Re: [Spud] [Int-area] New Version Notification for draft-welzl-icmp-text-middleboxes-00.txt
Michael Welzl <michawe@ifi.uio.no> Wed, 01 July 2015 17:08 UTC
Return-Path: <michawe@ifi.uio.no>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8B7261AC3DB
for <spud@ietfa.amsl.com>; Wed, 1 Jul 2015 10:08:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id K1j2AHj7QIpa for <spud@ietfa.amsl.com>;
Wed, 1 Jul 2015 10:08:16 -0700 (PDT)
Received: from mail-out5.uio.no (mail-out5.uio.no [IPv6:2001:700:100:10::17])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 17E241AC3F4
for <spud@ietf.org>; Wed, 1 Jul 2015 10:07:53 -0700 (PDT)
Received: from mail-mx3.uio.no ([129.240.10.44])
by mail-out5.uio.no with esmtp (Exim 4.80.1)
(envelope-from <michawe@ifi.uio.no>)
id 1ZALUF-00037t-IJ; Wed, 01 Jul 2015 19:07:51 +0200
Received: from 62-193-53-219.as16211.net ([62.193.53.219]
helo=[192.168.101.158])
by mail-mx3.uio.no with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
user michawe (Exim 4.80) (envelope-from <michawe@ifi.uio.no>)
id 1ZALUE-0003m0-Lu; Wed, 01 Jul 2015 19:07:51 +0200
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: text/plain; charset=iso-8859-1
From: Michael Welzl <michawe@ifi.uio.no>
X-Priority: 3 (Normal)
In-Reply-To: <f30374cf53901345a21b972af3d87000.squirrel@erg.abdn.ac.uk>
Date: Wed, 1 Jul 2015 19:07:50 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A563A0C-CCF5-4D97-935E-1509237BB357@ifi.uio.no>
References: <612B7EC6-8AF9-4FDB-879F-735213ACAB1A@ifi.uio.no>
<F38C9351-7324-4099-8867-52987B4CAA3D@ifi.uio.no>
<f30374cf53901345a21b972af3d87000.squirrel@erg.abdn.ac.uk>
To: gorry@erg.abdn.ac.uk
X-Mailer: Apple Mail (2.2070.6)
X-UiO-SPF-Received:
X-UiO-Ratelimit-Test: rcpts/h 2 msgs/h 1 sum rcpts/h 8 sum msgs/h 5 total
rcpts 30649 max rcpts/h 54 ratelimit 0
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.0, required=5.0,
autolearn=disabled, TVD_RCVD_IP=0.001, UIO_MAIL_IS_INTERNAL=-5, uiobl=NO,
uiouri=NO)
X-UiO-Scanned: 86AEEFE7E1E357B292947BB92D6D5E6EB5892F0B
X-UiO-SPAM-Test: remote_host: 62.193.53.219 spam_score: -49 maxlevel 80
minaction 2 bait 0 mail/h: 1 total 41 max/h 6 blacklist 0 greylist 0
ratelimit 0
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/9DzlX5abr3BrsuOafY8Ee4xoQ1Y>
Cc: spud@ietf.org
Subject: Re: [Spud] [Int-area] New Version Notification for
draft-welzl-icmp-text-middleboxes-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 17:08:18 -0000
Answering all three issues in one go: It's intended to reach the first, maybe second hop. There you can either verify where it came from by considering the physical interface, or (more likely I think) you can "trust but verify" ;-) (since we're on the SPUD list) Indeed these text messages are only meant as hints. Consider this use case in the draft: "This is Michael Welzl, sitting in office 4164 at IFI. I want to run videoconferencing software XY that I need for a project I'm in, but it doesn't seem to work. I think you blocked some UDP ports there. Not good, please fix and get back to me." => this is a request to check for port usage of a videoconferencing software. Depending on whether the box admin believes this software should be supported or not, (s)he might accept that hint and check. (yes it opens for interesting denial of service attacks: "port X is blocked!" "no, actually, port Y!" "please check port Z now!" - haha... in which case you might want to check against the source, based on your physical network setup. Unless you see a sequence of contradicting messages, it might be worth a check. Consider the other use case: "Hello, I like the WiFi that's being provided at this airport! But did you notice that there is almost no reception near the C gates in terminal 3?" No way for an attacker to find out if you got the message or if you care about it. So, one solution is: read the messages with some delay, maybe daily. If there is an indication of an attacker sending you back and forth between A, B and C gates, don't believe it. In other words: it's just an unreliable & advisory text message, and - as with road signs etc. - attacks can be counteracted by common sense :-) Michael > On 1. jul. 