IETF Logo Mail Archive

Re: [Spud] endpoint control

Brian Trammell <ietf@trammell.ch> Thu, 23 June 2016 09:21 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5D012E17F for <spud@ietfa.amsl.com>; Thu, 23 Jun 2016 02:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umzywiuOtx7V for <spud@ietfa.amsl.com>; Thu, 23 Jun 2016 02:21:52 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 6380B12E187 for <spud@ietf.org>; Thu, 23 Jun 2016 02:15:47 -0700 (PDT)
Received: from [IPv6:2001:67c:10ec:2a49:8000::10d6] (unknown [IPv6:2001:67c:10ec:2a49:8000::10d6]) by trammell.ch (Postfix) with ESMTPSA id 95FE71A16F7; Thu, 23 Jun 2016 11:15:46 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_A4603F7B-146B-4837-92C8-CD78ACA61C2C"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <F6C28B32DA084644BB6C8D0BD65B669DC0CDA2@NKGEML515-MBX.china.huawei.com>
Date: Thu, 23 Jun 2016 11:15:46 +0200
Message-Id: <1D5C1BA4-4359-4DC9-B1BA-2DF576AD4A92@trammell.ch>
References: <F797C2D5-3FF6-496F-98FB-0487E5573B2A@gmail.com> <57690A66.3050502@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C7D3@NKGEML515-MBX.china.huawei.com> <095C2E5D-D235-4017-91E2-9B437D8DBDD0@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C8F5@NKGEML515-MBX.china.huawei.com> <C9C09C19-F620-47BC-91C2-00A351E65C2E@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0CD4C@NKGEML515-MBX.china.huawei.com> <4F02B71A-5F3F-4595-8661-51CE07E9F0E5@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0CDA2@NKGEML515-MBX.china.huawei.com>
To: Youjianjie <youjianjie@huawei.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/kC4ClvvZ7w89fOiMSL5N1gyvN54>
Cc: Aaron Falk <aaron.falk@gmail.com>, spud <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2016 09:21:55 -0000

> On 23 Jun 2016, at 10:55, Youjianjie <youjianjie@huawei.com> wrote:
> 
> Hi Brian,
> 
> Thanks for the reply.
> 
>> I think at this point mechanisms for *establishing* these relationships are out
>> of scope for a future PLUS WG (at least, they were left out of the charter
>> deliberately), since we're really talking about the design of new multiparty
>> cryptographic protocols. But I notice that the mechanism we're discussing here
>> two primitives (provide information to the path that at least the remote
>> endpoint can verify is authentic, retrieve information from the path with
>> sender permission) on top of which such protocols could be designed.
> 
> (1) If the information is provided to the path, why the remote endpoint needs to verify authentic? Is this information also useful for the remote endpoint?

It may be; one could envision future transports over PLUS where part of the header is exposed but integrity protected, and the rest is encrypted. Integrity protection of the PLUS-exposed information reduces redundancy in the encrypted headers in this case.

The other reason to do this is to detect and react to unauthorized meddling in the PLUS header: this would appear as an error to the receiver's transport layer, which could then reset the connection. In this way the receiver acts as the verifier on behalf of all devices on path.

> (2) Even if the retrieved information from the path with sender permission, the receiver cannot verify the information (i.e. content) is authentic?

Correct.

