IETF Logo Mail Archive

Re: [Spud] endpoint control

Tom Herbert <tom@herbertland.com> Wed, 29 June 2016 23:26 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 416C612D87E for <spud@ietfa.amsl.com>; Wed, 29 Jun 2016 16:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nns0m8FwWRAE for <spud@ietfa.amsl.com>; Wed, 29 Jun 2016 16:26:49 -0700 (PDT)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC2AC12D76E for <spud@ietf.org>; Wed, 29 Jun 2016 16:26:48 -0700 (PDT)
Received: by mail-it0-x235.google.com with SMTP id g127so133687807ith.0 for <spud@ietf.org>; Wed, 29 Jun 2016 16:26:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=uK5YiBJjstTpmd1lUpQusojGpai29we9DuBpm4n4Epk=; b=nirKXXkYT0q6Ekjn1TTFqUgkrwibEO7YDU1Zi1cFJkUdL0EM3rnGw5uiWkrf86PfKg Ca9MQPHC3+WyxAORTle+XKgu9YkNe4IabZPvtF++v4rL6+FpEO7paOpgwiCrU18NiOYk zxN2brFg1QiaRS5WU3yMfoJkr4GWWXjGB9utRLoYzdPWqmoEP8BTWkQ/VIx/hrMvMzon xXgBCdi3lwxoAh8w5F5iBy7zeh6w5Te8pR4EM3X0VfALu6xntDmcD8+V9N+iFHzMK9ed AJ6qFkUzGw6RxGhmb7g0j9KiaibBQIDkhVFkpaX8Lt6Asbqshdzu3v1xD7NW9UdrQwYx 72Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=uK5YiBJjstTpmd1lUpQusojGpai29we9DuBpm4n4Epk=; b=Owwmj7368HBP70eddUGmjktNSA9iWI/6FSJuQ12OUK3NQzNMbrGKJEeq/PdhGeGR1P XMt41dUdJHJq391mAzEa2la1iG/DbDnP36I0IkTXVJ4lS3AwYLyToAGoFu7eG+vyZ4ur eEML4+EdgOm8fwxYtCYfVpgdC6qumln9xIJF08LAofUKZUhEcNySjCMJMq4XiPVEUmRr Z4a1PL5ObfP3Fy/BAKjxxVCMhvjsKUmp1FuH04NQr6i+7egJQ45ykNYkEpvsGLEq+PeS y3YcLxZADkmT+GeVf1E+sB4n0JWEO6YAeY0PyFJsNG9MwWfadjXfJ4VKzMSK4J3z597H V90Q==
X-Gm-Message-State: ALyK8tLtM1s/vczhpzZPFz8lCF7Os9P2LIrHzJYDjdKZVs2NyeySMpV/nE2CTZcSYKGLOfjacUOUU0d7q7bF9Q==
X-Received: by 10.36.22.195 with SMTP id a186mr12982295ita.37.1467242808274; Wed, 29 Jun 2016 16:26:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.31.134 with HTTP; Wed, 29 Jun 2016 16:26:47 -0700 (PDT)
In-Reply-To: <A4BAAB326B17CE40B45830B745F70F10EE37B7F0@VOEXM17W.internal.vodafone.com>
References: <A4BAAB326B17CE40B45830B745F70F10EE37ACAE@VOEXM17W.internal.vodafone.com> <CALx6S35DbFk5ZXUf0ob+hziPb1d5xjZvGADP_g-rw=EYKbPOvw@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F10EE37B7F0@VOEXM17W.internal.vodafone.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 29 Jun 2016 16:26:47 -0700
Message-ID: <CALx6S37xeV2Wp=Ms1bF52YPMdYytqCJ_2DMOn9JriykHegBQmw@mail.gmail.com>
To: "Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/F-PwVLRXMgFyGNqEOJaAEMJTkI8>
Cc: "Brian Trammell (ietf@trammell.ch)" <ietf@trammell.ch>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 23:26:52 -0000

On Wed, Jun 29, 2016 at 3:45 AM, Smith, Kevin, (R&D) Vodafone Group
<Kevin.Smith@vodafone.com> wrote:
> Hi Tom,
>
>> Do you see any reason (other than maybe current deployability) that these can't be done in HBH options instead of TCP options?
>
> Probably down to forwarding performance too, as Hop-by-Hop must be processed by all network devices. And deployability as you say; because IPv6 is unfortunately not prevalent yet in mobile core networks...
>
The first problem is being relaxed in 2460bis draft. It allows HBH to
be ignored by network devices, which should cover the case where there
are "too many options to parse" in a DOS attack.

Tom

> https://tools.ietf.org/html/draft-krishnan-ipv6-hopbyhop-05 recommends using other extension headers instead, due to a denial of service threat. But these are intended for the destination and not interim nodes, and we'd need to check that EH are consistently passed across a range of vendors' routers.
>
> Many thanks,
> Kevin
>
> -----Original Message-----
> From: Tom Herbert [mailto:tom@herbertland.com]
> Sent: 28 June 2016 18:37
> To: Smith, Kevin, (R&D) Vodafone Group
> Cc: Brian Trammell (ietf@trammell.ch); spud@ietf.org
> Subject: Re: [Spud] endpoint control
>
> On Tue, Jun 28, 2016 at 3:41 AM, Smith, Kevin, (R&D) Vodafone Group <Kevin.Smith@vodafone.com> wrote:
>> Hi Brian,
>>
>> I think Mobile Throughput Guidance would be a good candidate for PLUS path-to-endpoint signalling. The latest (albeit expired) MTG draft [1] is bound to TCP Options, and was considering use of TCP-AO for authentication; PLUS could allow MTG for both TCP and UDP-based flows. However it seems that proposed PLUS mechanism:
>>
>>>(1) For forward signaling, the sending endpoint must place "scratch space" in the packet with a label on it stating that it's okay to modify; this okay-to-modify state is enforced by a MAC which only verifies the length but not the content of the scratch space.
>>
>> ...may not provide the guarantee that (1) the MTG information was indeed injected by the cellular network and (2) that it has not been modified by another node. Have I got that right? Or would such an authentication/integrity check applicable to path data be in scope of PLUS?
>>
>> Cheers,
>> Kevin
>> Vodafone R&D
>>
>> [1]
>> https://www.ietf.org/archive/id/draft-flinck-mobile-throughput-guidanc
>> e-03.txt , expired
>>
> Hi Kevin,
>
> That is an interesting use case. Do you see any reason (other than maybe current deployability) that these can't be done in HBH options instead of TCP options?
>
> Thanks,
> Tom
>
>
>> _______________________________________________
>> Spud mailing list
>> Spud@ietf.org
>> https://www.ietf.org/mailman/listinfo/spud

v2.23.0 | Report a Bug | By Email