Re: [Spud] updated draft PLUS charter, rev. 1 June

Tom Herbert <tom@herbertland.com> Sat, 11 June 2016 16:23 UTC

MIME-Version: 1.0
In-Reply-To: <0216496B-9083-49B1-8778-AA150DEE8392@trammell.ch>
References: <85E24D9D-F666-49C3-A022-2F207227A153@trammell.ch> <CAD62q9UiLi1ffGPm=xEXOSH=sqZPv7hYiNBTGvAX52a9dhV8yg@mail.gmail.com> <CAD62q9U7XL8hDqY1VdzuvUvoz0Ec5DDLAS6=kaLxRExu7FY0Kg@mail.gmail.com> <86027402-2F05-4E3B-B9CD-26517A4F007C@tik.ee.ethz.ch> <A4C63A75-9D7E-430E-B986-9981FB929D46@gmail.com> <CA+9kkMBhJ2oCJ1avnGUY4NYTX0VWA_g=YoJSiLcy6u9hJnH-eA@mail.gmail.com> <57573DCF.1030402@isi.edu> <F6BE4EE1-D320-421E-9D86-2F30B2A88792@tik.ee.ethz.ch> <CALx6S35Z7iEp2F7+1PHzAe0qu9st_CNXB9GCzF278HehFiv0Qg@mail.gmail.com> <0f5628e2-a142-8d83-b427-d6b07183cb9e@isi.edu> <CALx6S35KXOioEK60p-m5tGE_H9MWbB=YhJ_sOcW0KP2vR80vvw@mail.gmail.com> <57574C38.6070402@isi.edu> <F44FFD3B-CE7E-45E8-9F04-233C56CA95A0@trammell.ch> <890FE014-D3F8-4D64-8BF8-95B3E4773075@trammell.ch> <CALx6S34jbmaV7vAxr1+-p2HW9i2oKv7Bb138MzsaP71zVh=PQw@mail.gmail.com> <76A9F36B-9C21-4268-8267-16D0D9A78834@trammell.ch> <CALx6S37uONysFMNJgUs430eFEUuNTMuhcYKtCPBPMs5W6godVQ@mail.gmail.com> <CALx6S374mn6pwrSMmEdE5p60zPOu+77+M6HkA8w43GBO1xLvFg@mail.gmail.com> <DM2PR0301MB06554C7A8277C06E0119AA7EA8500@DM2PR0301MB0655.namprd03.prod.outlook.com> <0216496B-9083-49B1-8778-AA150DEE8392@trammell.ch>
Date: Sat, 11 Jun 2016 09:23:23 -0700
Message-ID: <CALx6S37diNHjxYyC4u0U7yM0AYx27buQ=0jakLYeSoNYvmbyZg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Brian Trammell <ietf@trammell.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/4oX4ru2Oq3tqtVtcZUS_MXeTrMM>
Cc: Christian Huitema <huitema@microsoft.com>, spud <spud@ietf.org>
Subject: Re: [Spud] updated draft PLUS charter, rev. 1 June
Precedence: list

On Sat, Jun 11, 2016 at 4:49 AM, Brian Trammell <ietf@trammell.ch> wrote:
>
>> On 10 Jun 2016, at 22:12, Christian Huitema <huitema@microsoft.com> wrote:
>>
>> On Friday, June 10, 2016 9:04 AM, Tom Herbert wrote:
>>> ...
>>> Plus introduces new issues. All prior uses of UDP on the Internet have been end
>>> to end communications, application to application. PLUS is introducing the
>>> notion that UDP is used for application to network and network to application
>>> communications also. For end to end communications we can apply strong
>>> security (e.g. DTLS) so that spoofed or reflected UDP packets are not accepted.
>>
>> I think Tom has a good point here. PLUS does introduce new communication patterns, passing information to intermediate routers and expecting routers to act on the information. These communication patterns can very well introduce new attack vectors. We actually discussed a few of those on the list some time back. For example, an attacker could inject a packet that mimics the closure of a flow, and cause intermediate firewalls to close the holes open for that flow.
>
> Except this isn't really a new attack vector; there's no real difference between this and a FIN/RST injection in TCP, except we get a chance to make the space the attacker has to successfully guess in larger.
>
By doing TCP over DTLS over UDP we eliminate the possibility of
injection attacks against TCP like this. That is a major reason why we
want to encrypt transport headers.

>> I suggest that we recognize the link between new patterns and new attacks in the charter, and have an explicit goal to investigate these attacks and their mitigations.
>
> Absolutely; added an issue to the draft charter, will propose text next week
>
> Cheers,
>
> Brian
>

Re: [Spud] updated draft PLUS charter, rev. 1 June 🔓Dan Wing
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Ca By
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Yoav Nir
Re: [Spud] updated draft PLUS charter, rev. 1 June Christian Huitema
[Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
Re: [Spud] updated draft PLUS charter, rev. 1 June Ca By
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Christian Huitema
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch