IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 28 June 2021 16:04 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB903A0A2C for <masque@ietfa.amsl.com>; Mon, 28 Jun 2021 09:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, PDS_BAD_THREAD_QP_64=0.998, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2OtZMh8f4Rp for <masque@ietfa.amsl.com>; Mon, 28 Jun 2021 09:04:19 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2046.outbound.protection.outlook.com [40.107.20.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABE933A0A31 for <masque@ietf.org>; Mon, 28 Jun 2021 09:04:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PF/mT15V56XaZoKuwGDdsZhSq1f0yGCE1AT5LHxW+LPaGjTfFGYGHqxycfZsQm2ZXtVqKREZ+1iLYn8J0W9odYDhppg/1TKq2atymQSKsIMnxgI0QJJ2u0+s9R2z9ZHRghXPZlZ1MUfCwxNehVxuiz/rYcUzYoNHX55HvBP5aDkso3DSpdYv+3Sw094DiTahPqkPlel0miqwEYuikFCf9lDzW03b4MyfFuGhDSjXGGAQWa4KiUGK/swJky/LcFlN5HCCAWaA9121rE+OnWeI4F2pXArNktRtElGaU7WmG6bGvHFoWyDWqIlijfYJtEMdm0lWeKM9DGhp4V4MCcGJmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2W7dnlkTwW5czsTbn0AzmxcQY6VRXy20TSuT+yuO4To=; b=fQfjNqAWG4qUtxTLU0mKGTyjZTDJ0f2F06pP0/hnOXCYHJchp+tszyKMWi9UXncNi9cM8G5HDrJpjAC70Mf6L4IRlcqPhQdGC1R1Abp7NhZZlnydFHekPxcxJkLor7Wlx+iL7XK93sIE5zix9gWrXPICPV8P+WpgdIwD+YC7Fpv6ujsrTtZutcBk4Gdwl/PWvqwNW8icyePzBW4dycUE1CUmCahtMrGyaeSR72QeQx+EArg3YOIb/TwlTNMbfBxcqSjJV04itCDX0wSgJU3xJZF3V0BUSGK2NCxeKTAH3lhbKVFdF0VB4L8vqAw7tyJQYZmZ0SSaiMJPV7F+JYmF9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2W7dnlkTwW5czsTbn0AzmxcQY6VRXy20TSuT+yuO4To=; b=Q5dTIt190BVoji+EuxYLsflSiI1qpH1PmTN7nbRs9485SrxScSf63iaqdHaNuZSfQ4X/fDjmaULXQopblihVWtwQFOft0xDQKX4qACmLlszpOn1y3+qKe7HmpaCbDpXpZQb4yzmwzCJru54oeSj7nBczRS9z5hn1wFS5QExDQKQ=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR07MB4169.eurprd07.prod.outlook.com (2603:10a6:7:9d::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.11; Mon, 28 Jun 2021 16:04:12 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4287.021; Mon, 28 Jun 2021 16:04:12 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dschinazi.ietf@gmail.com" <dschinazi.ietf@gmail.com>
CC: "spencerdawkins.ietf@gmail.com" <spencerdawkins.ietf@gmail.com>, "masque@ietf.org" <masque@ietf.org>, "martin.h.duke@gmail.com" <martin.h.duke@gmail.com>, "caw@heapingbits.net" <caw@heapingbits.net>, "achernya@google.com" <achernya@google.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Thread-Topic: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
Thread-Index: AQHXUjxBf3ikf/VJnEKptAWJfzyNZKr9pm+QgALDNwCAAOyaAIACrmiAgAAGCgCABDtegIAAQG6AgAB6woCAAAPNgIAABHOAgAADggCAAMMrAIACuCGAgB1BsIA=
