IETF Logo Mail Archive

Re: [Int-area] New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt

Joe Touch <touch@strayalpha.com> Fri, 08 March 2019 16:57 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041FA1313F3 for <int-area@ietfa.amsl.com>; Fri, 8 Mar 2019 08:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sKXPYqyLjOeJ for <int-area@ietfa.amsl.com>; Fri, 8 Mar 2019 08:57:35 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98211313ED for <int-area@ietf.org>; Fri, 8 Mar 2019 08:57:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=kI0HAIHELRYRveFkwCiQiS2dgF4dc5zab1bXk4kXonY=; b=iU7EoqNxFiu7CElDMretXrEPAF 5m728FnMbtxC5NFbWtSq/Y+f2dHWKbCVSZw2PvX+J5mtt0e4I5XU1J26ZAizFdiPaOhXKC2D6W8mY gJMWOESTB6YtBLoJe4+lB+V59DDHU0pTFgJ9fqbnhL2yKhLTjonmr3rZKGf+BG3+tfReRZmi+re/7 QTxK+NxlBaplKxXQgEWY+xF4WvYULe4QtSwFKjWwX/CBgjSc5jdkdoNeIwyhSFS6Jg2fKjg54skcR WmVYp6CZ38cjDXqmzeZfLjWNQ6iXEslnDLUG0mvAcIC89HLJamF8TuKMqoXhMDxcJ3M6PWDk9B3F0 DIuBI4MA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:51502 helo=[192.168.1.250]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1h2IoM-001VXc-8Z; Fri, 08 Mar 2019 11:57:31 -0500
To: Tom Herbert <tom@quantonium.net>
Cc: Tom Herbert <tom@herbertland.com>, "Templin (US), Fred L" <Fred.L.Templin@boeing.com>, int-area <int-area@ietf.org>
References: <155129875579.13940.18077034152695268824.idtracker@ietfa.amsl.com> <CAPDqMeofwtqye_+55Yc_3rAkQqNLQ9Dw9TohJ7gcYCgUJrs-Jg@mail.gmail.com> <dbcef0c979f24aecb638babded309117@boeing.com> <CAPDqMeryKrE2t47kY1YXcpf80bJ8W3cx9m3UX+vfiYTy_kE6yA@mail.gmail.com> <7e858ddb-5372-b77b-1ebb-e9b0e297b479@strayalpha.com> <CALx6S34sRo1bzYZs3bEE4cWkhZb_vmomYE4F=vrpesNqG8SuXw@mail.gmail.com> <0f185c50-0450-aba7-c2cb-6f047fe08a28@strayalpha.com> <CAPDqMeqGt7-mdpnnr70Jjg3Zd_fyvva=5qkS1+zAD=XYVF214w@mail.gmail.com> <b06f8cc1ba0a931221bd1d76fe1961ff@strayalpha.com> <CALx6S34NDRCC0NeWJLxtzs=p+Q1m9EyidkkyPqqDurMoPgmxYQ@mail.gmail.com> <F59C4EDD-15A9-4052-B210-70A4196D0014@strayalpha.com> <CAPDqMeoEz34J67jzgfSx=Sofre6y0iM1bDAYOHi+pKimC2x0cg@mail.gmail.com> <7F438248-9543-4ED5-9BC0-5FCB278CD0C7@strayalpha.com> <CALx6S376SyOEZB95NHpueXsRug2zNdSnebwT4HxnGewXwX50dg@mail.gmail.com> <e5e1354f-9e58-5a9e-f1c3-4d01c4a80080@strayalpha.com> <CAPDqMerzL-WeZGCHKsKLYTs1R5FBhn=XsJT02-gj-2KSOegTjQ@mail.gmail.com>
From: Joe Touch <touch@strayalpha.com>
Message-ID: <863853de-d9b7-9c59-0cb9-207d272309bf@strayalpha.com>
Date: Fri, 08 Mar 2019 08:57:30 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <CAPDqMerzL-WeZGCHKsKLYTs1R5FBhn=XsJT02-gj-2KSOegTjQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/g4eJ4JJyJ-Ps32-gRW7MMZjVexU>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 16:57:38 -0000

On 3/8/2019 7:56 AM, Tom Herbert wrote:
> On Thu, Mar 7, 2019 at 11:57 PM Joe Touch <touch@strayalpha.com> wrote:
>>
>> On 3/7/2019 9:03 AM, Tom Herbert wrote:
>>> 1) Allow IPv4 to carry IPv6 extension header numbers in the protocol
>>> field, and process as IPv4 extension headers.
>> I heard someone on another list argue strongly for fixed headers of the
>> sort IPv4 already uses. ;-)
>>
>>> 2) Encapsulate extension headers and following transport packet in GUE/UDP
>> Which, as I noted, undermines the useful work performed by firewalls.
>>
> Joe,
>
> Then so does QUIC, TLS, IPsec and anything else that would obfuscate
> the data that firewalls might want to inspect.

Of those, only IPsec hides application transport numbers. And your
proposal - though not encrypted, it buries them far enough that
firewalls won't go looking.

>  You seem to be
> convoluting firewalls and security,

Security has 4 dimensions:

- privacy

- integrity

- authentication (identity)

- resource protection

Firewalls help with the 4th dimension. It's still called security and
they're still very widely used (much more widely than any support likely
to come of new IP EHs, I'll happily wager).

And I know there are some in 6man talking about deployment. There were
those who started to deploy Active Nets in the 1990s too. Wouldn't they
be just as effective for what you want?

Oh, wait - they' were fringe at best and disappeared. Curious why...

Joe

v2.23.0 | Report a Bug | By Email