IETF Logo Mail Archive

Re: [Spud] [Int-area] New Version Notification for draft-welzl-icmp-text-middleboxes-00.txt

🔓Dan Wing <dwing@cisco.com> Wed, 01 July 2015 18:49 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 506AC1B2A4E for <spud@ietfa.amsl.com>; Wed, 1 Jul 2015 11:49:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.211
X-Spam-Level:
X-Spam-Status: No, score=-14.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQ0JlbL_XS6j for <spud@ietfa.amsl.com>; Wed, 1 Jul 2015 11:49:23 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047371B2A46 for <spud@ietf.org>; Wed, 1 Jul 2015 11:49:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7566; q=dns/txt; s=iport; t=1435776564; x=1436986164; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=7JVHS0ya5UzSzqYoS9uqdT+21PVxuDb9x9lUWl1KjfY=; b=dbmK6mOte2TdcXMv1gCUbOHE5VuRc18XNOgoSbQP9a+bgsjdB+sPREdF ey9ku2fMa5+ZdbOcr6NfjyON4KGWVXdxBtzzPJp4Y7ifedrJieS3pcR6l sjs/urypxtlcH+CYeqJRJgQ79/QpiRdzWMQkU6RPOI79qhH5VY31xJMtT 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DfAwD7NJRV/49dJa1bgxFUX70yCYFkDIJCgzQCgVY4FAEBAQEBAQGBCoQiAQEBAwEBAQE3NAkCDgILDgMDAQIBGQITFhEoCAYTG4gMCA3NDAEBAQEBAQEBAQEBAQEBAQEBAQEBARcEi0aEUzMHBiECgm6BFAWMF2+HCoRdhGKCIoE6FDCDUIJrIowMg10mggcFHBWBXR4xAWUfgUMBAQE
X-IronPort-AV: E=Sophos;i="5.15,387,1432598400"; d="scan'208";a="164644011"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-6.cisco.com with ESMTP; 01 Jul 2015 18:49:23 +0000
Received: from [10.136.10.48] ([10.136.10.48]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t61InLqE016379 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 1 Jul 2015 18:49:21 GMT
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: =?utf-8?Q?=F0=9F=94=93Dan_Wing?= <dwing@cisco.com>
In-Reply-To: <1A563A0C-CCF5-4D97-935E-1509237BB357@ifi.uio.no>
Date: Wed, 1 Jul 2015 11:49:21 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <33970202-61F0-4F9D-8B04-85B677AD381E@cisco.com>
References: <612B7EC6-8AF9-4FDB-879F-735213ACAB1A@ifi.uio.no> <F38C9351-7324-4099-8867-52987B4CAA3D@ifi.uio.no> <f30374cf53901345a21b972af3d87000.squirrel@erg.abdn.ac.uk> <1A563A0C-CCF5-4D97-935E-1509237BB357@ifi.uio.no>
To: Michael Welzl <michawe@ifi.uio.no>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/PMlzFtp4xYrtPAtmGAhVLoAGAbQ>
Cc: gorry@erg.abdn.ac.uk, spud@ietf.org
Subject: Re: [Spud] [Int-area] New Version Notification for draft-welzl-icmp-text-middleboxes-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 18:49:25 -0000

I don't see high likelyhood of someone typing (or speaking) a message like that, pointing out a problem that might or might not get heard and result in action.

I could see an application or OS spitting out messages, though -- but probably not in the format proposed.  For example, it could be valuable for a network administrator to know that their users want to use SRTP-over-UDP, but UDP is being blocked forcing users to use SRTP-over-TCP (which has a different -- sometimes worse -- user experience than UDP).  A browser might want to use QUIC-over-UDP, and it could be useful to tell the network administrator that it was forced to fallback to TCP.  An OS might want to use native SCTP, native IPsec (protocol 50), or native QUIC or native RTP (QUIC and RTP are not IANA registered as protocols on top of IP, but by all rights they could / should be).  Another complaint message might be "Gosh, I need IPv6" or "I need NAT64".  If the "complaint" messages were to be computer-parsable, I see more value in your proposal.  I'm not too keen on ICMP for this communication, though; perhaps HTTP POST to a well-known FQDN, such as complaint.local, and some sort of structure to what is posted could be more valuable.

