Re: [Lwip] [T2TRG] QUIC on IoT boards

Eliot Lear <lear@cisco.com> Tue, 21 January 2020 10:24 UTC

Return-Path: <lear@cisco.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B979F120096 for <lwip@ietfa.amsl.com>; Tue, 21 Jan 2020 02:24:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y36VF1Wg7AfN for <lwip@ietfa.amsl.com>; Tue, 21 Jan 2020 02:24:51 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41058120091 for <lwip@ietf.org>; Tue, 21 Jan 2020 02:24:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3968; q=dns/txt; s=iport; t=1579602291; x=1580811891; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=3IuD1GavWlyelad4xWxDNN6s2YpQffk5vacbek/Aq1w=; b=ZH2SUnsqAQjAyUrjNNvI+qcVi/g6bDJVZFOs6PusGLbg/aO4djyFWarj XXYvXwTUtSkriZRHbWcdRvdlRT0tWQuWm/T51Y4I77EhtVw1np5rQKNOS WAmahFVnjm3js8rEYjzszAvOiOGvrJH0ib6vbowCzle7tdEIf+O8XLVmr w=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0COAABG0SZe/xbLJq1lGgEBAQEBAQEBAQMBAQEBEQEBAQICAQEBAYF7AoInbFQhEiqNFYglkyyICwIHAQEBCQMBASMMAQGEQAKCNDkFDQIDDQEBBAEBAQIBBQRthTcMhV4BAQEBAgF5BQsLBBQuVwYTgyYBglsgD6s7gieFSoRfCgaBOIFTiluCAIERJyCCHi4+gmQBAQIBhSKCLASQFoccmCCCQ4JJgRyDWI50G5p3lz+OeIMtAgQGBQIVgWohgVgzGggbFWUBgkE+EhgNkQiFQEADMAKNbgEB
X-IronPort-AV: E=Sophos;i="5.70,345,1574121600"; d="asc'?scan'208,217";a="22310713"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Jan 2020 10:24:49 +0000
Received: from dhcp-10-61-103-205.cisco.com (dhcp-10-61-103-205.cisco.com [10.61.103.205]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 00LAOmAY024179 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 21 Jan 2020 10:24:48 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <37818CA3-93F3-43BC-A9F5-3CCAEC4C99A7@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_764E7DDC-6902-4E2B-ABEE-24CADADFCBFA"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Tue, 21 Jan 2020 11:24:48 +0100
In-Reply-To: <08fa9838-bfa3-2b91-c7ba-9631a73da264@ericsson.com>
Cc: Lars Eggert <lars@eggert.org>, Василий Долматов <vdolmatov@gmail.com>, "lwip@ietf.org" <lwip@ietf.org>, "t2trg@irtf.org" <t2trg@irtf.org>, Dave Oran <daveoran@orandom.net>
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>
References: <6CB4D459-4AAA-4313-B95C-05DF22C9A9DD@eggert.org> <E7C38177-DD0B-4D92-AE0E-EB457691E493@cisco.com> <6B9FFEF5-CDC9-4703-BB10-616DBEDE80AB@gmail.com> <4528ED27-E3B6-43C4-99A5-715DE1B79A09@cisco.com> <247FD52A-D90D-498E-AD79-9DADA8653EB2@eggert.org> <C210C02A-B6E3-46E4-A3FC-6534490783B5@cisco.com> <08fa9838-bfa3-2b91-c7ba-9631a73da264@ericsson.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-Outbound-SMTP-Client: 10.61.103.205, dhcp-10-61-103-205.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/nU_NccvkKY3YwneCQEQknT6jnRk>
Subject: Re: [Lwip] [T2TRG] QUIC on IoT boards
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 10:24:56 -0000

Hi Mohit

> On 21 Jan 2020, at 11:07, Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:
> 
> Hi Eliot,
> 
> I find your example rather disturbing. I am sure a dad does not want everyone else on the Internet to see what his daughters toy is exfiltrating. You would need encryption for that?
> 

Yes, you would!  But Dad might want to be able to have an agent to decrypt.  Indeed Dad may want an agent that blocks certain

> 
> I am totally with you on the need for knowing what's inside the device and how is the device behaving. RFC 8576 identifies this in Section 5.6 'Verifying Device Behavior':https://tools.ietf.org/html/rfc8576#section-5.6 <https://tools.ietf.org/html/rfc8576#section-5.6>

Well indeed.  But I do think we should be considering what the first class objects are in these cases.

Eliot