IETF Logo Mail Archive

Re: [Spud] endpoint control

Brian Trammell <ietf@trammell.ch> Wed, 22 June 2016 10:45 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A60412B038 for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 03:45:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oC5v1-KzNGHn for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 03:45:28 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 962A612B004 for <spud@ietf.org>; Wed, 22 Jun 2016 03:45:28 -0700 (PDT)
Received: from [IPv6:2001:67c:10ec:2a49:8000::b9] (unknown [IPv6:2001:67c:10ec:2a49:8000::b9]) by trammell.ch (Postfix) with ESMTPSA id BBC3F1A1442; Wed, 22 Jun 2016 12:44:56 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_C7315F2D-1443-499C-AB8F-5AB3CFB2FDA6"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <F6C28B32DA084644BB6C8D0BD65B669DC0C8F5@NKGEML515-MBX.china.huawei.com>
Date: Wed, 22 Jun 2016 12:44:55 +0200
Message-Id: <C9C09C19-F620-47BC-91C2-00A351E65C2E@trammell.ch>
References: <F797C2D5-3FF6-496F-98FB-0487E5573B2A@gmail.com> <57690A66.3050502@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C7D3@NKGEML515-MBX.china.huawei.com> <095C2E5D-D235-4017-91E2-9B437D8DBDD0@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C8F5@NKGEML515-MBX.china.huawei.com>
To: Youjianjie <youjianjie@huawei.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/2kwL_llCYfZBaVsTf58LJQ2KTbM>
Cc: Aaron Falk <aaron.falk@gmail.com>, spud <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 10:45:31 -0000

> On 22 Jun 2016, at 11:35, Youjianjie <youjianjie@huawei.com> wrote:
> 
> Hi Brian,
> 
> Thanks for your prompt reply. Please see my comments below:
> 
>> -----邮件原件-----
>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>> 发送时间: 2016年6月22日 16:56
>> 收件人: Youjianjie
>> 抄送: Aaron Falk; spud
>> 主题: Re: [Spud] endpoint control
>> 
>> hi Jianjie,
>> 
>>> On 22 Jun 2016, at 09:09, Youjianjie <youjianjie@huawei.com> wrote:
>>> 
>>> Hi Brian,
>>> 
>>> (1) For forward signaling, the sending endpoint must place "scratch space" in
>> the packet with a label on it stating that it's okay to modify; this
>> okay-to-modify state is enforced by a MAC which only verifies the length but
>> not the content of the scratch space.
>>> 
>>> Could you please elaborate how a MAC is used to enforce the okay-to-modify
>> state? Is it only applicable to L2 network?
>> 
>> Sorry, acronym collision. Here MAC = message authentication code, not
>> medium access control.
>> 
>>> Is it a designed field in the PLUS header?
>> 
>> There isn't a "PLUS header" yet; we're only talking about potential
>> mechanisms that could be implemented within one. Here, the idea is that you
>> have some encoding that allows you to place labeled data in the PLUS header
>> (from the SPUD prototype experience, we like CBOR, but this is a technical
>> detail).
>> 
>> Some of the types/keys in this data structure are designated end-to-end, and
>> some of the types/keys are designated path-modifiable.
>> 
>> The MAC is generated by the sending endpoint using a secret shared by both
>> endpoints, and covers:
> 
> How is the secret shared between both endpoints? The endpoints need to establish a connection to exchange keys?

Yes. This is assumed to be provided by the superstrate transport.
> 
>> (1) the presence and content of end-to-end PLUS header information
> 
> Do you mean that this information is encrypted using the shared secret? Only both endpoints can know the content?

No, the MAC is generated using the shared secret, so that it cannot be forged by on-path devices. The information itself is in the clear.

Cheers,

Brian

>> (2) the presence and length of path-modifiable PLUS header information, by
>> treating the content as a length-N byte array of zeroes.
> 
> How does the middle-box along the path interpret the PLUS header? Does the middle-box also need the secret? I used to think middle-box is transparent.
> 
> Thanks,
> Jianjie
> 
>> This MAC is then transmitted from the sender to the receiver in encrypted
>> form.
>> 
>> Additional MACs may also protect bits of the IP and UDP header, in order to
>> detect NAT and other sub-PLUS modifications, but these are outside the scope
>> of this question.
>> 
>> Cheers,
>> 
>> Brian
>> 
>> 
>>> 
>>> Thanks,
>>> Jianjie
>>> 
>>> 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
>>> 发送时间: 2016年6月21日 17:36
>>> 收件人: Aaron Falk
>>> 抄送: spud
>>> 主题: Re: [Spud] endpoint control
>>> 
>>> hi Aaron,
>>> 
>>> On 06/20/2016 11:38 PM, Aaron Falk wrote:
>>> Hi Brian-
>>> 
>>> In the charter and the draft-trammel-spud-req it says
>>> 
>>>   Both endpoint-to-path and path-to-endpoint signaling happen
>>>   completely under endpoint control.
>>> 
>>> Without additional elaboration, one could conclude that, e.g., permission is
>> required before a path could signal to an endpoint.  Alternatively, it could be
>> implying an endpoint has the freedom to ignore any signaling from the path.
>> I have been assuming the latter.  But now I wonder if you are intentionally
>> attempting to permit the former.  Could you clarify?
>>> 
>>> Our intention is the former: that permission is required before the path can
>> signal to the endpoint. We have two mechanisms we've been thinking about
>> for this:
>>> 
>>> (1) For forward signaling, the sending endpoint must place "scratch space" in
>> the packet with a label on it stating that it's okay to modify; this
>> okay-to-modify state is enforced by a MAC which only verifies the length but
>> not the content of the scratch space.
>>> 
>>> (2) For direct reverse signaling, a path element may not send a direct reverse
>> signaling packet to a sender unless it has also dropped a forward packet from
>> the sender to receiver. This second mechanism is less about permission and
>> more about reducing the attractiveness of PLUS for amplification/reflection
>> attacks.
>>> 
>>> In any case, endpoints (and path elements) can ignore whatever they want to
>> from the PLUS-exposed information; it's what's in the encrypted transport
>> layer headers that matters to the transport protocol on the endpoint.
>>> 
>>> Cheers,
>>> 
>>> Brian
>>> 
>>> 
>>> Thanks,
>>> 
>>> —aaron
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Spud mailing list
>>> Spud@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spud
>>> 
>

v2.23.0 | Report a Bug | By Email