Re: Should QUIC have a path-verifiable proof of source address?
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Thu, 01 June 2017 08:37 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D948E127136 for <quic@ietfa.amsl.com>; Thu, 1 Jun 2017 01:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Yy7pVEZLloW for <quic@ietfa.amsl.com>; Thu, 1 Jun 2017 01:37:52 -0700 (PDT)
Received: from virgo01.ee.ethz.ch (virgo01.ee.ethz.ch [129.132.2.226]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D53BF12706D for <quic@ietf.org>; Thu, 1 Jun 2017 01:37:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by virgo01.ee.ethz.ch (Postfix) with ESMTP id 3wdghZ1994zMpcm; Thu, 1 Jun 2017 10:37:50 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at virgo01.ee.ethz.ch
Received: from virgo01.ee.ethz.ch ([127.0.0.1]) by localhost (virgo01.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkSpduWDJXm3; Thu, 1 Jun 2017 10:37:49 +0200 (CEST)
X-MtScore: NO score=0
Received: from [82.130.103.143] (nb-10510.ethz.ch [82.130.103.143]) by virgo01.ee.ethz.ch (Postfix) with ESMTPSA; Thu, 1 Jun 2017 10:37:49 +0200 (CEST)
Subject: Re: Should QUIC have a path-verifiable proof of source address?
To: Martin Thomson <martin.thomson@gmail.com>, Christian Huitema <huitema@huitema.net>
References: <179F2CCB-89DB-4E6E-9175-F850F89B4E5F@trammell.ch> <30eb5292-ac11-9772-b088-03b1f2fe372b@huitema.net> <CABkgnnWEg0N0WYsdMzsPT--MpRSQ7g2ysu2DvwenQ+mQpo6Anw@mail.gmail.com>
Cc: QUIC WG <quic@ietf.org>
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Message-ID: <40dc8d2a-92ec-e6f1-b2b8-f4c447313cf5@tik.ee.ethz.ch>
Date: Thu, 01 Jun 2017 10:37:49 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnWEg0N0WYsdMzsPT--MpRSQ7g2ysu2DvwenQ+mQpo6Anw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Qo3H-bRoxeIe9WvyE0UKddwi47Y>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 08:37:54 -0000
Hi all, On 01.06.2017 03:29, Martin Thomson wrote: > On 1 June 2017 at 06:09, Christian Huitema <huitema@huitema.net> wrote: >> Brian, I am not sure I understand your requirement. Do you mean >> something like the reachability verification implicit in the three ways >> handshake of TCP? Or do you mean some kind of cryptographic proof that >> the device is allowed to use the source address? > > At risk of speaking for Brian, I think that this is intended to cover > the simple reachability verification implicit in TCP. That is, proof > that the endpoint was able to see a packet that was sent to their > claimed address. I just would like to note that TCP has a three-way handshake for this purpose but also during the connection you have the ack number that is visible to the network and also provides some proof that the sender is able to receive packets at the indicated source address. Mirja > > The verification provided by ICE also works. There, it's not a > three-way handshake, but two independent request/response validations. > > (I think that I see a companion to Brian's "what is an endpoint?" doc: > "what is a path?") >
- Should QUIC have a path-verifiable proof of sourc… Brian Trammell (IETF)
- Re: Should QUIC have a path-verifiable proof of s… Erik Kline
- Re: Should QUIC have a path-verifiable proof of s… Brian Trammell (IETF)
- Re: Should QUIC have a path-verifiable proof of s… Erik Kline
- Re: Should QUIC have a path-verifiable proof of s… Brian Trammell (IETF)
- RE: Should QUIC have a path-verifiable proof of s… Dave Dolson
- Re: Should QUIC have a path-verifiable proof of s… Christian Huitema
- Re: Should QUIC have a path-verifiable proof of s… Martin Thomson
- Re: Should QUIC have a path-verifiable proof of s… Brian Trammell (IETF)
- Re: Should QUIC have a path-verifiable proof of s… Mirja Kühlewind
- Re: Should QUIC have a path-verifiable proof of s… Brian Trammell (IETF)
- Re: Should QUIC have a path-verifiable proof of s… Christian Huitema
- Re: Should QUIC have a path-verifiable proof of s… Mirja Kühlewind
- Re: Should QUIC have a path-verifiable proof of s… Eggert, Lars
- Re: Should QUIC have a path-verifiable proof of s… Eggert, Lars
- Re: Should QUIC have a path-verifiable proof of s… Christian Huitema
- Re: Should QUIC have a path-verifiable proof of s… Watson Ladd