Re: [Spud] Extensibility considered harmful? was Re: [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks

Ted Hardie <ted.ietf@gmail.com> Mon, 01 August 2016 18:57 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA10312D794 for <spud@ietfa.amsl.com>; Mon, 1 Aug 2016 11:57:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFgqlzmEqS9S for <spud@ietfa.amsl.com>; Mon, 1 Aug 2016 11:57:28 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC3A12D103 for <spud@ietf.org>; Mon, 1 Aug 2016 11:57:27 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id w18so205562077oiw.3 for <spud@ietf.org>; Mon, 01 Aug 2016 11:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AwT2O2wqVWvyUJYJc1/TELeHTJ1bhCXj5WeZSzPZe+E=; b=049n9C52wfUy5sWRIWl+9++Csx0WHklJvFw31HNxpOkMcyZHtjURPD/5DOO5LXZ0Rg tGaK5AhMGLFRZSA0d0cv+4sH8AFOZRRkn3mjb5GuOzWRoZ4nlOcrvOLKk52AXfBC5iyl 362mr7LP02GsDDp0O+mKGBc0xzWSngtAic+1VBdzlRfStx6KlTLOTVfFmMlN7pHIZ0pY 2IPNzcuqDbZgBl5nyLSs80y/wHbl41Cw8V0cumd9U3g+Wn8Lye/MNrZZZHaOtqHa23J4 OtIKnrJmH16CYdHdW01Syj3TZeK0eJrbJyOeDosZk5m5kHqQC9DuOm8kdX1EygyPkm2U Vw8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AwT2O2wqVWvyUJYJc1/TELeHTJ1bhCXj5WeZSzPZe+E=; b=bYblAOFnZHdExAsfLxw3EB/dtLGxizrwjRAfg5VSaaYQbT/k+4fpnioqTcUSEy3lSe gWsVotHCqCHvltLdlwT+0G/8paS2osQ20R0lVH6nR2gTUOdn22RpL3li13v3D+PQFBYa HNf+a8gxTv1fFo4FTcN76tlghXk/UwyEBo8ubbarXHjefwQlvJcXf9nuC8y2vuj5DWgJ /U5kqgblCJZq9tZwpEYG/u8mYMF0aQftyxTIaQS0MZVQvZ+aLhVC3nqRq2MUVjJhDryq Um23slQmoU2HeFtescznX7WNS7cbRynImPZtlNar8p/Xt1aiaJegx00PuwZkFqfLasfN 3CqA==
X-Gm-Message-State: AEkooutQwgDXkHCXAZeCJ+HE3uqdrNdSE+/99h1sUT1PrZ35mt2ENdLoLz5l5YDojXEHbP3YOcY0qiaukrHBvA==
X-Received: by 10.202.218.215 with SMTP id r206mr32267932oig.55.1470077847046; Mon, 01 Aug 2016 11:57:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.222.213 with HTTP; Mon, 1 Aug 2016 11:56:57 -0700 (PDT)
In-Reply-To: <b4a87191-0bb9-7c3a-9717-68ae6ef33406@cs.tcd.ie>
References: <409B6F52-B637-4333-915B-A8127C80C98B@trammell.ch> <d27266cf-87f6-17b1-3038-e0f614c6c773@cs.tcd.ie> <84F6AEC6-7DE3-4D1F-9014-201279F70E56@tik.ee.ethz.ch> <5194f988-0e25-7f5a-75cf-6ed3646e012d@cs.tcd.ie> <402A30BB-1A20-4D54-95CA-7C50D8C0F26B@tik.ee.ethz.ch> <dc29fa73-88fd-3dc4-7497-f1bd2fa60422@cs.tcd.ie> <8722FE8E-1026-43D5-BE17-1D6B4031C0D8@tik.ee.ethz.ch> <1b261e1e-a543-53df-8a2a-7dddae415a14@cs.tcd.ie> <D2CEDF13-E508-4732-B8F6-98FBBDDC7EE6@tik.ee.ethz.ch> <f5c06c8a-5bef-86f6-5c62-302e7f6f75bf@cs.tcd.ie> <B58C7986-4B91-41FB-A6B6-F8E7BD25E799@tik.ee.ethz.ch> <6a61c305-c1f6-d14d-d0c4-d9809cfb5f78@cs.tcd.ie> <F7541B2E-86C2-49C6-B616-BDCC567CDAFC@lurchi.franken.de> <92b31df8-f557-a935-a3d8-1f7bf7ee8689@cs.tcd.ie> <E9B17055-DB61-41C6-9D9F-7510E9EC1ADE@lurchi.franken.de> <45d1e4f8-43fd-181f-b902-73f129e8518b@cs.tcd.ie> <B018BDCD-64EF-4F86-9B0B-FA73EA63A5C9@trammell.ch> <b4a87191-0bb9-7c3a-9717-68ae6ef33406@cs.tcd.ie>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Mon, 1 Aug 2016 11:56:57 -0700
Message-ID: <CA+9kkMB+j=My1i2Ygyz1VaO+ZjgtPr-SjoEKhcdve8gw-vq0Jw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary=001a113d2b78dd90a00539072b19
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/8D7LNJTKF6AosJSF9ydKw-OZu60>
Cc: Brian Trammell <ietf@trammell.ch>, spud <spud@ietf.org>, =?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
Subject: Re: [Spud] Extensibility considered harmful? was Re: [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 18:57:30 -0000

On Sun, Jul 31, 2016 at 6:01 PM, Stephen Farrell <

>
> IMO that case has not been made to the point where I would
> consider it justifies privacy downsides. IOW, while I am of
> course in favour of endpoints being able to signal to one
> another without middlebox interference, I am not at all on
> side with transport header integrity being counted as a major
> win in the analysis of PLUS, if that "win" inherently requires
> a significant privacy cost. (And I am clearly happy to endlessly
> repeat myself that in this particular case:
>
>         extensibility == privacy unfriendly
>
>
Stephen, someone naively coming across this statement in the record will
think you mean that any extensibility is privacy unfriendly.  Obviously,
you have championed the ability to shift cryptographic algorithms as needs
change, which requires extensibility of specific forms.   Lots of other
work requires extensibility to be useful at all (imagine if the tag space
of the web had been frozen in 1993).

I should greatly appreciate you reformulating this into something that
actually matches your meaning.  That would likely be useful; this is not.

thanks,

Ted