IETF Logo Mail Archive

Re: [Spud] endpoint control

Brian Trammell <ietf@trammell.ch> Mon, 27 June 2016 10:13 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFCD312D0CE for <spud@ietfa.amsl.com>; Mon, 27 Jun 2016 03:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZSYrtL19Y-t for <spud@ietfa.amsl.com>; Mon, 27 Jun 2016 03:12:57 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 82C5712D0C3 for <spud@ietf.org>; Mon, 27 Jun 2016 03:12:57 -0700 (PDT)
Received: from public-docking-cx-2967.ethz.ch (public-docking-pat-cx-mapped-0014.ethz.ch [195.176.111.15]) by trammell.ch (Postfix) with ESMTPSA id 71DEE1A0F78; Mon, 27 Jun 2016 12:12:56 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_447BC95B-9C95-4711-B451-F637B2CD922E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <F6C28B32DA084644BB6C8D0BD65B669DC0DB7E@NKGEML515-MBX.china.huawei.com>
Date: Mon, 27 Jun 2016 12:12:55 +0200
Message-Id: <BC619463-78CE-4E77-B18F-765E9667CB8B@trammell.ch>
References: <F797C2D5-3FF6-496F-98FB-0487E5573B2A@gmail.com> <57690A66.3050502@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C7D3@NKGEML515-MBX.china.huawei.com> <095C2E5D-D235-4017-91E2-9B437D8DBDD0@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0C8F5@NKGEML515-MBX.china.huawei.com> <C9C09C19-F620-47BC-91C2-00A351E65C2E@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0CD4C@NKGEML515-MBX.china.huawei.com> <4F02B71A-5F3F-4595-8661-51CE07E9F0E5@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0CDA2@NKGEML515-MBX.china.huawei.com> <1D5C1BA4-4359-4DC9-B1BA-2DF576AD4A92@trammell.ch> <F6C28B32DA084644BB6C8D0BD65B669DC0DB7E@NKGEML515-MBX.china.huawei.com>
To: Youjianjie <youjianjie@huawei.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/pz4f2UgAng46kgioTk5bmiyZ_6M>
Cc: Aaron Falk <aaron.falk@gmail.com>, spud <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2016 10:13:01 -0000

> On 27 Jun 2016, at 12:06, Youjianjie <youjianjie@huawei.com> wrote:
> 
> Hi Brian,
> 
> Further comments below:
> 
> Thanks,
> Jianjie
>> -----邮件原件-----
>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>> 发送时间: 2016年6月23日 17:16
>> 收件人: Youjianjie
>> 抄送: Aaron Falk; spud
>> 主题: Re: [Spud] endpoint control
>> 
>> 
>>> On 23 Jun 2016, at 10:55, Youjianjie <youjianjie@huawei.com> wrote:
>>> 
>>> Hi Brian,
>>> 
>>> Thanks for the reply.
>>> 
>>>> I think at this point mechanisms for *establishing* these
>>>> relationships are out of scope for a future PLUS WG (at least, they
>>>> were left out of the charter deliberately), since we're really
>>>> talking about the design of new multiparty cryptographic protocols.
>>>> But I notice that the mechanism we're discussing here two primitives
>>>> (provide information to the path that at least the remote endpoint
>>>> can verify is authentic, retrieve information from the path with sender
>> permission) on top of which such protocols could be designed.
>>> 
>>> (1) If the information is provided to the path, why the remote endpoint
>> needs to verify authentic? Is this information also useful for the remote
>> endpoint?
>> 
>> It may be; one could envision future transports over PLUS where part of the
>> header is exposed but integrity protected, and the rest is encrypted. Integrity
>> protection of the PLUS-exposed information reduces redundancy in the
>> encrypted headers in this case.
>> 
>> The other reason to do this is to detect and react to unauthorized meddling in
>> the PLUS header: this would appear as an error to the receiver's transport layer,
>> which could then reset the connection. In this way the receiver acts as the
>> verifier on behalf of all devices on path.
> 
> Here, does the unauthorized meddling means "type or length" of the reserved space in the PLUS header is modified by the middle-box? However if "content" of the reserved space is modified, it is reasonable?

The reserved space is in this case intended to be modified by on-path devices. If we lived in a world in which it was reasonable to assume that we could exchange keys with and maintain certificates for every potential middlebox on path, we could use that cryptographic context to verify this information. But we don't, so we can't. Building multiparty cryptographic protocols that would be suited to this sort of thing is an area of open research; once designed, such a thing could run on top of this unprotected facility provided by PLUS.

> So if the sender wants some information from path, it should specify the type and length first in the header, then path fills the content accordingly. If the information is verified by the receiver, it will be signaled back to the sender by the receiver.

Precisely.

