IETF Logo Mail Archive

Re: [quicwg/base-drafts] Guidance for port number use (#495)

Mike Bishop <notifications@github.com> Thu, 04 May 2017 18:37 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A205A1200C1 for <quic-issues@ietfa.amsl.com>; Thu, 4 May 2017 11:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqUPMbgOnjll for <quic-issues@ietfa.amsl.com>; Thu, 4 May 2017 11:37:12 -0700 (PDT)
Received: from o10.sgmail.github.com (o10.sgmail.github.com [167.89.101.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23C561293FF for <quic-issues@ietf.org>; Thu, 4 May 2017 11:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=kF1JtGhSoRGxK0EWoKmdpjoD/B0=; b=mRZk9lWUL34fkDbd PUX8Xeg+fe8Sjtkf0M6YIiv3UuO9GrWgVkH2kpdwJPbOSe9KNIihqup+Wi2Kpyjs ieWHpssGsxaNzUJJe+MrMVAFtMjWVRQwobjeXn5pHdeSK+aUzULQWVDkQTdVBKZ2 D7HcNGwcypqznxcwp7M1NmoC3xE=
Received: by filter0847p1mdw1.sendgrid.net with SMTP id filter0847p1mdw1-22205-590B74BD-2C 2017-05-04 18:36:45.340118398 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0002p1iad1.sendgrid.net (SG) with ESMTP id wKh00v9bQCqly7zehgTSAQ for <quic-issues@ietf.org>; Thu, 04 May 2017 18:36:45.260 +0000 (UTC)
Date: Thu, 04 May 2017 11:36:45 -0700
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab927ba8aa2882ff3dc248bfe310716495ddb253f792cf00000001152336bd92a169ce0d78bf28@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/495/299272272@github.com>
In-Reply-To: <quicwg/base-drafts/issues/495@github.com>
References: <quicwg/base-drafts/issues/495@github.com>
Subject: Re: [quicwg/base-drafts] Guidance for port number use (#495)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_590b74bd18eda_662a3fdc87ec5c2c108469"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2MfOdSyWFTWoBL1I8Cpk44t/CFb9ef0wKKoJ B8n1p17nQLJ2fYUxtUBq3KEFvKimzaivR9sKUIjYr6BXqvR8I5E22S7yVkjGAqJeVp3Znvc0wr5rTR 9NnO1Wbe3XLLd7U5X4O02VUP6FZ8PEtr+rMzcp13gu3qnHA1VCQfvxCxWKwlrjLgomVXepBxBVGksY E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/DrCiiQm6qW3nXqxFvPbqquKWVYE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 18:37:14 -0000

> Run a server as non-root....

This is a separate issue again.  By using Alt-Svc to find the HTTP/QUIC endpoint, we're still requiring that the authoritative server be on **TCP** 80 or 443.  Which means you still need whatever privileges are required to do that, at least on the authoritative endpoint.  Sure, you can run alternatives with less privilege, but that doesn't help the "vulnerabilities in low-budget webservers."

> Multihosting QUIC on IPv4 without SNI....

This seems already achieved by your pull request.  By highlighting that the alternative can be on any port, the CDN is free to use ports however it wants, including handing out individual ports to individual origins.  Of course, there's the grease piece of this, in that if it's not actively exercised, it's unlikely to keep working, so *someone* should start doing this early.

> Do P2P QUIC without fighting network ossification.

This, to me, is the big argument for a "SHOULD randomize" suggestion for server operators.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/495#issuecomment-299272272

v2.43.4 | Report a Bug | By Email | System Status