Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Dino Farinacci <farinacci@gmail.com> Wed, 04 January 2023 20:00 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 018B4C13612A; Wed, 4 Jan 2023 12:00:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVwqBqOaXYqw; Wed, 4 Jan 2023 11:59:57 -0800 (PST)
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2C0EC14F74E; Wed, 4 Jan 2023 11:59:57 -0800 (PST)
Received: by mail-pj1-x1029.google.com with SMTP id o2so31754918pjh.4; Wed, 04 Jan 2023 11:59:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FWUi0mjePmHW29HwxAtF9mr/i/wzDE/Ml2ytKzstLms=; b=lZy3Qs7wYvnfBgFFFNd3Dv+wwqXIDw+t0lSXSA99OevpAHDXqf9yuxEt1UYCgv7Z2C cVBinGucT0ZxRXc6fuaHsweFyoerMvJ6BnoYnXkS4cSw3tzEms5+9WA/E4ZEsovubk6B 3vVb60gMt2kFguttZU/ppA+2VGZaFllyFqr1umIei35NB/XkhWhg4RgsSmcoOqyafmMq I12826yS1eUI7fjT+moF6ozHr9SgmzJM5mUunpJ47NQ1XTg8C7Id1kGOlvjcw4ULGpDq i7tdTjGxyiMdRltXCvtCU0CzmK4vss2ns/5mzJwY06WXBbrZX/v26Ri5F6btwkKJ3tin pyJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FWUi0mjePmHW29HwxAtF9mr/i/wzDE/Ml2ytKzstLms=; b=tPW6sn/spDhkjyNQGSIT305OGfxlyZ8+/qF8Irg3Jz4aINMw+2BC7Gtu/Z4rL3IoMy Y6pcwUADMoZxi3yt0mnTwZ66JQDNutpHX3h/0uin1yZ1+9/Q2XbjNLpFHdvhIwtwNkBm ezpNX2M/IKST3Lz8hdECbSq3wkI4Ixb8m1KDNK8TA5gBW1Mg5xZmU8JxdlXnEKBoiMEw 8PkbOnrWsPV8d+n/Cn89+BI7BVh4hnLskXgjlWveiqKcVu4xnqL1Pl2h4BXTtw+G8AO6 OXSalXb9gVxA8w1TQIkdEzUQsLz4XvC27qJrRtE1dgyE1nlLhKsvoOOBrcbkOMWLavBs pJrQ==
X-Gm-Message-State: AFqh2kpqDlyb7bEAEoi+my/KEDYJ1qbvjT0NkhMiQMV2xp0Xz+ZwaQ47 mIo25KasK+w8sMqkxxbLS70=
X-Google-Smtp-Source: AMrXdXvx7GWkwmfKUv6xqKGOOXAQ6r3Og8ZPOR9O7fe+dkh688/QEvdL+jsHPsBhtcfWjInyMoZcww==
X-Received: by 2002:a17:903:2447:b0:191:1a7c:ef9f with SMTP id l7-20020a170903244700b001911a7cef9fmr74222536pls.1.1672862397327; Wed, 04 Jan 2023 11:59:57 -0800 (PST)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id x21-20020a170902ea9500b00192a04bc621sm13196825plb.170.2023.01.04.11.59.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jan 2023 11:59:56 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com>
Date: Wed, 04 Jan 2023 11:59:55 -0800
Cc: George Michaelson <ggm@algebras.org>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, hrpc@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <EFCEFAA6-3638-4CE0-91DD-3E38FE00DF29@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com> <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com>
To: Stewart Bryant <stewart.bryant@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/VY2t9y9hj9UCLEM7IgPferaQlSQ>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 20:00:02 -0000
You need a source address for multicast, unless you use shared-trees. And the multicast working groups at the IETF have pushed SSM forward quite a bit. So source-trees prevail. Dino > On Jan 4, 2023, at 5:54 AM, Stewart Bryant <stewart.bryant@gmail.com> wrote: > > > >> On 4 Jan 2023, at 09:35, George Michaelson <ggm@algebras.org> wrote: >> >> Put a nonce source ip in the packet header and the real source as 4-16 bytes of PFS protected payload. > > Indeed we know that there is no need for an SA other than to support the most primitive types of communication or the most primitive types of detection of errors or spoofed packets. Though a spoofed SA may fall foul of the latter and cause the packet to be dropped. MPLS works fine without SAs. > >> >> Use asymmetric routing. A single point of capture which isn't close to source or destination is occluded. > > Just to note that some protocols would like path symmetry for round trip delay equalisation. NTP is a good example. However this more a wish than a promise as ECMP is not symmetr > > Indeed, picking up on the earlier note about encrypted source routing, back in the very early days of MPLS SR we speculated about obscuring the labels so as to introduce a primitive form of end to end path control with limited visibility and limited ability of nefarious nodes to send over premium paths. > > Stewart > > >> >> Can't fix a warrant tap, but can at least obfuscate for on-path. >> >> G >
- [Pearg] Ten years after Snowden (2013 - 2023), is… John Mattsson
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christopher Wood
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Brian E Carpenter
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … George Michaelson
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Niels ten Oever
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Vittorio Bertola
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brian E Carpenter
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [EXT] Re: [saag] Ten years after Snow… Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Stephen Farrell
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… bzs
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] [hrpc] Ten years after Snowden… Tony Rutkowski
- [Pearg] times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dan Harkins
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Ted Lemon
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema