Re: New drafts: draft-kuehlewind-quic-manageability-00 and draft-kuehlewind-quic-applicability-00
Martin Thomson <martin.thomson@gmail.com> Wed, 22 March 2017 00:34 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA3D812940A for <quic@ietfa.amsl.com>; Tue, 21 Mar 2017 17:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0DRywMvwT_K for <quic@ietfa.amsl.com>; Tue, 21 Mar 2017 17:34:52 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64984129410 for <quic@ietf.org>; Tue, 21 Mar 2017 17:34:52 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id y76so147878000qkb.0 for <quic@ietf.org>; Tue, 21 Mar 2017 17:34:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LBLvGXIkv5snuYc4XaKAjAOFkSRl0Fl/UMlNf829Wvw=; b=uPULU9afj+Kohdg1T3QbAgx634gh4QCwWKe4pk6po4S4tMNcOd2dJ10MSgKzo7Ebct Y1JQpG7c8au+idRG6YrlrZGTLnMluV2LtBKg2ewIHDNNt0jv2TNdZBqlxNaBGQtnkiEe dTni45Nwqz8d02RgHhIbpJCIAFWI/daJ+OlzriVHKPmTqrV9emacWFXVxO7oD9p8yAdo /TzuUrjz5arsW2SMtFcutpW2i04/CS4TjXc99Mz3H9pbtgUy8oyNbH7+/gwqicnckLva QILjAY2zkRMKuqebFoI21zCX921e9TBPOjXKx7/BE8yfX3fxkHmIt9V9bDd2sIu2KkV4 UmKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LBLvGXIkv5snuYc4XaKAjAOFkSRl0Fl/UMlNf829Wvw=; b=Y6IvsuCJ4UcfjjnG5OB2CaXpmirLGbodmKpEvbrfatduLkEz8ykFUujOSBne1C4FuS iIXQIJBJMkcBxyyBdPhQnuA0eOtR2cMVZtTxP5PJrOmgo+wMB/Bgoo1+rbXEgQIrrF6w pb4qEdB+ExVR3Bjygq82ODNgsuntZIIqAFdvZMlSNzp3Jsi89d0uwsueqNFw3qTnlba7 QHF/uZWflCYXsUMc8Ump3zfYtD2uRoSeso5hhvwfXRW5yRmY3Bt02yzWuzvK1MRqQAbt Vyrzk9uSWBouNDv5KMVt7MwGLvKm2ik05KQGiFihCY9swOQKucCOsbNTNTY8Xk6J1GVh lV7A==
X-Gm-Message-State: AFeK/H0Z/s/PbmEyoNuZPPmfFUksJCHEE22ARjMtek1Nhi2ecaHXOIrjPldC/LT08g2h2FlHAjSm1miKYNkT0g==
X-Received: by 10.233.237.20 with SMTP id c20mr35024721qkg.144.1490142891498; Tue, 21 Mar 2017 17:34:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.27.194 with HTTP; Tue, 21 Mar 2017 17:34:50 -0700 (PDT)
In-Reply-To: <771e4500-02bc-53cc-fb3c-543c9ebc39e2@huitema.net>
References: <8F3C60B8-BB54-422A-8E48-747CE3F43CC0@tik.ee.ethz.ch> <CABkgnnVN9fddRpVCu0EPtA1aFED0wMDP0oFC78VPcCgQSv5K5w@mail.gmail.com> <58b235ad-a9bb-d453-0157-f874687ae241@tik.ee.ethz.ch> <CABkgnnWm5scJHEc4wv_Yj3WosJibXnc+PvyaiY_hrVLkMzFb6Q@mail.gmail.com> <771e4500-02bc-53cc-fb3c-543c9ebc39e2@huitema.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 22 Mar 2017 11:34:50 +1100
Message-ID: <CABkgnnVLGcPB5_Kt73O+Xuarx9g98iGQzNtP9XnGuysxdDXSaQ@mail.gmail.com>
Subject: Re: New drafts: draft-kuehlewind-quic-manageability-00 and draft-kuehlewind-quic-applicability-00
To: Christian Huitema <huitema@huitema.net>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/6kiLasjOmHZaYwfO1Brl-kQoyO8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 00:34:54 -0000
On 22 March 2017 at 10:30, Christian Huitema <huitema@huitema.net> wrote: > I am not sure that security expectations for DNS over QUIC should be > lower. I would expect DNS over QUIC to match the security of DNS over > TLS (RFC 7858). I did assumed that that did not exist, which might be unfair. > We need consider the "game theory" aspects of any downgrade. If we allow > fall back to a non encrypted alternative, then we reward the attackers. > They block QUIC, observe the protocol silently switching to clear text, > get access to the data that they are seeking, and all that without > causing too many customer complaints. On the other hand, if blocking > QUIC just blocks the service, customers will complain, to the service > providers of course, but also very quickly to the intermediaries that > set the block. For these blockers, the support cost will be much higher. > And that means they will be less likely to block random services. An excellent point. Though you are condoning a denial of service attack of a sort. Not sure where I stand on the morality of that.
- New drafts: draft-kuehlewind-quic-manageability-0… Mirja Kühlewind
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Mirja Kühlewind
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Christian Huitema
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Mirja Kühlewind