IETF Logo Mail Archive

Re: Should QUIC have a path-verifiable proof of source address?

Christian Huitema <huitema@huitema.net> Wed, 31 May 2017 20:09 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46FF11270A0 for <quic@ietfa.amsl.com>; Wed, 31 May 2017 13:09:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Level:
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdohJPfan6w8 for <quic@ietfa.amsl.com>; Wed, 31 May 2017 13:09:46 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78449120725 for <quic@ietf.org>; Wed, 31 May 2017 13:09:46 -0700 (PDT)
Received: from xsmtp02.mail2web.com ([168.144.250.215]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1dG9w7-0006mi-Ju for quic@ietf.org; Wed, 31 May 2017 22:09:43 +0200
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1dG9w4-0000ya-M9 for quic@ietf.org; Wed, 31 May 2017 16:09:41 -0400
Received: (qmail 30869 invoked from network); 31 May 2017 20:09:39 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.56.42.129]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 31 May 2017 20:09:38 -0000
To: quic@ietf.org
References: <179F2CCB-89DB-4E6E-9175-F850F89B4E5F@trammell.ch>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <30eb5292-ac11-9772-b088-03b1f2fe372b@huitema.net>
Date: Wed, 31 May 2017 13:09:19 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <179F2CCB-89DB-4E6E-9175-F850F89B4E5F@trammell.ch>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="p8qehSwAAe6bnVNGNL65EqJdO13TseC0i"
Subject: Re: Should QUIC have a path-verifiable proof of source address?
X-Originating-IP: 168.144.250.215
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.28)
X-Recommended-Action: accept
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlVTHAar8Je/lORhy3PZJU8LERWeKKG4PAQY Nyavp7c49MJIIgmXWciG0xIgIHG/MnhTugiLDom8V25hond3K4RsO76XSTAwtV4mg4i2ouCDa4AU hvIWAV5xUW/+gAh4vXpLBbS4XiOO2BtzoPdv/NNfRcOb18WfxGyg6Om6u4YYm+JRzuI0KxQPUDde kimNQWo5hjoyEb9Oq0NWpyO3vrfYKtU04a0dsdHkKEFmS31kUD3dKxLhoxcmaInYbR5vlqGudzLe k2TYFBStSOMccbr5Uz0sPgnpAk2KA2vJwMd1uWhCmLzOxTAcQmFWVARhgNqBNFD3an3wiMp49rVr ybSBkye6uEH7Y2FUSOL4rzI+g3TFgIfDMShmlQFqCr5hA8xAXSGwpLGc/Znuh3MoIpK01d1deOI5 CyvhtUNd0D+8CrbRF0J+AL6gRRwFcty0/RGJ+cv73CChOPjKA0/DVd83mzKXD5o/Ia+BqyQ7Q0nt IZ2PVtMHd8bHCmdzlxzVIEgwyGTHIAoNFX+jcW7DGmdE6eBVl9/A6GtGi+mfMSANmgQ9/T0zHbtC pLbhgZ6Z/Qhqxiuap5uKiBpffUsHYsfmrbtbs8GJuRKR6hnrta1usy6F/SOWlhnS7qkS/mOkSgD5 8bDUIriOSOQTK7vaz2jBsjp0rjSY76LAIHA6cW4Oa9r4/WJ1RLWJwzRV9d3nJc5yB/JkQGYxSR77 rOmXOEHrxdwDV/LdQk4Dnvnv/o4ZpIN8Tfe43vaXKX/yihCEqxIlRZaHuAWSnHeK3PdSA6Q+2n/k rhIYlNMbfS0wdTtG+3pSiCKkaAoX/nv7Y+HHGvPcu6wTHpnlfUs9BUPj1rZ3
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/c0Jj1SWIzJfPyESRB72iTl65UGA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2017 20:09:48 -0000


On 5/31/2017 4:53 AM, Brian Trammell (IETF) wrote:
> "Shoud QUIC allow devices on path to distinguish QUIC traffic with valid source addresses from traffic with spoofed source addresses?"

Brian, I am not sure I understand your requirement. Do you mean
something like the reachability verification implicit in the three ways
handshake of TCP? Or do you mean some kind of cryptographic proof that
the device is allowed to use the source address?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email