Cheers,

Brian

> 
>>> (2) Even if the retrieved information from the path with sender permission,
>> the receiver cannot verify the information (i.e. content) is authentic?
>> 
>> Correct.
>> 
>> Cheers,
>> 
>> Brian
>> 
>>> Thanks,
>>> Jianjie
>>> 
>>>> -----邮件原件-----
>>>> 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
>>>> 发送时间: 2016年6月23日 16:11
>>>> 收件人: Youjianjie
>>>> 抄送: Aaron Falk; spud
>>>> 主题: Re: [Spud] endpoint control
>>>> 
>>>> 
>>>>> On 23 Jun 2016, at 10:03, Youjianjie <youjianjie@huawei.com> wrote:
>>>>> 
>>>>> Hi Brian,
>>>>> 
>>>>> I'm wondering how the endpoint verifies the information provided by
>>>>> the
>>>> device on path?
>>>> 
>>>> In the basic mechanism I've outlined here, it doesn't. If there
>>>> exists some relationship between the endpoint and the device on path,
>>>> then the information provided with in the PLUS header can itself be
>>>> MAC'd with a key exchanged when that relationship is established.
>>>> 
>>>>> Is it also assumed that the key is provided by the superstrate
>>>>> transport
>>>> between the device on path and the endpoint?
>>>> 
>>>> No, that doesn't really make any sense, because the transport is
>>>> end-to-end (as was the original intent of the network/transport layer
>>>> separation). Any key for authenticating and verifying
>>>> endpoint-provided information would have to reside in the PLUS layer on
>> the endpoint.
>>>> 
>>>> I think at this point mechanisms for *establishing* these
>>>> relationships are out of scope for a future PLUS WG (at least, they
>>>> were left out of the charter deliberately), since we're really
>>>> talking about the design of new multiparty cryptographic protocols.
>>>> But I notice that the mechanism we're discussing here two primitives
>>>> (provide information to the path that at least the remote endpoint
>>>> can verify is authentic, retrieve information from the path with sender
>> permission) on top of which such protocols could be designed.
>>>> 
>>>> Cheers,
>>>> 
>>>> Brian
>>>> 
>>>>> Thanks,
>>>>> Jianjie
>>>>> 
>>>>>> -----邮件原件-----
>>>>>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>>>>>> 发送时间: 2016年6月22日 18:45
>>>>>> 收件人: Youjianjie
>>>>>> 抄送: Aaron Falk; spud
>>>>>> 主题: Re: [Spud] endpoint control
>>>>>> 
>>>>>> 
>>>>>>> On 22 Jun 2016, at 11:35, Youjianjie <youjianjie@huawei.com> wrote:
>>>>>>> 
>>>>>>> Hi Brian,
>>>>>>> 
>>>>>>> Thanks for your prompt reply. Please see my comments below:
>>>>>>> 
>>>>>>>> -----邮件原件-----
>>>>>>>> 发件人: Brian Trammell [mailto:ietf@trammell.ch]
>>>>>>>> 发送时间: 2016年6月22日 16:56
>>>>>>>> 收件人: Youjianjie
>>>>>>>> 抄送: Aaron Falk; spud
>>>>>>>> 主题: Re: [Spud] endpoint control
>>>>>>>> 
>>>>>>>> hi Jianjie,
>>>>>>>> 
>>>>>>>>> On 22 Jun 2016, at 09:09, Youjianjie <youjianjie@huawei.com>
>> wrote:
>>>>>>>>> 
>>>>>>>>> Hi Brian,
>>>>>>>>> 
>>>>>>>>> (1) For forward signaling, the sending endpoint must place
>>>>>>>>> "scratch space" in
>>>>>>>> the packet with a label on it stating that it's okay to modify;
>>>>>>>> this okay-to-modify state is enforced by a MAC which only
>>>>>>>> verifies the length but not the content of the scratch space.
>>>>>>>>> 
>>>>>>>>> Could you please elaborate how a MAC is used to enforce the
>>>>>>>>> okay-to-modify
>>>>>>>> state? Is it only applicable to L2 network?
>>>>>>>> 
>>>>>>>> Sorry, acronym collision. Here MAC = message authentication code,
>>>>>>>> not medium access control.
>>>>>>>> 
>>>>>>>>> Is it a designed field in the PLUS header?
>>>>>>>> 
>>>>>>>> There isn't a "PLUS header" yet; we're only talking about
>>>>>>>> potential mechanisms that could be implemented within one. Here,
>>>>>>>> the idea is that you have some encoding that allows you to place
>>>>>>>> labeled data in the PLUS header (from the SPUD prototype
>>>>>>>> experience, we like CBOR, but this is a technical detail).
>>>>>>>> 
>>>>>>>> Some of the types/keys in this data structure are designated
>>>>>>>> end-to-end, and some of the types/keys are designated
>> path-modifiable.
>>>>>>>> 
>>>>>>>> The MAC is generated by the sending endpoint using a secret
>>>>>>>> shared by both endpoints, and covers:
>>>>>>> 
