Re: [Spud] updated draft PLUS charter, rev. 1 June
Tom Herbert <tom@herbertland.com> Fri, 10 June 2016 16:03 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EF4D12D7D8 for <spud@ietfa.amsl.com>; Fri, 10 Jun 2016 09:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jW1oa6aSJ9_A for <spud@ietfa.amsl.com>; Fri, 10 Jun 2016 09:03:31 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF04312D745 for <spud@ietf.org>; Fri, 10 Jun 2016 09:03:31 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id h190so63034263ith.1 for <spud@ietf.org>; Fri, 10 Jun 2016 09:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ZKYszJtK5l/5Krrl3ETDjmPb46N0qY5Kg9TNIOzEmSs=; b=n/gZB58G+5oFGAQsFB1GqX9ZyJtpa7K+I3V+IGP6LsJppE3M7vMOqvaL2PtkhtRsqv 9lGGhRTFSSjdEVS2T662yl+OP6xp7e1xcGCQGOLveZvY/SiYGYtPTdrrXn7ozJBG487x dI+oT8Ia97O+oNYCsEhy4dFgWtAAtgNEfWTFJUi2wN5sx6oqIpomPXJa6PtgTxeDethZ QEElxjmo1LaWhEsyKFXtOiTwf40OlcCo0+wutfI7GEcXKDRmdkxom23BNyGhs1EBTspv gLuK7YficDD1TkitT6N6ryTwU4Eq4x/ddLUttjOZVIOPXsCsCykm9/ba/oF7gczJRCGf p59A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ZKYszJtK5l/5Krrl3ETDjmPb46N0qY5Kg9TNIOzEmSs=; b=Xhl6TU3JcbrK/CnEA+zObqgeiZHz+V5YM3MSWREeORSZx0cxxAw3KT6ISF4xSGmf4X Ze7jpqqBWRqkGa2x6q1pEpSsaLHxQgdhyKSDwGgZBq1qYZX/CaVynS5vm7/7tWxN4KQA akm5ufdV6K74rZISDZxSQfFb2OOQlQQjywXXcQ9TFDDiQp+nTsLfXpoGm/AtITGQKHFK IGw8xmwBNZRhle2MBzf/+kPkK6CfxKAxkNsMGQEgkOnsOhtCLQZ599RGuwvKhvTkz7pT 4RP648f+t/iftdNgp+W5GDQLJt2AMegAo/tI0IiXiXYpAiU1tXvC1m96Ac7qMwsxhiOX QshQ==
X-Gm-Message-State: ALyK8tJ24OFqkRA7Pb4pJibqk10qM85prjtjl/BuK5E7xvdduHZDT6G+Z78M0P473rYSUgkzgyXks9XsFZ2JHQ==
MIME-Version: 1.0
X-Received: by 10.36.80.4 with SMTP id m4mr33509154itb.37.1465574610983; Fri, 10 Jun 2016 09:03:30 -0700 (PDT)
Received: by 10.107.31.202 with HTTP; Fri, 10 Jun 2016 09:03:30 -0700 (PDT)
In-Reply-To: <780953BA-CE7B-4B17-AB9A-27324246FB86@trammell.ch>
References: <85E24D9D-F666-49C3-A022-2F207227A153@trammell.ch> <CAD62q9UiLi1ffGPm=xEXOSH=sqZPv7hYiNBTGvAX52a9dhV8yg@mail.gmail.com> <CAD62q9U7XL8hDqY1VdzuvUvoz0Ec5DDLAS6=kaLxRExu7FY0Kg@mail.gmail.com> <86027402-2F05-4E3B-B9CD-26517A4F007C@tik.ee.ethz.ch> <A4C63A75-9D7E-430E-B986-9981FB929D46@gmail.com> <CA+9kkMBhJ2oCJ1avnGUY4NYTX0VWA_g=YoJSiLcy6u9hJnH-eA@mail.gmail.com> <57573DCF.1030402@isi.edu> <F6BE4EE1-D320-421E-9D86-2F30B2A88792@tik.ee.ethz.ch> <CALx6S35Z7iEp2F7+1PHzAe0qu9st_CNXB9GCzF278HehFiv0Qg@mail.gmail.com> <0f5628e2-a142-8d83-b427-d6b07183cb9e@isi.edu> <CALx6S35KXOioEK60p-m5tGE_H9MWbB=YhJ_sOcW0KP2vR80vvw@mail.gmail.com> <57574C38.6070402@isi.edu> <F44FFD3B-CE7E-45E8-9F04-233C56CA95A0@trammell.ch> <890FE014-D3F8-4D64-8BF8-95B3E4773075@trammell.ch> <CALx6S34jbmaV7vAxr1+-p2HW9i2oKv7Bb138MzsaP71zVh=PQw@mail.gmail.com> <76A9F36B-9C21-4268-8267-16D0D9A78834@trammell.ch> <CALx6S37uONysFMNJgUs430eFEUuNTMuhcYKtCPBPMs5W6godVQ@mail.gmail.com> <780953BA-CE7B-4B17-AB9A-27324246FB86@trammell.ch>
Date: Fri, 10 Jun 2016 09:03:30 -0700
Message-ID: <CALx6S374mn6pwrSMmEdE5p60zPOu+77+M6HkA8w43GBO1xLvFg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Brian Trammell <ietf@trammell.ch>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/hmdgKGDvxeIYO8cqJ-ETdz7dUfw>
Cc: spud <spud@ietf.org>
Subject: Re: [Spud] updated draft PLUS charter, rev. 1 June