Date: Mon, 28 Jun 2021 16:04:12 +0000
Message-ID: <9287d53cbca722b586b4a7684f07bbf89717fa3f.camel@ericsson.com>
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <746F7E16-37BD-49EF-896A-649D394CCB05@ericsson.com> <CAPDSy+6PjZk0Kea6154V3=GF-8bs+0Mr+FtFfi-girGh3uAVrQ@mail.gmail.com> <3deea8212d66731de5c81abae353f3e9322f2d57.camel@ericsson.com> <CAPDSy+68DoVrRiC7uEn1-Ze_5LDn9mt7-f+ZeovTTYAUh=w2Og@mail.gmail.com> <21d8fc788051b570768e53d6d9355ed51b423c0a.camel@ericsson.com> <CAKKJt-d-FzXVdJpUTacb4m7ESyB6nzkk1BQSf8rHtReOvD=5Jw@mail.gmail.com> <CAM4esxSE=misCJX=73h-kF+RQdQLC2WBhwv3nv5QgR8HK17diw@mail.gmail.com> <CAM4esxQatk4-ENdz+2jCbpRtr8hT0nLWbVLbb64RMJwvBf2qDA@mail.gmail.com> <CAHbWFkQ6YAhqgbbsAPC-i2Rv-_LRZ4R3NKTk4of200GUt38A_g@mail.gmail.com> <91475be5-dee4-435e-a65b-1cde43ffff0e@www.fastmail.com> <74934214da56424b57d7985f49e58b20482d6310.camel@ericsson.com> <CAPDSy+6JU9trGDDPpNa+2Xirq=q0FtpOaE9Sy0gUmdXs=N36bA@mail.gmail.com>
In-Reply-To: <CAPDSy+6JU9trGDDPpNa+2Xirq=q0FtpOaE9Sy0gUmdXs=N36bA@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 53dc2d3a-e892-4789-72eb-08d93a4e5ef5
x-ms-traffictypediagnostic: HE1PR07MB4169:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR07MB4169DDA9E649B1BFE91A9F4C95039@HE1PR07MB4169.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: y9VR5obqiSCJpJpYyOw/MRjmWt9vXrAwGBbMQLokO/cbl/BsREunPngvp8nwCwNA2psu2j34yUniJmWqSB0jYVG8bFsO6sRnhr7gQibUNfzkxQw4BTHgo678kHn5UGoXK6i0PVmZLJpwcPsb/cC+NdFgWTpD6754LkoiPPYGt1cXmCdjmdwqXPMV5uw+by4Pk1eoSavfi5U1j5AnSPAg0SqHwhZGHlCnR2wvz3zsEQqAb7SHqHE4Om3Lv4pJQA0xKylwSneTPr4PYXmmqazdJIzB7ieNgADB74FbmAigpgTZqG7/GaSiH99YVChzr0pqp2Nf13DT/y/YuHqXk+mjf0V0NC2YLjYxgXehVP919EyS/rrYlRJ2qylP3IijmGeUJB+xLbfAvtUUUDNY9AbQgPsIXRN/BR9H3SmIuzmWwhg/sGF3AJ9OxyQnNhaih2Muq25L1+kifvNI6BIQuMNN/6upxluYadOdz5GyYQFuZFymrCqk/VoMaMOH4IkBjAwrue1Lo4N/tr/01xQzrmaGQECYmY6CjHTgOoxmVLbAcEfpvpgGH10LmkIInsAqrY6/dAQB1h0e5Z09iDfLa3iznY50ZpbF3L85r4hNGYDnQRTkDjMSUru97AIr9fWycl2B3kQY8+NGRn+VQ5DR1UfFnbwUnBdr5E19qMBBDUyiZCAAvulKxvglwPNKlmY4lZ4zzyCAGh6mbK8J29Rlx6mj3EqOUhNoXbS/jliKxjd+RTyIKRxXeQJGPvDYQHdLVUu3xZLmVpTcnw/Jz0IK6g61CwBs6reIPcaTjq40FLRX9er39b/iK/PEV4gN70py/fWegvFbRDsAYCce04m2kz76+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(6506007)(53546011)(478600001)(186003)(6512007)(36756003)(6486002)(2906002)(38100700002)(44832011)(99936003)(2616005)(8676002)(66446008)(66556008)(64756008)(66946007)(66616009)(66476007)(107886003)(8936002)(4326008)(5660300002)(71200400001)(122000001)(316002)(966005)(76116006)(83380400001)(26005)(86362001)(6916009)(54906003)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zIWsAGkns/JLEcPwgpJshPbMjyZbybprqPUl75Dv0gDijOIs/JcisUON7ysgloYBtFSAF6dr+UviflNt9kBPWfwY4WJZe8BmL0GmoN/hgkGZDBW7pZNLks7/vk6d4S8YYdHU4U1dINApBJvq6BELqaZu8bKerCc3HRj1+VltCoaS/H+gVxYKt5I/s6w12Bk7qBK8J1vKWswLopuxWaPC+Md9IK+FVp2PUPKTOMimjVhn9VzonzhUsKaZgzrrsGbNGgNWEQ0Lhaj17msYel+5l0MxDA3k4W400IS2UNffM52fgJFAMMz8SWQfgVH9W/NlqwydLMjO4yoAOhLntpclFoiwqB0D3ySHOxLjBz8tONG86mejyvO/9ygHQelryJTYRLRAvrJeE2KyJkUnmbLFYxFbLtKwSTeTpHuoXkgynYLCCKkGJEkUaMf67TzbTOD8RoCepB7Hv4pPjlCVlYR6U4cbViqHZhp8kxZrzMeVYNITjPR9BVpro+tKnf6qjjplanW+X4kuhMIHHq5QzCVR3FHpZzUExyj2siDCJqL/QfRnTI7eXCvPowxHix90l03RsCh2JC0sP1adyBaY09/BXii7yc6corU8Tc+PDUaOu6qD7QB4XlSqU5gixUerqVzENVj+gKZiw3dt4vflseWWhZioJ3hpLq6ldsyuqqLSMurBZYiKtlgA8oxy8nV5z3RSCB6X45Bq1PIfisE4gnB+8vMfvAowbB9mtBVXqvLXU3njQZm/ZthXDHsROuKc00e0fpG9FFMpsgX2KluaEGiPhFAhraGPVPf/uLmSwKZLuwQJuYm8d8wgrJupvRo6YS3DAnqL+nGxf0IID7S/LDtufz/yXklVRBhgTNn8oFIHd0fYLsSPLEc/s15ycVjbApwZpZYx9rwht+C5aJ6aSn2NakTL9x4GhTYk7ajoytcEgbSxIedAk2RCmOV6bIrAy3aGbxl8XnmVQfwWBG82ZolIMZx9xVyYjC0Q/6bkAl0IWOqOsFr68bpRN75av65LUuV2SC1M2GFCVq/qCZXYzWTXC4rqJrbrwnv+PB2MQZZsWKRjZGZGMgGKLOfLZlJAv6ERgiF2Wynl7LnkvlSJP31ovmuBlyIKz2xU5CrPL21IY0lsBfz23NhrJ0GHJ/78iyJIXsw3sigychXHHL+upGcYVPelrrIgdx7C1rwJXw8KgF5p5X70gqVz9OAuP5v/JSA9ra5Z7xNGGWByaQJac2MmgGaA+KlekNJ9Z8gr6US6MBy9fYL/SEdPtkV33C1CtTbec1bR1sg+63C7ftSMMJGbeEkL6owJ8fsfthKxey8/CU5ADozL6f9b7LLCRh+MnGAgYDxiwrNKr5VW8+43pno4lg==
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-kJ4Nc1YbNUI19FeKQAp/"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 53dc2d3a-e892-4789-72eb-08d93a4e5ef5
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2021 16:04:12.3230 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: T5VCkyL5N581Y5rvHQUbUvAEjyxWrIp6D6G7q5Excod+bexYPDKEsYdB0T8at5+BuXk17aU0XIF/94OZk1pgEgnz0tq+5igKWX+vVsVWW60=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4169
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/XjB19p2zF--AWX5xEph4Gi2kEsY>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2021 16:04:24 -0000

Hi,

Sorry for the delayed response. 

From my perspective you can't just state that trust is out of scope. For a
solution document I would see the need to discuss the security implications for
a MASQUE endpoint between the authorization that can be derived from the
protocol mechanisms for endpoint identity versus the MASQUE protocol requests
impact on external state such as routing tables and their potential
implications. 

From my perspective if the IP proxying protocol expresses information about
routes we will end up having to discuss the purpose and security implications of
those routes and the endpoints trust in what is stated. 

