Re: [Pearg] I-D Action: draft-irtf-pearg-censorship-04.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 24 July 2020 13:09 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31A7B3A0A41 for <pearg@ietfa.amsl.com>; Fri, 24 Jul 2020 06:09:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-AF4rfqH6Qt for <pearg@ietfa.amsl.com>; Fri, 24 Jul 2020 06:09:33 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66C8B3A09B4 for <pearg@irtf.org>; Fri, 24 Jul 2020 06:09:33 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id D01A7280504; Fri, 24 Jul 2020 15:09:30 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id C9A58280668; Fri, 24 Jul 2020 15:09:30 +0200 (CEST)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id C1E89280504; Fri, 24 Jul 2020 15:09:30 +0200 (CEST)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id B3E66642C582; Fri, 24 Jul 2020 15:09:30 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id 57E73401F4; Fri, 24 Jul 2020 15:09:30 +0200 (CEST)
Date: Fri, 24 Jul 2020 15:09:30 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Joseph Lorenzo Hall <hall@isoc.org>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, "pearg@irtf.org" <pearg@irtf.org>
Message-ID: <20200724130930.GA22817@nic.fr>
References: <159466596628.22724.642459259274073600@ietfa.amsl.com> <BY5PR06MB6451513C274911A1F5897F5CB1600@BY5PR06MB6451.namprd06.prod.outlook.com> <20200721152104.GA26448@nic.fr> <3164714D-F19E-4652-B167-43111CE3A376@isoc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <3164714D-F19E-4652-B167-43111CE3A376@isoc.org>
X-Operating-System: Debian GNU/Linux 10.4
X-Kernel: Linux 4.19.0-9-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Bogosity: No, tests=bogofilter, spamicity=0.000040, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.11.5.63017
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/JOGP5HS1Fa0I8scYwd33yBWD1bU>
Subject: Re: [Pearg] I-D Action: draft-irtf-pearg-censorship-04.txt
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 13:09:35 -0000

On Thu, Jul 23, 2020 at 09:46:21PM +0000,
 Joseph Lorenzo Hall <hall@isoc.org> wrote 
 a message of 213 lines which said:

> Would you recommend “it is possible”? And to what extent do we know
> that people implement what RFC 5961 describes?

My guess (just a guess) is that all TCP stacks do it for a long
time. I'm not aware of hard data about that.

> > This in-window recommendation is important, as if it is
> > implemented it allows for successful Blind RST Injection attacks
> > [Netsec-2011].
> 
> > Not clear.
> 
> Due to the RFC 5961 comment above? Do you want us to put in a “(Note
> that if [a network? a server?] implements the protections against
> blind TCP injections in RFC 5961 [it is much harder to accomplish]”
> or something?

It's simply that I cannot parse the english text in the draft.