Cheers,

Brian

> Thanks,
> Jianjie
> 
>> -----邮件原件-----
>> 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
>> 发送时间: 2016年6月23日 16:11
>> 收件人: Youjianjie
>> 抄送: Aaron Falk; spud
>> 主题: Re: [Spud] endpoint control
>> 
>> 
>>> On 23 Jun 2016, at 10:03, Youjianjie <youjianjie@huawei.com> wrote:
>>> 
>>> Hi Brian,
>>> 
>>> I'm wondering how the endpoint verifies the information provided by the
>> device on path?
>> 
>> In the basic mechanism I've outlined here, it doesn't. If there exists some
>> relationship between the endpoint and the device on path, then the
>> information provided with in the PLUS header can itself be MAC'd with a key
>> exchanged when that relationship is established.
>> 
>>> Is it also assumed that the key is provided by the superstrate transport
>> between the device on path and the endpoint?
>> 
>> No, that doesn't really make any sense, because the transport is end-to-end (as
>> was the original intent of the network/transport layer separation). Any key for
>> authenticating and verifying endpoint-provided information would have to
>> reside in the PLUS layer on the endpoint.
>> 
>> I think at this point mechanisms for *establishing* these relationships are out
>> of scope for a future PLUS WG (at least, they were left out of the charter
>> deliberately), since we're really talking about the design of new multiparty
>> cryptographic protocols. But I notice that the mechanism we're discussing here
>> two primitives (provide information to the path that at least the remote
>> endpoint can verify is authentic, retrieve information from the path with
>> sender permission) on top of which such protocols could be designed.
>> 
>> Cheers,
>> 
>> Brian
>> 
>>> Thanks,
>>> Jianjie
>>> 
>>>> -----邮件原件-----
>>>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>>>> 发送时间: 2016年6月22日 18:45
>>>> 收件人: Youjianjie
>>>> 抄送: Aaron Falk; spud
>>>> 主题: Re: [Spud] endpoint control
>>>> 
>>>> 
>>>>> On 22 Jun 2016, at 11:35, Youjianjie <youjianjie@huawei.com> wrote:
>>>>> 
>>>>> Hi Brian,
>>>>> 
>>>>> Thanks for your prompt reply. Please see my comments below:
>>>>> 
>>>>>> -----邮件原件-----
>>>>>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>>>>>> 发送时间: 2016年6月22日 16:56
>>>>>> 收件人: Youjianjie
>>>>>> 抄送: Aaron Falk; spud
>>>>>> 主题: Re: [Spud] endpoint control
>>>>>> 
>>>>>> hi Jianjie,
>>>>>> 
>>>>>>> On 22 Jun 2016, at 09:09, Youjianjie <youjianjie@huawei.com> wrote:
>>>>>>> 
>>>>>>> Hi Brian,
>>>>>>> 
>>>>>>> (1) For forward signaling, the sending endpoint must place
>>>>>>> "scratch space" in
>>>>>> the packet with a label on it stating that it's okay to modify;
>>>>>> this okay-to-modify state is enforced by a MAC which only verifies
>>>>>> the length but not the content of the scratch space.
>>>>>>> 
>>>>>>> Could you please elaborate how a MAC is used to enforce the
>>>>>>> okay-to-modify
>>>>>> state? Is it only applicable to L2 network?
>>>>>> 
>>>>>> Sorry, acronym collision. Here MAC = message authentication code,
>>>>>> not medium access control.
>>>>>> 
>>>>>>> Is it a designed field in the PLUS header?
>>>>>> 
>>>>>> There isn't a "PLUS header" yet; we're only talking about potential
>>>>>> mechanisms that could be implemented within one. Here, the idea is
>>>>>> that you have some encoding that allows you to place labeled data
>>>>>> in the PLUS header (from the SPUD prototype experience, we like
>>>>>> CBOR, but this is a technical detail).
>>>>>> 
>>>>>> Some of the types/keys in this data structure are designated
>>>>>> end-to-end, and some of the types/keys are designated path-modifiable.
>>>>>> 
>>>>>> The MAC is generated by the sending endpoint using a secret shared
>>>>>> by both endpoints, and covers:
>>>>> 
>>>>> How is the secret shared between both endpoints? The endpoints need
>>>>> to
>>>> establish a connection to exchange keys?
>>>> 
>>>> Yes. This is assumed to be provided by the superstrate transport.
>>>>> 
>>>>>> (1) the presence and content of end-to-end PLUS header information
>>>>> 
>>>>> Do you mean that this information is encrypted using the shared secret?
>>>> Only both endpoints can know the content?
>>>> 
>>>> No, the MAC is generated using the shared secret, so that it cannot
>>>> be forged by on-path devices. The information itself is in the clear.
>>>> 
>>>> Cheers,
>>>> 
>>>> Brian
>>>> 
>>>>>> (2) the presence and length of path-modifiable PLUS header
>>>>>> information, by treating the content as a length-N byte array of zeroes.
>>>>> 
>>>>> How does the middle-box along the path interpret the PLUS header?
>>>>> Does
>>>> the middle-box also need the secret? I used to think middle-box is
>> transparent.
>>>>> 
>>>>> Thanks,
>>>>> Jianjie
>>>>> 
>>>>>> This MAC is then transmitted from the sender to the receiver in
>>>>>> encrypted form.
>>>>>> 
>>>>>> Additional MACs may also protect bits of the IP and UDP header, in
>>>>>> order to detect NAT and other sub-PLUS modifications, but these are
>>>>>> outside the scope of this question.
>>>>>> 
>>>>>> Cheers,
>>>>>> 
>>>>>> Brian
>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Jianjie
>>>>>>> 
>>>>>>> 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
>>>>>>> 发送时间: 2016年6月21日 17:36
>>>>>>> 收件人: Aaron Falk
>>>>>>> 抄送: spud
>>>>>>> 主题: Re: [Spud] endpoint control
>>>>>>> 
>>>>>>> hi Aaron,
>>>>>>> 
>>>>>>> On 06/20/2016 11:38 PM, Aaron Falk wrote:
>>>>>>> Hi Brian-
>>>>>>> 
>>>>>>> In the charter and the draft-trammel-spud-req it says
>>>>>>> 
>>>>>>> Both endpoint-to-path and path-to-endpoint signaling happen
>>>>>>> completely under endpoint control.
>>>>>>> 
>>>>>>> Without additional elaboration, one could conclude that, e.g.,
>>>>>>> permission is
>>>>>> required before a path could signal to an endpoint.  Alternatively,
>>>>>> it could be implying an endpoint has the freedom to ignore any
>>>>>> signaling
>>>> from the path.
>>>>>> I have been assuming the latter.  But now I wonder if you are
>>>>>> intentionally attempting to permit the former.  Could you clarify?
>>>>>>> 
>>>>>>> Our intention is the former: that permission is required before
>>>>>>> the path can
>>>>>> signal to the endpoint. We have two mechanisms we've been thinking
>>>>>> about for this:
>>>>>>> 
>>>>>>> (1) For forward signaling, the sending endpoint must place
>>>>>>> "scratch space" in
>>>>>> the packet with a label on it stating that it's okay to modify;
>>>>>> this okay-to-modify state is enforced by a MAC which only verifies
>>>>>> the length but not the content of the scratch space.
>>>>>>> 
>>>>>>> (2) For direct reverse signaling, a path element may not send a
>>>>>>> direct reverse
>>>>>> signaling packet to a sender unless it has also dropped a forward
>>>>>> packet from the sender to receiver. This second mechanism is less
>>>>>> about permission and more about reducing the attractiveness of PLUS
>>>>>> for amplification/reflection attacks.
>>>>>>> 
>>>>>>> In any case, endpoints (and path elements) can ignore whatever
>>>>>>> they want to
>>>>>> from the PLUS-exposed information; it's what's in the encrypted
>>>>>> transport layer headers that matters to the transport protocol on
>>>>>> the
>>>> endpoint.
>>>>>>> 
>>>>>>> Cheers,
>>>>>>> 
>>>>>>> Brian
>>>>>>> 
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> —aaron
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> Spud mailing list
>>>>>>> Spud@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/spud
>>>>>>> 
>>>>> 
>>> 
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

v2.23.0 | Report a Bug | By Email