IETF Logo Mail Archive

Re: Back to work

Christian Huitema <huitema@huitema.net> Thu, 29 October 2020 00:41 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7833A03F8 for <quic@ietfa.amsl.com>; Wed, 28 Oct 2020 17:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.136
X-Spam-Level:
X-Spam-Status: No, score=-2.136 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XDjqoknbegSU for <quic@ietfa.amsl.com>; Wed, 28 Oct 2020 17:41:21 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18AF93A03F4 for <quic@ietf.org>; Wed, 28 Oct 2020 17:41:20 -0700 (PDT)
Received: from xse364.mail2web.com ([66.113.197.110] helo=xse.mail2web.com) by mx37.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kXw07-0001fW-V6 for quic@ietf.org; Thu, 29 Oct 2020 01:41:16 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4CM67M3mD3zSY5 for <quic@ietf.org>; Wed, 28 Oct 2020 17:41:03 -0700 (PDT)
Received: from [10.5.2.16] (helo=xmail06.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kXvzz-00089U-Dr for quic@ietf.org; Wed, 28 Oct 2020 17:41:03 -0700
Received: (qmail 9501 invoked from network); 29 Oct 2020 00:41:02 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.139]) (envelope-sender <huitema@huitema.net>) by xmail06.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mt@lowentropy.net>; 29 Oct 2020 00:41:02 -0000
To: Jana Iyengar <jri.ietf@gmail.com>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, Eric Kinnear <ekinnear@apple.com>, Martin Duke <martin.h.duke@gmail.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, "quic@ietf.org" <quic@ietf.org>, Martin Thomson <mt@lowentropy.net>
References: <0f150dec-e408-48bf-8e54-05e3e96e7a85@www.fastmail.com> <CALZ3u+a1fBq1MB52H-h-JYY=OOkOo9=jEu7smNVeyy_9U3abEw@mail.gmail.com> <CAKcm_gNoB=nP050VRfw5MXAAw-HhpnKHp6pAx9onaA4a5CH5-Q@mail.gmail.com> <b80cf41524865c171712bfcfca7ef92e2a472044.camel@ericsson.com> <efe63bdf-7af2-49c0-932d-3a36de61bdd6@www.fastmail.com> <41A07550-1BFA-43E6-83A0-93FA96DF1E9B@apple.com> <CAN1APddS_qtMoUiUL9uwtAB3rXuAQ0NmiipXGDkS4hcA5od6Ag@mail.gmail.com> <CAKcm_gOcuuF_REWszJyYC6eO6swavMD3D9VnzgJTHEwEAXOsnw@mail.gmail.com> <CAM4esxT2kD6U-Hb5cOSfykBPvTmboEozqqiYiFF63ywxstm-LQ@mail.gmail.com> <CAKcm_gPzEgEssO3LMyW=t9tvbsRrLQBJ7M=2mxySs3H-YUXF5A@mail.gmail.com> <CACpbDceKFAVZ=Vrvj8ZoOj95TNfkCqNrpLh8FOBMBUBU=Qx_eQ@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Subject: Re: Back to work
Message-ID: <cc9aca43-7556-7fed-8ef8-1b5343316a0d@huitema.net>
Date: Wed, 28 Oct 2020 17:41:04 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <CACpbDceKFAVZ=Vrvj8ZoOj95TNfkCqNrpLh8FOBMBUBU=Qx_eQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Originating-IP: 66.113.197.110
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0QBfAh7lyK8tB8mq1asnDr6pSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDcnqpk5VeF3xR4kF6iVwRtbgN zB/4Jkrw1eDLcif59fup83aRNjd2/owqmWpyCC2RU7Tmz6iKnkQL9gqsxD347235Nhqq+/HvroPq 8GSPg+7KJix/R2qbtdH2ZflMjNgfMm/JD3cPBOX47Hg3FEpDo46jSvfpO+1kZkomjtjB6X5Q5Q9f RUeIpTIC2ySfqvnqLwoxlgatmaBb0rBiK9xbkDrUqzcKIief90MVLZY9LbIZh9+IQ1oS9LBn3VIP 95Jz7ujRlJ9wSMlhvaudJXZ9EIBG/qaR+8r9SKFMmPJLf850OvZYsmoVQuOIhwKLK6IKBNB4LZ0v UHHKTzJX7b1JhLSQQ4vSj0QEim26t/Moy0UPX5E73H1QfrH/5kkrV/Cr0bm2vWdo8usP65i82q1C dZgGrpL44wdx9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3fuQgzT3K9JUHTNiGwfwAm8uxudTmRSSR gqqNVpnFkE5IXA1bfgtGK8j6wb1ftp2zZy7aF2mzHk2IwZyWbmQDfJo5ZkB7uEeEfaxq34LJzVrv 5pWb82qAoDl3ILGSF0vmDvI0DEihOd7XzCAIcFZdY11677oPXF7r5zsW33ZNliqbq1iQQhopQxqA dW22RV24iihKhcfplpyCL1+lhImyRhqf27VeHOkXe82afzWlDIsqcBi9XZIrdpukXhpDgtjDHHAS JNUmoOHSoqgqxfHmWRWcrRhLeB34s3hUb32GO+20x4h97zkd9V5lHNw3T/hy08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/jWxJYbGLc641AZh4-f3slEFfbAI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2020 00:41:23 -0000

On 10/28/2020 5:17 PM, Jana Iyengar wrote:
> I like the universality of the 3x limit. The reasoning applies broadly
> and there's no reason to separately reason about how a server responds
> to new addresses, be it at the start of a connection or
> mid-connection. Overall, I have a few minor suggestions to make, but
> I'm happy with the way the PR is headed.


I think that we can devise proper solutions for "organized migrations",
such as requiring both receipt and acknowledgement of a long enough
packet before validating a path. I am not going to belabor that. But NAT
traversal is a can of worms, and some of the norms are going to bite us.

I order to support NAT traversal, we request servers to take action if
they see a packet arriving from a new address of the client. This opens
a huge hole through which enterprising MOTS or "specially crafted
clients" can harass servers. We have an OK defense: send a challenge to
both old and new IP to force "proof of address ownership". That defense
is OK because it uses minimal length packets, and thus does not cause
too much amplification. I think we should leave it at that, and not
force the server to send large packets. There is a need to then validate
that the path can carry traffic, which will happen naturally when the
server tries to send a large packet. But if the server only sends these
large packets after address ownership has been verified, things ought to
be quite good.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email