Re: [Secdispatch] Introducing MASQUE
Töma Gavrichenkov <ximaera@gmail.com> Mon, 18 March 2019 22:23 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F4161311CA for <secdispatch@ietfa.amsl.com>; Mon, 18 Mar 2019 15:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uT2ejftstx6T for <secdispatch@ietfa.amsl.com>; Mon, 18 Mar 2019 15:23:20 -0700 (PDT)
Received: from mail-yw1-xc2d.google.com (mail-yw1-xc2d.google.com [IPv6:2607:f8b0:4864:20::c2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9566C131287 for <secdispatch@ietf.org>; Mon, 18 Mar 2019 15:23:20 -0700 (PDT)
Received: by mail-yw1-xc2d.google.com with SMTP id w66so14278300ywd.4 for <secdispatch@ietf.org>; Mon, 18 Mar 2019 15:23:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sCe6Cn31E21grUlZBtbbTrdSTOo3ETQpc43sxq/Gtqw=; b=AjnHPWJCrKl2mcIDM6Nt5X3uFkoA62gQfzv/zKovgSGYXRSanP7NLWxVsONaJ8ZgaC bwdHGPnJY+3LuMn/qlhaHBXMmC4qyMJk7ssEuEF2wknywDKl7AVjT8dt7vppSs0ajArQ 5/fd8gojyu+jBG1gbfClz1mH52MIJD/YQw60ybgBhOI930DI0ClLEdBid5VNEX7dWnFF c1y+KkRRfE2simfljXBIQAc75tnoTe8t6ZT0tT847qgLqwnIoJS7tV04CnrChIpld23A 0tfc3Zu0+bjU7+pyzJRmReMwUQyv9LExV1sLxO9mWkDqjszRJTBkJBrlSNywfWpRyWUB 4cJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sCe6Cn31E21grUlZBtbbTrdSTOo3ETQpc43sxq/Gtqw=; b=f4H5UAhPuNSIIpXcHEnMuzzMi/vVwJFJEeY0bmeIrdmv/vb04a872AjYW25Tvvzexg Yz/alp80FTu3C7+Yro8ADsc3yBgxJw2HLLgeAwI3uRSAjoCx6J+RRx2nGHPl51+XHspN vt+bNXgD6BWzM3GZds3cPLkw5gQe64CyBGIynjg0DN+MrX4qPcLC+ZaeYA65g9zvSQJn BpOO/X5URRZrlpXSySxYEvr0nON+TGf2OCaE8BE3fRxlG0sBzglbi0mHn3VJ2etnI75F bL6YmM4OlTMxAZ7yA5fa7pZzYlR/qCe7eOBYymikEpTeDanW8K/p4fwFvgfYj/4FERvy HuuA==
X-Gm-Message-State: APjAAAUiGFsXSjN0dQ2tLLjAsezjzuWCL23lwOen2L1C7hxPl7EbLG3p bwxDRaACi527Fh+V6Kqd+fWvkKxcdi2mbjkoNoM=
X-Google-Smtp-Source: APXvYqwMzPiJGaT+c9K6+lwrzpPXiHlx5NYFhAN358m4wIYc7feK9Ea8vYrFo+GA41EcuJcX44loxplU6edXiHSrWec=
X-Received: by 2002:a81:3055:: with SMTP id w82mr7021204yww.133.1552947799580; Mon, 18 Mar 2019 15:23:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAPDSy+4vWgCWU_Vmk=WJj+JTOi0-maB04QY8yWLmemiuYsmGQQ@mail.gmail.com>
In-Reply-To: <CAPDSy+4vWgCWU_Vmk=WJj+JTOi0-maB04QY8yWLmemiuYsmGQQ@mail.gmail.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Mon, 18 Mar 2019 23:23:06 +0100
Message-ID: <CALZ3u+ab0irfBajbxDD7yzx5Cu_aUqtr=n4cRU5MUyg-CNCsag@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: secdispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2e571058465d502"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/srZlBNm3lCp9_P1XDeRdorGHz_U>
Subject: Re: [Secdispatch] Introducing MASQUE
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 22:23:30 -0000
Interesting! My instant suggestion is to dedicate some effort to allow the performance issues of the VPN server to be observed by the HTTP frontend (after decryption obviously). Otherwise you may have the same issue we have now with Websockets: if a targeted app layer DDoS brings a WS server down, it's almost non-traceable in the HTTP access log. Aiming for that should be complicated but would allow for better DDoS resilience, which would be valuable for those individuals hosting HTTP/2-3 servers you're targeting. -- Töma
- [Secdispatch] Introducing MASQUE David Schinazi
- Re: [Secdispatch] Introducing MASQUE Töma Gavrichenkov
- Re: [Secdispatch] Introducing MASQUE David Schinazi
- Re: [Secdispatch] Introducing MASQUE David Schinazi