Re: New Version Notification for draft-dawkins-quic-what-to-do-with-multipath-03.txt

Paul Vixie <paul@redbarn.org> Fri, 08 January 2021 07:46 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 901133A10A4 for <quic@ietfa.amsl.com>; Thu, 7 Jan 2021 23:46:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.161
X-Spam-Level:
X-Spam-Status: No, score=-2.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YanzQErENx84 for <quic@ietfa.amsl.com>; Thu, 7 Jan 2021 23:46:15 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA79C3A0CAC for <quic@ietf.org>; Thu, 7 Jan 2021 23:46:13 -0800 (PST)
Received: from [IPv6:2001:559:8000:c9:4514:5237:4f51:14aa] (unknown [IPv6:2001:559:8000:c9:4514:5237:4f51:14aa]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 16DBDC3F02; Fri, 8 Jan 2021 07:46:11 +0000 (UTC)
Subject: Re: New Version Notification for draft-dawkins-quic-what-to-do-with-multipath-03.txt
To: =?UTF-8?Q?Mikkel_Fahn=c3=b8e_J=c3=b8rgensen?= <mikkelfj@gmail.com>
Cc: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>
References: <160998952719.13932.9365244706084056888@ietfa.amsl.com> <CAKKJt-fP8AKK4FmL7jj84OoRYhaJfcQtmsGinKSEkX68ki4bfQ@mail.gmail.com> <E34000E5-CA6A-446F-863B-E065F51F9A96@gmail.com>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <593fba51-ca8c-61bf-d234-61b187bf87dc@redbarn.org>
Date: Thu, 7 Jan 2021 23:46:09 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/7.0.43
MIME-Version: 1.0
In-Reply-To: <E34000E5-CA6A-446F-863B-E065F51F9A96@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/3q9DhYPZHA64P24cMIw0suTkJqc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2021 07:46:19 -0000


Mikkel Fahnøe Jørgensen wrote on 2021-01-07 09:17:
> ...
> 
> From a quick read, I believe you have captured many relevant use cases
> but perhaps the document does not capture the concerns related til NAT
> translation and firewalls.
> 
> ...

i'm not sure enterprise concerns such as NAT or firewalls are important
to this audience. QUIC is policy-immune by design, and those of us who
operate secure private networks (schools, enterprise, military, police,
and many homes) are expecting to simply deny UDP and force the use of an
outbound proxy.

i'd love to be wrong, but section 3 of
https://quicwg.org/ops-drafts/draft-ietf-quic-manageability.html seems
clear as to the intended entropy level and that this level really is
intentional. unfortunately for me as a security private network
operator, my needs in this regard are the same as russia's.

see also:

https://slate.com/technology/2020/09/russia-internet-encryption-protocol-ban.html

vixie

-- 
Sent from Postbox
<https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>