Re: [Spud] SPUD Scope?
Christian Huitema <huitema@microsoft.com> Thu, 04 June 2015 19:34 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id AE5671A8AD9
for <spud@ietfa.amsl.com>; Thu, 4 Jun 2015 12:34:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id QmNfFo6U5nre for <spud@ietfa.amsl.com>;
Thu, 4 Jun 2015 12:34:06 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com
(mail-by2on0126.outbound.protection.outlook.com [207.46.100.126])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 427011A8A99
for <spud@ietf.org>; Thu, 4 Jun 2015 12:34:06 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by
DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP
Server (TLS) id 15.1.172.22; Thu, 4 Jun 2015 19:34:05 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by
DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id
15.01.0172.012; Thu, 4 Jun 2015 19:34:05 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Szilveszter Nadas
<Szilveszter.Nadas@ericsson.com>, "spud@ietf.org" <spud@ietf.org>
Thread-Topic: [Spud] SPUD Scope?
Thread-Index: AdCe42kWUfK3mg2YQc2lRPihacOmIwAGLggAAAAYmuA=
Date: Thu, 4 Jun 2015 19:34:05 +0000
Message-ID: <DM2PR0301MB0655E175AD817C6D896F7E7DA8B30@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <EA4C43BE752A194597B002779DF69BAE23D47A3E@ESESSMB303.ericsson.se>
<87h9qn1dkr.fsf@alice.fifthhorseman.net>
In-Reply-To: <87h9qn1dkr.fsf@alice.fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [2001:4898:80e0:ee43::3]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654;
3:sAEST88yJ8GO5U2eJn2Xzjuxycku8P38jRORThvV7YQGYjTLTk21TMiBWOTcdlMoDz/NcIuddyCzh+tzHaz997cjJtgEALnADScAeZqV96Du6cdtNcgiZpmkAIDq31khA+P5EHM/yCrRx/t950TO4A==;
10:DZXQUotNiemOLKexqzOgLSR3XDZuAYS/KVmeDDaVwjrt2A+Qc2QdHo2zZ+OVjULWhhKMSgEegxcPWiDTu56ehe5qZs4M+SGN/y7S0W5gl20=;
6:x31Vo+0YWsz2Gd8Fgs1agel9sI61SAzY3DC4xok84/h/BSbbafza0en65weYLEmZ
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
x-microsoft-antispam-prvs: <DM2PR0301MB0654F17FF447CFFBEA08D040A8B30@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(601004)(2401001)(5005006)(520003)(3002001); SRVR:DM2PR0301MB0654;
BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 0597911EE1
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(6009001)(377424004)(51704005)(24454002)(189002)(377454003)(199003)(33656002)(106356001)(99286002)(50986999)(54356999)(5001830100001)(76176999)(105586002)(189998001)(4001540100001)(2900100001)(5002640100001)(2950100001)(92566002)(5001860100001)(19580405001)(5001960100002)(107886002)(101416001)(86612001)(5001770100001)(74316001)(122556002)(46102003)(68736005)(64706001)(97736004)(86362001)(2501003)(2656002)(81156007)(76576001)(77156002)(40100003)(19580395003)(87936001)(62966003)(102836002)(77096005)(3826002);
DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654;
H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate
permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2015 19:34:05.2539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/VZ3GPvuPKPJboPUzjkgLhOx6-r4>
Subject: Re: [Spud] SPUD Scope?
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 19:34:07 -0000
On Thursday, June 4, 2015 12:25 PM, Daniel Kahn Gillmor wrote: > To: Szilveszter Nadas; spud@ietf.org > Subject: Re: [Spud] SPUD Scope? > > On Thu 2015-06-04 12:28:34 -0400, Szilveszter Nadas wrote: > > > The rage looked like this to me on a high level: > > > > a) only start/stop, hide everything in DTLS > > > > b) Some declarative, safe to ignore, trust but verify markings are OK, > > but it shall be minimized. > > > > c) "common, middlebox friendly connection/packet signaling layer", > > extensibility, any communication and behavior is OK as long as it is > > explicit. > > [...] > > This far-from-trivial authentication mechanism, combined with the UI/UX > concern about helping people to understand exactly who they are leaking their > metadata to, presents a really serious obstacle to deploying something like this > in a way that is safe for end users. Absolutely. This might only work if the client, server, and middleboxes incentives are well aligned. That may be the case for some basic QOS-type parameters, which is very much what (b) should be about. > ... > > I don't think something like (c) is a good idea. let's try to keep the smarts (and > the knowledge of both content and metadata) at the edges of the network, and > avoid blessing mechanisms that facilitate centralized surveillance. And a variety of security issues. The unauthenticated data channel is subject to spoofing, which enables a variety of packet injection attacks. -- Christian Huitema
- [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Christian Huitema
- Re: [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Ken Calvert
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Mirja Kühlewind
- Re: [Spud] SPUD Scope? FOSSATI, Thomas (Thomas)
- Re: [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Tom Herbert