[Spud] 答复: endpoint control
Youjianjie <youjianjie@huawei.com> Wed, 22 June 2016 09:36 UTC
Return-Path: <youjianjie@huawei.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CED712B058 for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 02:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4c6UgpSkOx5R for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 02:36:09 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8B72127058 for <spud@ietf.org>; Wed, 22 Jun 2016 02:36:07 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml708-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CRH07510; Wed, 22 Jun 2016 09:36:05 +0000 (GMT)
Received: from NKGEML414-HUB.china.huawei.com (10.98.56.75) by lhreml708-cah.china.huawei.com (10.201.5.202) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 22 Jun 2016 10:36:03 +0100
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id 14.03.0235.001; Wed, 22 Jun 2016 17:35:56 +0800
From: Youjianjie <youjianjie@huawei.com>
To: Brian Trammell <ietf@trammell.ch>
Thread-Topic: [Spud] endpoint control
Thread-Index: AQHRyzwoxDCBxuKTZk6d9wR8LfPe/p/zI/AAgAHtRPD//5oTAIAAjlgQ
Date: Wed, 22 Jun 2016 09:35:56 +0000
Message-ID: <F6C28B32DA084644BB6C8D0BD65B669DC0C8F5@NKGEML515-MBX.china.huawei.com>
References: <F797C2D5-3FF6-496F-98FB-0487E5573B2A@gmail.com> <57690A66.3050502@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C7D3@NKGEML515-MBX.china.huawei.com> <095C2E5D-D235-4017-91E2-9B437D8DBDD0@trammell.ch>
In-Reply-To: <095C2E5D-D235-4017-91E2-9B437D8DBDD0@trammell.ch>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.78.148]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0B0208.576A5C05.016A, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 54788bab200ba984077cc06ccd49cc3e
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/9-uBrVqPdxjjxfYrIT3ROjzDI18>
Cc: Aaron Falk <aaron.falk@gmail.com>, spud <spud@ietf.org>
Subject: [Spud] 答复: endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 09:36:11 -0000
Hi Brian, Thanks for your prompt reply. Please see my comments below: > -----邮件原件----- > 发件人: Brian Trammell [mailto:ietf@trammell.ch] > 发送时间: 2016年6月22日 16:56 > 收件人: Youjianjie > 抄送: Aaron Falk; spud > 主题: Re: [Spud] endpoint control > > hi Jianjie, > > > On 22 Jun 2016, at 09:09, Youjianjie <youjianjie@huawei.com> wrote: > > > > Hi Brian, > > > > (1) For forward signaling, the sending endpoint must place "scratch space" in > the packet with a label on it stating that it's okay to modify; this > okay-to-modify state is enforced by a MAC which only verifies the length but > not the content of the scratch space. > > > > Could you please elaborate how a MAC is used to enforce the okay-to-modify > state? Is it only applicable to L2 network? > > Sorry, acronym collision. Here MAC = message authentication code, not > medium access control. > > > Is it a designed field in the PLUS header? > > There isn't a "PLUS header" yet; we're only talking about potential > mechanisms that could be implemented within one. Here, the idea is that you > have some encoding that allows you to place labeled data in the PLUS header > (from the SPUD prototype experience, we like CBOR, but this is a technical > detail). > > Some of the types/keys in this data structure are designated end-to-end, and > some of the types/keys are designated path-modifiable. > > The MAC is generated by the sending endpoint using a secret shared by both > endpoints, and covers: How is the secret shared between both endpoints? The endpoints need to establish a connection to exchange keys? > (1) the presence and content of end-to-end PLUS header information Do you mean that this information is encrypted using the shared secret? Only both endpoints can know the content? > (2) the presence and length of path-modifiable PLUS header information, by > treating the content as a length-N byte array of zeroes. How does the middle-box along the path interpret the PLUS header? Does the middle-box also need the secret? I used to think middle-box is transparent. Thanks, Jianjie > This MAC is then transmitted from the sender to the receiver in encrypted > form. > > Additional MACs may also protect bits of the IP and UDP header, in order to > detect NAT and other sub-PLUS modifications, but these are outside the scope > of this question. > > Cheers, > > Brian > > > > > > Thanks, > > Jianjie > > > > 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell > > 发送时间: 2016年6月21日 17:36 > > 收件人: Aaron Falk > > 抄送: spud > > 主题: Re: [Spud] endpoint control > > > > hi Aaron, > > > > On 06/20/2016 11:38 PM, Aaron Falk wrote: > > Hi Brian- > > > > In the charter and the draft-trammel-spud-req it says > > > > Both endpoint-to-path and path-to-endpoint signaling happen > > completely under endpoint control. > > > > Without additional elaboration, one could conclude that, e.g., permission is > required before a path could signal to an endpoint. Alternatively, it could be > implying an endpoint has the freedom to ignore any signaling from the path. > I have been assuming the latter. But now I wonder if you are intentionally > attempting to permit the former. Could you clarify? > > > > Our intention is the former: that permission is required before the path can > signal to the endpoint. We have two mechanisms we've been thinking about > for this: > > > > (1) For forward signaling, the sending endpoint must place "scratch space" in > the packet with a label on it stating that it's okay to modify; this > okay-to-modify state is enforced by a MAC which only verifies the length but > not the content of the scratch space. > > > > (2) For direct reverse signaling, a path element may not send a direct reverse > signaling packet to a sender unless it has also dropped a forward packet from > the sender to receiver. This second mechanism is less about permission and > more about reducing the attractiveness of PLUS for amplification/reflection > attacks. > > > > In any case, endpoints (and path elements) can ignore whatever they want to > from the PLUS-exposed information; it's what's in the encrypted transport > layer headers that matters to the transport protocol on the endpoint. > > > > Cheers, > > > > Brian > > > > > > Thanks, > > > > —aaron > > > > > > > > > > > > _______________________________________________ > > Spud mailing list > > Spud@ietf.org > > https://www.ietf.org/mailman/listinfo/spud > >
- Re: [Spud] endpoint control Diego R. Lopez
- Re: [Spud] endpoint control Brian Trammell
- Re: [Spud] endpoint control 🔓Dan Wing
- Re: [Spud] endpoint control Tom Herbert
- Re: [Spud] endpoint control 🔓Dan Wing
- Re: [Spud] endpoint control Brian Trammell
- Re: [Spud] endpoint control Smith, Kevin, (R&D) Vodafone Group
- Re: [Spud] endpoint control Tom Herbert
- Re: [Spud] endpoint control Joe Touch
- Re: [Spud] endpoint control Tom Herbert
- Re: [Spud] endpoint control Joe Touch
- Re: [Spud] endpoint control Smith, Kevin, (R&D) Vodafone Group
- [Spud] 答复: endpoint control Youjianjie
- Re: [Spud] endpoint control Tom Herbert
- Re: [Spud] endpoint control 🔓Dan Wing
- Re: [Spud] endpoint control Brian Trammell
- Re: [Spud] endpoint control Fossati, Thomas (Nokia - GB)
- [Spud] endpoint control Smith, Kevin, (R&D) Vodafone Group
- Re: [Spud] endpoint control Brian Trammell
- [Spud] 答复: endpoint control Youjianjie
- [Spud] 答复: endpoint control Youjianjie
- [Spud] 答复: endpoint control Youjianjie
- Re: [Spud] endpoint control Brian Trammell
- [Spud] 答复: endpoint control Youjianjie
- Re: [Spud] endpoint control Brian Trammell
- [Spud] 答复: endpoint control Youjianjie
- Re: [Spud] endpoint control Brian Trammell
- [Spud] endpoint control Aaron Falk
- Re: [Spud] endpoint control Brian Trammell
- Re: [Spud] endpoint control Brian Trammell