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 16:03:33 -0000
> You're raising an issue with any protocol that runs over UDP in an Internet with echo servers in it, and my understanding is the arrangement you're proposing here is: Plus introduces new issues. All prior uses of UDP on the Internet have been end to end communications, application to application. PLUS is introducing the notion that UDP is used for application to network and network to application communications also. For end to end communications we can apply strong security (e.g. DTLS) so that spoofed or reflected UDP packets are not accepted. The issues are even worse if intermediate devices are allowed to modify payloads. Consider that we can not retroactively reserve a stream of bits at the beginning of every UDP payload to indicate PLUS. Regardless of how much data we collect on a set of safe bits to use, eventually some user will happen send those same exact bits in their application protocol. If such packets are modified by PLUS we now have introduced a silent data corruption. A protocol that allows silent data corruptions cannot be considered correct. > > ip > (EH for path exposure) > udp > dtls > (new protocols) > > whereas the one I think works is: > > ip > udp > plus for path exposure > dtls > (new protocols) > > I don't see how these are any different with respect to how they have to handle the echo server attack. What am I missing here? > The difference is that in case one the EH headers in a packet sent an echo server and not automatically reflected in the reply packet. In case #2 the whole UDP payload is reflected so the faux PLUS header is reflected and devices on the return path will process that information as signals to the network being sent from the Echo Server. This allows an attacker to affect the affect the devices in the reverse path. > My impression is that HBH options were being more or less deprecated, because they're largely unimplementable in hardware, due to unpredictable header chain lengths and header chain walking time. Am I incorrect here? > If nodes can't process HBH headers they can be ignored. This needs to be clarified in 2460bis. Tom
- Re: [Spud] updated draft PLUS charter, rev. 1 June 🔓Dan Wing
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ca By
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Yoav Nir
- Re: [Spud] updated draft PLUS charter, rev. 1 June Christian Huitema
- [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ca By
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Aaron Falk
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
- Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Mirja Kühlewind
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Ted Hardie
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Christian Huitema
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch
- Re: [Spud] updated draft PLUS charter, rev. 1 June Brian Trammell
- Re: [Spud] updated draft PLUS charter, rev. 1 June Tom Herbert
- Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
- Re: [Spud] updated draft PLUS charter, rev. 1 June Szilveszter Nadas
- Re: [Spud] updated draft PLUS charter, rev. 1 June Joe Touch