IETF Logo Mail Archive

Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 22 May 2016 04:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5DC312D1AE for <spud@ietfa.amsl.com>; Sat, 21 May 2016 21:21:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSXh8sMVoEHS for <spud@ietfa.amsl.com>; Sat, 21 May 2016 21:21:32 -0700 (PDT)
Received: from mail-qg0-x233.google.com (mail-qg0-x233.google.com [IPv6:2607:f8b0:400d:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80DC912D141 for <spud@ietf.org>; Sat, 21 May 2016 21:21:32 -0700 (PDT)
Received: by mail-qg0-x233.google.com with SMTP id w36so77050815qge.3 for <spud@ietf.org>; Sat, 21 May 2016 21:21:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=wU08I2ZG10b2fmIPa9LwHOccoGJhUMJmgP8DNKpnQ8w=; b=CZzwcG+jm3Nl6lM03/hOeaFfCqWUn6t/QEP7JMSGtvMi5weUQpufiK8ZVhcDn8HmXj Tjt/gxfmhyVv2noCuSDcMDjZoYVuzyzEEz/ti+SCnSLmFI0e3hVEEjvlySujJebbfmhU uczje2tnwCh7f8B3lysn7gX+hgTzExEgOvCG++lVBSgJmLkDfKF06TiLKsaNKXenCa05 Nq/iGYZJKtLApCDwH1EpUh5IqturJdemWjWzAa8yNuIegs2/uO0QLtSgvRz6yy1HCDI5 oTsvbH5kpVDhTEquWrRghKiVb34qfa51ib4cgb/U3lBJTLyo5yXiq7SjBs78jHqNh34F cINw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=wU08I2ZG10b2fmIPa9LwHOccoGJhUMJmgP8DNKpnQ8w=; b=DmACwJm0gx6jFetgtUe5Bf6d+M/eKGSeOdzcnOWBao4Lj8XzX2E6A0oDYxUesCoMmL jGoxpQI+d0EWAGhE9G54EO7GpBYOolH1u18gImdHMRhgKuqp3TI9aiAZ3PUKQv3yBuZ1 FNEBUsDbTizwOQWjWLa5lqR8nbup/fXCbu5sFGNkTReSYorSIddWJN2JoZBhaulv7YUq id7ZP4ktfOsfB+xZnQdMCOntL4kHxfKsWaNfuf35eqi2xJboFn5tybOiweTFERjSsxoj ywGKlKxM6uOcU4NxblIFOrpWDiFxatt98m5Zzeh3C5ioccr6C0qNZDIYIXPD6IdilJY7 M9GA==
X-Gm-Message-State: AOPr4FVd257mqZMAzxylGmxGEbeonHYZbkufrjGZfqvjiTkEc4SDmEZpKNQL2jsUT97U8PdUz1lnP3CsfvXO4w==
MIME-Version: 1.0
X-Received: by 10.140.41.200 with SMTP id z66mr9985279qgz.20.1463890891641; Sat, 21 May 2016 21:21:31 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.55.25.105 with HTTP; Sat, 21 May 2016 21:21:31 -0700 (PDT)
In-Reply-To: <20160519202134.GP12994@cisco.com>
References: <20160519175701.17290.47241.idtracker@ietfa.amsl.com> <CALx6S377qRfq7ufRVUx6Yn7ec4=EmK_=FL14PWT_qf4g840mbQ@mail.gmail.com> <20160519185943.GM12994@cisco.com> <CALx6S37qPpKpCT6ZpVQwRWf1XFKESYasOBcz26To9zw0GRyz5Q@mail.gmail.com> <20160519202134.GP12994@cisco.com>
Date: Sun, 22 May 2016 00:21:31 -0400
X-Google-Sender-Auth: JugKPW60ytD-TLSICZpx8AmdvTk
Message-ID: <CAMm+LwiPGgTyLqOtY21zo7M9ZRwQnH7CZg+j87YBiQqVXS+D1w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Toerless Eckert <eckert@cisco.com>
Content-Type: multipart/alternative; boundary="001a11c13b84961aff053366a8c8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/aRVd3QUjBdNneLw4k3KLRyLkab0>
Cc: Tom Herbert <tom@herbertland.com>, spud <spud@ietf.org>
Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2016 04:21:33 -0000

On Thu, May 19, 2016 at 4:21 PM, Toerless Eckert <eckert@cisco.com> wrote:

>
> TLS should not be attackable this way. Isn't this fixed in 1.3 ? You don't
> want
> to be a baby sitter for TLS. TLS has to be a standalone babysitter. That
> why we
> hired it ;-)


There is nothing in TLS to stop it being attacked. All TLS can do is to
prevent certain attacks from succeeding and it is only designed to prevent
Confidentiality or Integrity attacks.

TLS isn't at all good at stopping denial of service attacks. When an attack
occurs, there isn't much that can be done apart from closing the socket and
trying again.

If you want to add in robustness, you need to be able to detect which of
your TCP packets were mangled and that really isn't possible in user space.

v2.23.0 | Report a Bug | By Email