2015, at 18.54, gorry@erg.abdn.ac.uk wrote: > > So, if there is no IP header in the payload, I have two questions: > > (1) How do you verify the ICMP packet came from something on-path. rather > than being generated by a random, potentially malicious sender? Why would > any host trust this? > > (2) No header no encaps info - hence no ports or originating address etc? > - In other words not useful. > > (3) Obviously this will not traverse NATs or tunnels (always a problem for > feed-backwards control messages), since these would not be able to > determine the next endpoint. > > Gorry > >> Hi, >> >> See below - this is remotely related to SPUD (really remotely, in that it >> addresses a human, but the human in control of a device of concern to >> SPUD). >> >> We're collecting opinions on this - please let us have them :-) >> >> Michael >> >> >> >>> Begin forwarded message: >>> >>> Resent-From: <michawe@ifi.uio.no> >>> From: Michael Welzl <michawe@ifi.uio.no> >>> Date: 30. juni 2015 kl. 00.35.39 CEST >>> To: Int-area@ietf.org >>> Subject: [Int-area] Fwd: New Version Notification for >>> draft-welzl-icmp-text-middleboxes-00.txt >>> >>> Dear all, >>> >>> We just posted the draft below. Not knowing which other group would fit, >>> we're sending it here. We're really transport people and at least I am >>> newbie to this group... very curious to hear your thoughts: >>> - completely idiotic? >>> - exactly what the world has been waiting for? >>> >>> ... I guess it can only be one of the two above :-) If the chairs >>> think that this makes sense to discuss in Prague, we'll be there, and >>> I'd be happy to do a supershort presentation, but let us first hear what >>> you think. It's a short and easy read, we promise that! :-) >>> >>> Thanks! >>> Michael & Janjie >>> >>> >>>> Begin forwarded message: >>>> >>>> Resent-From: <michawe@ifi.uio.no> >>>> From: <internet-drafts@ietf.org> >>>> To: Jianjie You <youjianjie@huawei.com>om>, Michael Welzl >>>> <michawe@ifi.uio.no>no>, Jianjie You <youjianjie@huawei.com>om>, Michael >>>> Welzl <michawe@ifi.uio.no> >>>> Subject: New Version Notification for >>>> draft-welzl-icmp-text-middleboxes-00.txt >>>> Date: 30. juni 2015 kl. 00.24.23 CEST >>>> >>>> >>>> A new version of I-D, draft-welzl-icmp-text-middleboxes-00.txt >>>> has been successfully submitted by Michael Welzl and posted to the >>>> IETF repository. >>>> >>>> Name: draft-welzl-icmp-text-middleboxes >>>> Revision: 00 >>>> Title: Text messaging to middlebox administrators using ICMP >>>> Document date: 2015-06-30 >>>> Group: Individual Submission >>>> Pages: 6 >>>> URL: >>>> https://www.ietf.org/internet-drafts/draft-welzl-icmp-text-middleboxes-00.txt >>>> Status: >>>> https://datatracker.ietf.org/doc/draft-welzl-icmp-text-middleboxes/ >>>> Htmlized: >>>> https://tools.ietf.org/html/draft-welzl-icmp-text-middleboxes-00 >>>> >>>> >>>> Abstract: >>>> This document describes the use of an ICMP message to send text >>>> messages to on-path middleboxes from the endpoints. The text message >>>> is sent towards a destination but meant to be read by administrators >>>> of middleboxes along the path to the destination. The goal is to >>>> improve the user's experience with simple middlebox cooperation. >>>> >>>> >>>> >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org. >>>> >>>> The IETF Secretariat >>>> >>> >>> _______________________________________________ >>> Int-area mailing list >>> Int-area@ietf.org >>> https://www.ietf.org/mailman/listinfo/int-area >> >> _______________________________________________ >> Spud mailing list >> Spud@ietf.org >> https://www.ietf.org/mailman/listinfo/spud >> >
- [Spud] Fwd: [Int-area] New Version Notification f… Michael Welzl
- Re: [Spud] Fwd: [Int-area] New Version Notificati… gorry
- Re: [Spud] [Int-area] New Version Notification fo… Michael Welzl
- Re: [Spud] [Int-area] New Version Notification fo… 🔓Dan Wing
- Re: [Spud] [Int-area] New Version Notification fo… Michael Welzl
- Re: [Spud] [Int-area] New Version Notification fo… Black, David
- Re: [Spud] [Int-area] New Version Notification fo… Michael Welzl
- Re: [Spud] [Int-area] New Version Notification fo… Michael Welzl