.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jan 2023 05:54:16 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
From: Stewart Bryant <stewart.bryant@gmail.com>
In-Reply-To: <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com>
Date: Wed, 04 Jan 2023 13:54:04 +0000
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, Dino Farinacci <farinacci@gmail.com>, hrpc@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/zNXWxEPGRb_RCATPwa6LlZI1OYY>
X-Mailman-Approved-At: Fri, 06 Jan 2023 08:28:01 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 13:54:21 -0000
> On 4 Jan 2023, at 09:35, George Michaelson <ggm@algebras.org> wrote: > > Put a nonce source ip in the packet header and the real source as 4-16 bytes of PFS protected payload. Indeed we know that there is no need for an SA other than to support the most primitive types of communication or the most primitive types of detection of errors or spoofed packets. Though a spoofed SA may fall foul of the latter and cause the packet to be dropped. MPLS works fine without SAs. > > Use asymmetric routing. A single point of capture which isn't close to source or destination is occluded. Just to note that some protocols would like path symmetry for round trip delay equalisation. NTP is a good example. However this more a wish than a promise as ECMP is not symmetr Indeed, picking up on the earlier note about encrypted source routing, back in the very early days of MPLS SR we speculated about obscuring the labels so as to introduce a primitive form of end to end path control with limited visibility and limited ability of nefarious nodes to send over premium paths. Stewart > > Can't fix a warrant tap, but can at least obfuscate for on-path. > > G
- Ten years after Snowden (2013 - 2023), is IETF ke… John Mattsson
- Re: Ten years after Snowden (2013 - 2023), is IET… Lloyd W
- Re: Ten years after Snowden (2013 - 2023), is IET… Brian E Carpenter
- Re: Ten years after Snowden (2013 - 2023), is IET… Phillip Hallam-Baker
- Re: Ten years after Snowden (2013 - 2023), is IET… Christian Huitema
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: Ten years after Snowden (2013 - 2023), is IET… Dave Taht
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Adrian Gropper
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- RE: [saag] Ten years after Snowden (2013 - 2023),… Antoine FRESSANCOURT
- Re: [saag] Ten years after Snowden (2013 - 2023),… Lloyd W
- Re: Ten years after Snowden (2013 - 2023), is IET… Masataka Ohta
- Re: [saag] Ten years after Snowden (2013 - 2023),… George Michaelson
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Niels ten Oever
- Re: Ten years after Snowden (2013 - 2023), is IET… Vittorio Bertola
- Re: Ten years after Snowden (2013 - 2023), is IET… Dave Taht
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Paul Wouters
- Re: Ten years after Snowden (2013 - 2023), is IET… Viktor Dukhovni
- Re: [saag] Ten years after Snowden (2013 - 2023),… Eric Rescorla
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] Ten years after Snowden (2013 - 2023),… Brian E Carpenter
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- RE: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alan DeKok
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [EXT] Re: [Pearg] [saag] Ten years after Snow… Vittorio Bertola
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Stephen Farrell
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… bzs
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [hrpc] Ten years after Snowden (2013 - 2023),… Abdussalam Baryun
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [hrpc] [saag] [Pearg] Ten years after Snowden… Laurence Lundblade
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Stewart Bryant
- Re: [saag] Ten years after Snowden (2013 - 2023),… Brian E Carpenter
- Re: [saag] Ten years after Snowden (2013 - 2023),… Kyle Rose
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [saag] Ten years after Snowden (2013 - 2023),… Phillip Hallam-Baker
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Adrian Gropper
- Re: [saag] Ten years after Snowden (2013 - 2023),… Dino Farinacci
- Re: [saag] [hrpc] [Pearg] Ten years after Snowden… Tony Rutkowski
- times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alec Muffett
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Ted Lemon
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [hrpc] [Pearg] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] times square 15 sec delay new years Jens Finkhaeuser
- Re: [Pearg] times square 15 sec delay new years Jens Finkhaeuser
- Re: [saag] Ten years after Snowden (2013 - 2023),… Kyle Rose
- Re: [Pearg] times square 15 sec delay new years Lloyd W
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Lloyd W
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [saag] [Pearg] Ten years after Snowden (2013 … Keith Moore
- Re: [saag] [hrpc] [Pearg] Ten years after Snowden… Masataka Ohta
- Re: Re: [saag] [hrpc] [Pearg] Ten years after Sno… wanzerbusi
- Re: [saag] Ten years after Snowden (2013 - 2023),… Masataka Ohta
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone