Re: [Lwip] [T2TRG] QUIC on IoT boards

Eliot Lear <> Tue, 21 January 2020 14:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3E8331200E5 for <>; Tue, 21 Jan 2020 06:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xJBMX7o5JOit for <>; Tue, 21 Jan 2020 06:13:59 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3D8E3120090 for <>; Tue, 21 Jan 2020 06:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=9211; q=dns/txt; s=iport; t=1579616039; x=1580825639; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=rYG2vABftrV+UjNl3K3Kk/In2NlbzfyhzNiLUBJTqYQ=; b=ajSwKNEwasWgmKoH7WvCqlRXhspy2pPs8s8i4JHXgF9NY/2gbKZkHdph b7ZWWDXMBpXkcqKs+tSKpKG3lrA8kiCHUra2lYm1jhX3lt8uzT3bmbQno EfcrMSSV8TnUjAoVC+4cCAO+qRLn/Lgd4NLDxkqBpnIgnPc8YMi/rkOYH o=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.70,346,1574121600"; d="asc'?scan'208,217";a="22319798"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Jan 2020 14:13:57 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id 00LEDumw005346 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 21 Jan 2020 14:13:56 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_3BDFC81F-FEBC-4EE3-BEA4-A2D7B1BFE408"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.\))
Date: Tue, 21 Jan 2020 15:13:55 +0100
In-Reply-To: <>
Cc: Mohit Sethi M <>, Lars Eggert <>, Василий Долматов <>,,
To: "David R. Oran" <>
References: <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Lwip] [T2TRG] QUIC on IoT boards
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Jan 2020 14:14:04 -0000

> On 21 Jan 2020, at 14:49, David R. Oran <> wrote:
> On 21 Jan 2020, at 5:24, Eliot Lear wrote:
> Hi Mohit
> On 21 Jan 2020, at 11:07, Mohit Sethi M <> wrote:
> Hi Eliot,
> I find your example rather disturbing. I am sure a dad does not want everyone else on the Internet to see what his daughters toy is exfiltrating. You would need encryption for that?
> Yes, you would! But Dad might want to be able to have an agent to decrypt.
> Sure, which is why key sharing is probably appropriate and having standards for doing that safely are important. Do we have a good way to maintain PFS in those scenarios?

Certainly not with TLS 1.3, and that is by design.  With TLS 1.2 it’s possible, but then we end up with divergent code bases, and I would like to avoid that.

> Indeed Dad may want an agent that blocks certain
> I can see two related reasons why this might be important:
> To prevent “packet of death” scenarios where either bugs or malware can be exploited by a single crafted packet making it through to a vulnerable device.
> To mitigate DoS attacks against devices that are not prepared to discard traffic effectively, either due to processing or energy considerations.
> 1 is quite difficult to achieve without full middle-box functionality
Wellll…. It depends.  Again, I’m reminded of Hitchhiker’s Guide to the Galaxy: “Space,” it says, “is big. Really big.”  Same with IoT.  If we’re talking about a digital twin strategy or some cloud-based service, the chances are ACLs are good enough, so long as you can identify the correct ACLs.

But… if the threat here really is the device itself in its fully functional form without any malware, then you need a full scale ALG to defend against it.  That’s something that we need to be thinking about.

> 2 could be done with ACLs based on information in things like MUD profiles, but I’d argue a better approach is something similar to STUN, but whose purpose is for the device to install filtering or rate-limiting state in a cooperating device “upstream of it”.

It’s a matter of who you want making the claim.  If it’s the device, then STUN or another half dozen protocols can do the job.  If it’s the manufacturer who designed the thing, then MUD is the right tool.