IETF Logo Mail Archive

[Spud] 答复: endpoint control

Youjianjie <youjianjie@huawei.com> Wed, 22 June 2016 07:10 UTC

Return-Path: <youjianjie@huawei.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2938912D12B for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 00:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.636
X-Spam-Level:
X-Spam-Status: No, score=-5.636 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rNSq2o1CCqiz for <spud@ietfa.amsl.com>; Wed, 22 Jun 2016 00:10:10 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFFD412B060 for <spud@ietf.org>; Wed, 22 Jun 2016 00:10:09 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml705-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CRG78773; Wed, 22 Jun 2016 07:10:07 +0000 (GMT)
Received: from NKGEML414-HUB.china.huawei.com (10.98.56.75) by lhreml705-cah.china.huawei.com (10.201.5.168) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 22 Jun 2016 08:10:05 +0100
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id 14.03.0235.001; Wed, 22 Jun 2016 15:09:59 +0800
From: Youjianjie <youjianjie@huawei.com>
To: Brian Trammell <ietf@trammell.ch>, Aaron Falk <aaron.falk@gmail.com>
Thread-Topic: [Spud] endpoint control
Thread-Index: AQHRyzwoxDCBxuKTZk6d9wR8LfPe/p/zI/AAgAHtRPA=
Date: Wed, 22 Jun 2016 07:09:58 +0000
Message-ID: <F6C28B32DA084644BB6C8D0BD65B669DC0C7D3@NKGEML515-MBX.china.huawei.com>
References: <F797C2D5-3FF6-496F-98FB-0487E5573B2A@gmail.com> <57690A66.3050502@trammell.ch>
In-Reply-To: <57690A66.3050502@trammell.ch>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.78.148]
Content-Type: multipart/alternative; boundary="_000_F6C28B32DA084644BB6C8D0BD65B669DC0C7D3NKGEML515MBXchina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.576A39D0.00CF, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 9f873e2aaa8f87a5cbe1a80e61c2d3a1
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/Ee4MOtxtOTFX6U8lYqmdn89EqpE>
Cc: spud <spud@ietf.org>
Subject: [Spud] 答复: endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 07:10:12 -0000

Hi Brian,

(1) For forward signaling, the sending endpoint must place "scratch space" in the packet with a label on it stating that it's okay to modify; this okay-to-modify state is enforced by a MAC which only verifies the length but not the content of the scratch space.

Could you please elaborate how a MAC is used to enforce the okay-to-modify state? Is it only applicable to L2 network? Is it a designed field in the PLUS header?

Thanks,
Jianjie

发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
发送时间: 2016年6月21日 17:36
收件人: Aaron Falk
抄送: spud
主题: Re: [Spud] endpoint control

hi Aaron,
On 06/20/2016 11:38 PM, Aaron Falk wrote:
Hi Brian-

In the charter and the draft-trammel-spud-req it says


   Both endpoint-to-path and path-to-endpoint signaling happen

   completely under endpoint control.

Without additional elaboration, one could conclude that, e.g., permission is required before a path could signal to an endpoint.  Alternatively, it could be implying an endpoint has the freedom to ignore any signaling from the path.  I have been assuming the latter.  But now I wonder if you are intentionally attempting to permit the former.  Could you clarify?

Our intention is the former: that permission is required before the path can signal to the endpoint. We have two mechanisms we've been thinking about for this:

(1) For forward signaling, the sending endpoint must place "scratch space" in the packet with a label on it stating that it's okay to modify; this okay-to-modify state is enforced by a MAC which only verifies the length but not the content of the scratch space.

(2) For direct reverse signaling, a path element may not send a direct reverse signaling packet to a sender unless it has also dropped a forward packet from the sender to receiver. This second mechanism is less about permission and more about reducing the attractiveness of PLUS for amplification/reflection attacks.

In any case, endpoints (and path elements) can ignore whatever they want to from the PLUS-exposed information; it's what's in the encrypted transport layer headers that matters to the transport protocol on the endpoint.

Cheers,

Brian


Thanks,

―aaron






_______________________________________________

Spud mailing list

Spud@ietf.org<mailto:Spud@ietf.org>

https://www.ietf.org/mailman/listinfo/spud

v2.23.0 | Report a Bug | By Email