-d


On 01-Jul-2015 10:07 am, Michael Welzl <michawe@ifi.uio.no> wrote:
> 
> Answering all three issues in one go:
> 
> It's intended to reach the first, maybe second hop. There you can either verify where it came from by considering the physical interface, or (more likely I think) you can "trust but verify"  ;-)   (since we're on the SPUD list)
> 
> Indeed these text messages are only meant as hints.
> 
> Consider this use case in the draft:
> 
> "This is Michael Welzl, sitting in office 4164 at IFI.  I want to run
>   videoconferencing software XY that I need for a project I'm in, but
>   it doesn't seem to work.  I think you blocked some UDP ports there.
>   Not good, please fix and get back to me."
> 
> => this is a request to check for port usage of a videoconferencing software. Depending on whether the box admin believes this software should be supported or not, (s)he might accept that hint and check. (yes it opens for interesting denial of service attacks: "port X is blocked!" "no, actually, port Y!" "please check port Z now!" - haha...    in which case you might want to check against the source, based on your physical network setup.
> 
> Unless you see a sequence of contradicting messages, it might be worth a check. Consider the other use case:
> "Hello, I like the WiFi that's being provided at this airport!  But
>   did you notice that there is almost no reception near the C gates in
>   terminal 3?"
> 
> No way for an attacker to find out if you got the message or if you care about it. So, one solution is: read the messages with some delay, maybe daily. If there is an indication of an attacker sending you back and forth between A, B and C gates, don't believe it.
> 
> In other words: it's just an unreliable & advisory text message, and - as with road signs etc. - attacks can be counteracted by common sense  :-)
> 
> Michael
> 
> 
> 
>> On 1. jul. 2015, at 18.54, gorry@erg.abdn.ac.uk wrote:
>> 
>> So, if there is no IP header in the payload, I have two questions:
>> 
>> (1) How do you verify the ICMP packet came from something on-path. rather
>> than being generated by a  random, potentially malicious sender? Why would
>> any host trust this?
>> 
>> (2) No header no encaps info - hence no ports or originating address etc?
>> - In other words not useful.
>> 
>> (3) Obviously this will not traverse NATs or tunnels (always a problem for
>> feed-backwards control messages), since these would not be able to
>> determine the next endpoint.
>> 
>> Gorry
>> 
>>> Hi,
>>> 
>>> See below - this is remotely related to SPUD (really remotely, in that it
>>> addresses a human, but the human in control of a device of concern to
>>> SPUD).
>>> 
>>> We're collecting opinions on this - please let us have them   :-)
>>> 
>>> Michael
>>> 
>>> 
>>> 
>>>> Begin forwarded message:
>>>> 
>>>> Resent-From: <michawe@ifi.uio.no>
>>>> From: Michael Welzl <michawe@ifi.uio.no>
>>>> Date: 30. juni 2015 kl. 00.35.39 CEST
>>>> To: Int-area@ietf.org
>>>> Subject: [Int-area] Fwd: New Version Notification for
>>>> draft-welzl-icmp-text-middleboxes-00.txt
>>>> 
>>>> Dear all,
>>>> 
>>>> We just posted the draft below. Not knowing which other group would fit,
>>>> we're sending it here. We're really transport people and at least I am
>>>> newbie to this group...  very curious to hear your thoughts:
>>>> - completely idiotic?
>>>> - exactly what the world has been waiting for?
>>>> 
>>>> ... I guess it can only be one of the two above  :-)     If the chairs
>>>> think that this makes sense to discuss in Prague, we'll be there, and
>>>> I'd be happy to do a supershort presentation, but let us first hear what
>>>> you think. It's a short and easy read, we promise that!  :-)
>>>> 
>>>> Thanks!
>>>> Michael & Janjie
>>>> 
>>>> 
>>>>> Begin forwarded message:
>>>>> 
>>>>> Resent-From: <michawe@ifi.uio.no>
>>>>> From: <internet-drafts@ietf.org>
>>>>> To: Jianjie You <youjianjie@huawei.com>om>, Michael Welzl
>>>>> <michawe@ifi.uio.no>no>, Jianjie You <youjianjie@huawei.com>om>, Michael
>>>>> Welzl <michawe@ifi.uio.no>
>>>>> Subject: New Version Notification for
>>>>> draft-welzl-icmp-text-middleboxes-00.txt
>>>>> Date: 30. juni 2015 kl. 00.24.23 CEST
>>>>> 
>>>>> 
>>>>> A new version of I-D, draft-welzl-icmp-text-middleboxes-00.txt
>>>>> has been successfully submitted by Michael Welzl and posted to the
>>>>> IETF repository.
>>>>> 
>>>>> Name:		draft-welzl-icmp-text-middleboxes
>>>>> Revision:	00
>>>>> Title:		Text messaging to middlebox administrators using ICMP
>>>>> Document date:	2015-06-30
>>>>> Group:		Individual Submission
>>>>> Pages:		6
>>>>> URL:
>>>>> https://www.ietf.org/internet-drafts/draft-welzl-icmp-text-middleboxes-00.txt
>>>>> Status:
>>>>> https://datatracker.ietf.org/doc/draft-welzl-icmp-text-middleboxes/
>>>>> Htmlized:
>>>>> https://tools.ietf.org/html/draft-welzl-icmp-text-middleboxes-00
>>>>> 
>>>>> 
>>>>> Abstract:
>>>>> This document describes the use of an ICMP message to send text
>>>>> messages to on-path middleboxes from the endpoints.  The text message
>>>>> is sent towards a destination but meant to be read by administrators
>>>>> of middleboxes along the path to the destination.  The goal is to
>>>>> improve the user's experience with simple middlebox cooperation.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Please note that it may take a couple of minutes from the time of
>>>>> submission
>>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>> 
>>>>> The IETF Secretariat
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> Int-area mailing list
>>>> Int-area@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/int-area
>>> 
>>> _______________________________________________
>>> Spud mailing list
>>> Spud@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spud
>>> 
>> 
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

v2.8.7 | Report a Bug | By Email