Cheers

Magnus

On Wed, 2021-06-09 at 18:17 -0700, David Schinazi wrote:
> Hi Magnus,
> 
> You're correct that this isn't currently explicit in the document. The
> intention of the authors was to declare trust out of scope for the IP
> proxying protocol. Similar to IP, DHCP, ESP, etc, the protocol itself
> does not need to worry about trust as that is better handled at a policy
> layer that lives outside of the protocol. Since the IP Proxying
> Requirements document only applies requirements to the IP proxying
> protocol, trust is also out of scope for the requirements document. I can
> add a subsection to Section 5 (Non-Requirements) if you'd like.
> 
> If we agree that trust is out of scope, then the risk for added delay is low.
> 
> David
> 
> On Tue, Jun 8, 2021 at 12:46 AM Magnus Westerlund <
> magnus.westerlund@ericsson.com> wrote:
> > Hi,
> > 
> > I agree that one can split later, with some additional delay. How
> > problematic waiting with splitting is depends on what the network to
> > network use cases is supposed to cover. I think we need to figure out
> > what type of threat model and mutual trust the two MASQUE endpoint is
> > expected to have in this use case. 
> > 
> > So, can we please figure this out becasue I think that will clarify if
> > there is low risk for extra delay or significant risk for extra delay?
> > This is a request for better clarification in the requirements document
> > on 2.4. 
> > 
> > Cheers
> > 
> > Magnus
> > 
> > 
> > On Mon, 2021-06-07 at 13:07 -0700, Christopher Wood wrote:
> > > As Martin points out, the solution for the network-to-network use
> > > case in Section 2.4 can be split out into a separate document should
> > > we run into timeline issues down the road. 
> > > 
> > > To that end, we'd like to reiterate that the purpose of this WGLC is
> > > to determine if we can we move forward with this understanding and
> > > consensus on this document in its current state, plus or minus maybe
> > > some editorial cleanup. If not, what specific requirements in the
> > > document are problematic, and why?
> > > 
> > > Thanks,
> > > Chris and Eric
> > > 
> > > On Mon, Jun 7, 2021, at 12:54 PM, Alex Chernyakhovsky wrote:
> > > > Hi Martin,
> > > > 
> > > > Thanks for weighing in, and I agree with your interpretation that
> > > > there 
> > > > is no tension between these two points.
> > > > 
> > > > I agree that should we run into timeline issues with the
> > > > implementation 
> > > > drafts, it is possible to split out the section 2.4 implementation
> > > > into 
> > > > its own document. We should cross that bridge if/when we get there.
> > > > 
> > > > Sincerely,
> > > > -Alex
> > > > 
> > > > On Mon, Jun 7, 2021 at 3:39 PM Martin Duke <martin.h.duke@gmail.com
> > > > > wrote:
> > > > > To clarify what I meant, I'm suggesting the the future IP proxy
> > > > > document can split out the network-network use case specification
> > > > > if that proves to be problematic.
> > > > > 
> > > > > I am not saying we should have two requirements documents.
> > > > > 
> > > > > On Mon, Jun 7, 2021 at 12:25 PM Martin Duke <
> > > > > martin.h.duke@gmail.com> wrote:
> > > > > > I'd like to step in here as AD and make sure we are not talking
> > > > > > past each other here. IIUC:
> > > > > > 
> > > > > > (1) Magnus and Mirja do not want to implement 2.4.
> > > > > > (2) The authors want to make sure the design is extensible to
> > > > > > support 2.4, but are OK with some endpoints not supporting it.
> > > > > > 
> > > > > > It does not appear that there is tension between these points.
> > > > > > However, I understand that Magnus is concerned that 2.4 will
> > > > > > hold up the core proxy-ip draft unnecessarily.
> > > > > > 
> > > > > > As AD, if we come to that point, I see no requirement in the
> > > > > > charter that this be one or two documents; if the option is
> > > > > > holding everything up, it can go to the IESG while 2.4 has
> > > > > > further refinement in the WG. I don't see that we have to make
> > > > > > this decision now.
> > > > > > 
> > > > > > Regarding the document at hand, the existing Sec 2 offers the
> > > > > > possibility that all of the use cases are optional. It does not
> > > > > > preclude the path that appears to have consensus.
