Re: [quicwg/base-drafts] address-based access control (#2279)
Martin Thomson <notifications@github.com> Mon, 31 December 2018 06:32 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49E0D1277D2 for <quic-issues@ietfa.amsl.com>; Sun, 30 Dec 2018 22:32:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1pjwkwDRvi7G for <quic-issues@ietfa.amsl.com>; Sun, 30 Dec 2018 22:32:48 -0800 (PST)
Received: from out-15.smtp.github.com (out-15.smtp.github.com [192.30.254.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B38DB1276D0 for <quic-issues@ietf.org>; Sun, 30 Dec 2018 22:32:48 -0800 (PST)
Date: Sun, 30 Dec 2018 22:32:48 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546237968; bh=eqvJc543ozigt4Lkm9D8x0QZrYowVPPXb7FWOMHRh/I=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wveKRIv2YAfqXMsaZozH15/V573I1h13aI6/kOVncX5kKFZqFIApg2UjZ18+d5K8S rxUwqrNpo6FQ+UYvPr44DenR38E0MwNmca2tHgCe8LvTfJl5/1+dsIUBbnKVlDJnvf K89Z47GEkU4186BptH6YlhyIIbOlP8hDW18OL1k8=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab6cab891472e01cb399798c8da74d8fa790c6b6f892cf0000000118417a1092a169ce178a34b7@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2279/450612881@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2279@github.com>
References: <quicwg/base-drafts/issues/2279@github.com>
Subject: Re: [quicwg/base-drafts] address-based access control (#2279)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c29b8102901c_4e333fbef2ed45b81048155"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/j1ghYZji91nov4-P57GLlepLNOw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Dec 2018 06:32:50 -0000
Marking editorial because I don't see a concrete change as a result of this, more likely just advice, but this could flip. One of the greatest pieces of baggage in HTTP is source-address-based ACLs. I understand their value in DoS mitigation, but this issue implies something greater than that. I hope that you don't mean as a substitute for authentication, but more part of a more comprehensive "your IP address is bad and you should feel bad, so here's a 4xx/5xx". If we are talking about reputation for DoS mitigation, and a connection on a "good" address moves to a "bad" address, I would probably recommend against a change in treatment in all but extreme cases. If you are using IP address as a proxy for physical location - which is a bad idea in general, but might be justifiable in terms of defense-in-depth strategies for high-value resources under conditions you control. If your client moved outside that area, then you will need to consult your local policy. Some policies could say "don't accept the packets", which is the most robust response, but it makes the HTTP status code somewhat irrelevant. Clients in those contexts will want to be locked to the one network interface somehow. The question is whether we might want to help the client avoid accidental address changes with an explicit signal. I'm going to suggest that the answer is "no". -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2279#issuecomment-450612881
- [quicwg/base-drafts] address-based access control… Kazuho Oku
- Re: [quicwg/base-drafts] address-based access con… Martin Thomson
- Re: [quicwg/base-drafts] address-based access con… Kazuho Oku
- Re: [quicwg/base-drafts] address-based access con… janaiyengar
- Re: [quicwg/base-drafts] address-based access con… ianswett
- Re: [quicwg/base-drafts] address-based access con… Kazuho Oku
- Re: [quicwg/base-drafts] address-based access con… Mike Bishop