>>>>>>> How is the secret shared between both endpoints? The endpoints
>>>>>>> need to
>>>>>> establish a connection to exchange keys?
>>>>>> 
>>>>>> Yes. This is assumed to be provided by the superstrate transport.
>>>>>>> 
>>>>>>>> (1) the presence and content of end-to-end PLUS header
>>>>>>>> information
>>>>>>> 
>>>>>>> Do you mean that this information is encrypted using the shared secret?
>>>>>> Only both endpoints can know the content?
>>>>>> 
>>>>>> No, the MAC is generated using the shared secret, so that it cannot
>>>>>> be forged by on-path devices. The information itself is in the clear.
>>>>>> 
>>>>>> Cheers,
>>>>>> 
>>>>>> Brian
>>>>>> 
>>>>>>>> (2) the presence and length of path-modifiable PLUS header
>>>>>>>> information, by treating the content as a length-N byte array of zeroes.
>>>>>>> 
>>>>>>> How does the middle-box along the path interpret the PLUS header?
>>>>>>> Does
>>>>>> the middle-box also need the secret? I used to think middle-box is
>>>> transparent.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Jianjie
>>>>>>> 
>>>>>>>> This MAC is then transmitted from the sender to the receiver in
>>>>>>>> encrypted form.
>>>>>>>> 
>>>>>>>> Additional MACs may also protect bits of the IP and UDP header,
>>>>>>>> in order to detect NAT and other sub-PLUS modifications, but
>>>>>>>> these are outside the scope of this question.
>>>>>>>> 
>>>>>>>> Cheers,
>>>>>>>> 
>>>>>>>> Brian
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> Jianjie
>>>>>>>>> 
>>>>>>>>> 发件人: Spud [mailto:spud-bounces@ietf.org] 代表 Brian Trammell
>>>>>>>>> 发送时间: 2016年6月21日 17:36
>>>>>>>>> 收件人: Aaron Falk
>>>>>>>>> 抄送: spud
>>>>>>>>> 主题: Re: [Spud] endpoint control
>>>>>>>>> 
>>>>>>>>> hi Aaron,
>>>>>>>>> 
>>>>>>>>> On 06/20/2016 11:38 PM, Aaron Falk wrote:
>>>>>>>>> Hi Brian-
>>>>>>>>> 
>>>>>>>>> In the charter and the draft-trammel-spud-req it says
>>>>>>>>> 
>>>>>>>>> Both endpoint-to-path and path-to-endpoint signaling happen
>>>>>>>>> completely under endpoint control.
>>>>>>>>> 
>>>>>>>>> Without additional elaboration, one could conclude that, e.g.,
>>>>>>>>> permission is
>>>>>>>> required before a path could signal to an endpoint.
>>>>>>>> Alternatively, it could be implying an endpoint has the freedom
>>>>>>>> to ignore any signaling
>>>>>> from the path.
>>>>>>>> I have been assuming the latter.  But now I wonder if you are
>>>>>>>> intentionally attempting to permit the former.  Could you clarify?
>>>>>>>>> 
>>>>>>>>> Our intention is the former: that permission is required before
>>>>>>>>> the path can
>>>>>>>> signal to the endpoint. We have two mechanisms we've been
>>>>>>>> thinking about for this:
>>>>>>>>> 
>>>>>>>>> (1) For forward signaling, the sending endpoint must place
>>>>>>>>> "scratch space" in
>>>>>>>> the packet with a label on it stating that it's okay to modify;
>>>>>>>> this okay-to-modify state is enforced by a MAC which only
>>>>>>>> verifies the length but not the content of the scratch space.
>>>>>>>>> 
>>>>>>>>> (2) For direct reverse signaling, a path element may not send a
>>>>>>>>> direct reverse
>>>>>>>> signaling packet to a sender unless it has also dropped a forward
>>>>>>>> packet from the sender to receiver. This second mechanism is less
>>>>>>>> about permission and more about reducing the attractiveness of
>>>>>>>> PLUS for amplification/reflection attacks.
>>>>>>>>> 
>>>>>>>>> In any case, endpoints (and path elements) can ignore whatever
>>>>>>>>> they want to
>>>>>>>> from the PLUS-exposed information; it's what's in the encrypted
>>>>>>>> transport layer headers that matters to the transport protocol on
>>>>>>>> the
>>>>>> endpoint.
>>>>>>>>> 
>>>>>>>>> Cheers,
>>>>>>>>> 
>>>>>>>>> Brian
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> 
>>>>>>>>> —aaron
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> _______________________________________________
>>>>>>>>> Spud mailing list
>>>>>>>>> Spud@ietf.org
>>>>>>>>> https://www.ietf.org/mailman/listinfo/spud
>>>>>>>>> 
>>>>>>> 
>>>>> 
>>> 
>>> _______________________________________________
>>> Spud mailing list
>>> Spud@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spud
>

v2.23.0 | Report a Bug | By Email