> > > > > > 
> > > > > > Is that consistent with others' understanding?
> > > > > > 
> > > > > > Martin
> > > > > > 
> > > > > > On Mon, Jun 7, 2021 at 5:06 AM Spencer Dawkins at IETF <
> > > > > > spencerdawkins.ietf@gmail.com> wrote:
> > > > > > > 
> > > > > > > 
> > > > > > > On Mon, Jun 7, 2021, 03:15 Magnus Westerlund <
> > > > > > > magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
> > > > > > > > Hi David and WG,
> > > > > > > > 
> > > > > > > > Let me attempt to clarify a bit why I have made the
> > > > > > > > comments I have made. I think they do stem from
> > > > > > > > interepreting the network to network use cases as a very
> > > > > > > > general technology and from the perspective of deploying
> > > > > > > > this with clients which the server has limited trust in. I
> > > > > > > > realize that you are likely comming from another
> > > > > > > > perspective that you only intended to use this in cases
> > > > > > > > where you have fairly high mutual trust in the client and
> > > > > > > > the server. I think that is actually the major difference
> > > > > > > > here and why you below think I am making a circular
> > > > > > > > arguments. I think it all stem from lack of discussion of
> > > > > > > > this use cases and what operational limitations we intended
> > > > > > > > to have on the protocol.
> > > > > > > 
> > > > > > > I don't know if this would have helped, but I do wish we
> > > > > > > could tell (explicitly, in the requirements draft) which
> > > > > > > requirements arose from various use cases. 
> > > > > > > 
> > > > > > > I'm pretty sure that most participants think they know that
> > > > > > > (likely), but also think that other participants have the
> > > > > > > same understanding (perhaps less likely). I think that's what
> > > > > > > Magnus is saying here, if I'm reading the thread correctly.
> > > > > > > 
> > > > > > > Do The Right Thing, of course.
> > > > > > > 
> > > > > > > Best,
> > > > > > > 
> > > > > > > Spencer
> > > > > > > 
> > > > > > > > So if the goal here is to have high mutual trust between
> > > > > > > > client and server then I think a protocol solution may be
> > > > > > > > able to be defined with such an applicability statement and
> > > > > > > > less mandate on necessary protocol mechanisms to protect
> > > > > > > > against malicous peers. I think that is in stark contrast
> > > > > > > > against some of the other use cases where the trust in the
> > > > > > > > client could be rather minimal. Like the client and server
> > > > > > > > relationship is only this is a paying customer that gets a
> > > > > > > > VPN access and the server has no idea what type of client
> > > > > > > > or implementation that are the peer. This basic use cases
> > > > > > > > will deploy with an addressing architecture that makes it
> > > > > > > > much less vulnerable to malicous intent on the routing
> > > > > > > > level.
> > > > > > > > 
> > > > > > > > So, can we please discuss what assumption we have on the
> > > > > > > > client and server trust? 
> > > > > > > > 
> > > > > > > > I also think your attempt to sweep the addressing schemes
> > > > > > > > to be used by the servers under the rug and not disucss
> > > > > > > > them have hurt the understanding. I at least have been
> > > > > > > > guessing on possible deployment scenarios rather than that
> > > > > > > > we have openly discussed them in the WG. Yes, they maybe
> > > > > > > > not need to be detailed in the protocol solution or an
> > > > > > > > arhcitecture document, however they would have made sense
> > > > > > > > to have some addressing deployment scenarios in this
> > > > > > > > requirement documents use case section to make clear what
> > > > > > > > would have been intended. Because they do influence what is
> > > > > > > > needed for the solution. 
> > > > > > > > 
> > > > > > > > Cheers
> > > > > > > > 
> > > > > > > > Magnus
> > > > > > > > -- 
> > > > > > > > Masque mailing list
> > > > > > > > Masque@ietf.org
> > > > > > > > https://www.ietf.org/mailman/listinfo/masque
> > > > > > > 
> > > > > > > -- 
> > > > > > > Masque mailing list
> > > > > > > Masque@ietf.org
> > > > > > > https://www.ietf.org/mailman/listinfo/masque
> > > > > 
> > > > > -- 
> > > > > Masque mailing list
> > > > > Masque@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email