IETF Logo Mail Archive

Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt

Martin Thomson <martin.thomson@gmail.com> Tue, 02 January 2018 21:34 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAEF012D832 for <stackevo@ietfa.amsl.com>; Tue, 2 Jan 2018 13:34:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y52IjbFBvkdS for <stackevo@ietfa.amsl.com>; Tue, 2 Jan 2018 13:34:29 -0800 (PST)
Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B54261276AF for <stackevo@iab.org>; Tue, 2 Jan 2018 13:34:29 -0800 (PST)
Received: by mail-ot0-x242.google.com with SMTP id 14so16314820oth.9 for <stackevo@iab.org>; Tue, 02 Jan 2018 13:34:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OIfRvc5TNyC9bi2zzkVj0trhZi1Pw3tgkN9i4Jy3Lmc=; b=A1/LOa5Tf+bC2uKsmHerIq/mKyypsthqDiemHwHeUBlF9usduMSZpAjk87aZYqzCCW WFIDPJhEd106vxxkMM9wVEywpZRF1wc8X7v/Y8lHr4JFVSDkrE53SHthRskQnrYM6loo OHuxluOx4uCc9FlNn6IhoyMYSt+pXt6qMeLSbzkyZO6bdjeXjg/tl3qok1XqLuoL/Va+ k1lDll1G7aTNr7QlM+uLbpnq+CErhufVcREiDSPdMauZBp/Wq79ZRjrOsoH4K/ISrtJv 3kJFv9Y9afmchSG+6MxDrKEVnWSE/FnYAHe+wYIkje2rSuI3laaOT+d9cZj30JqsnP/x M+vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OIfRvc5TNyC9bi2zzkVj0trhZi1Pw3tgkN9i4Jy3Lmc=; b=GGBg4unetRTUZDSY44R8dn0pJLDf6VjLORYhLK1mZcDPq/b961PC8wVDKsinON63T2 dRWg8ZsuJa+ZRKObNHDDM5mZqjC+av8ilsNMuyEeHJncl2r69GsA5s1sVAecaYmOH9oV u2UuROa1Q/hp39zdCyXlGL1aNX1JtYtXUZLA7kR4USPIXX3X7dQm6z8C37LiW958Z7hC Ycol7kXvPZHaDMhRia+b1MgPhcu3G/jeaYG+JelXXyZ6WdWD1EWKShYlm176dfV3YrV3 rNkaw7RpHOf9qeIah8ZtBZTfCAo7K9NDn+FRPB5PE7Ud7saqkkV3EkUAITlLoeYxSn9U 8zGg==
X-Gm-Message-State: AKGB3mKr3GGUeuDOg7R7ZFWPXh0kROVBh6Zm/JALSY0RsB1kRDrDzB9u p+bPrHVU2TgbEiQb6lIB1NjoSH2Lpk7wAL0dJnM=
X-Google-Smtp-Source: ACJfBoviJguiWtU0HHfhy8IYPWslgpxKWloFqwKltzDzVh+vEvLKQngCJwLc/u8cG197NA+I3pLiH+femSDQQp2Gwm0=
X-Received: by 10.157.35.229 with SMTP id t92mr13501553otb.16.1514928868883; Tue, 02 Jan 2018 13:34:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.182 with HTTP; Tue, 2 Jan 2018 13:34:28 -0800 (PST)
In-Reply-To: <CA+9kkMCHX5M9H5CzpdkA0F+xVm-7QsCGZ2xHF+Vtb2wrkB_VTA@mail.gmail.com>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com> <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com> <CA+9kkMCHX5M9H5CzpdkA0F+xVm-7QsCGZ2xHF+Vtb2wrkB_VTA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 03 Jan 2018 08:34:28 +1100
Message-ID: <CABkgnnVT+g-AJzvHZnNRV-gtNqvtrB-MFAV2-efxbnTyhm6RRQ@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Eliot Lear <lear@cisco.com>, Stackevo <stackevo@iab.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/G2-aykapfxlS6tsDZsphT9XQQ3M>
Subject: Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 21:34:32 -0000

On Wed, Jan 3, 2018 at 4:51 AM, Ted Hardie <ted.ietf@gmail.com> wrote:
> On Mon, Jan 1, 2018 at 9:14 PM, Martin Thomson <martin.thomson@gmail.com>
> wrote:
>>
>> I also think that we should explicitly identify not encrypting as an
>> option.  We could still have integrity protection.  Of course, we
>> should then make it clear that rampant misguided inference is why we
>> are encrypting.  I'd put something in the introduction to Section 4
>> there.
>>
>> I have one consideration to add, probably to security considerations
>> (more on that below).  Explicit signals can be disconnected from the
>> protocol signaling machinery.  Doing so might be necessary to avoid
>> path entities inferring more from the signal than is intended.
>
>
> As a confirmation/friendly amendment, does rephrasing this as "protocol
> state machinery" work for you?  If so, I would actually strengthen this to
> "should be disconnected".  Ideally, I would like the path elements to
> consume the signals explicitly for them even if there is an unencrypted
> portion of a flow; inferring from that tends to ossify things and avoiding
> that is a key part of our aim.

Sure, the point is that the signaling that drives the protocol state
machinery at either end is distinct from the explicit signals to the
path.  I'd say that should is appropriate (even in the 2119 sense).

>> If
>> QUIC takes a spin bit, that's a clear example of where we take RTT
>> information and signal that, but we separate that signal from all of
>> the rich acknowledgment information the protocol really needs.
>> However, this split creates a potential for those signals to be
>> incorrect or even for them to be falsified, presumably with the intent
>> of manipulating path entities in some way.
>>
>> I don't think that we need any specific mitigation, but we should
>> recognize that this is a natural consequence of the recommendations in
>> the draft.  That isn't strictly a negative outcome either.  One
>> conceivable - but actually highly unlikely - outcome of designing
>> explicit signals is that intermediaries might insist on a certain set
>> of signals before a packet is allowed to pass ("give me SNI or I kill
>> your flow").  A signal that isn't directly coupled to the actual
>> protocol machinery can be falsified to appease a middlebox, even in
>> cases where the endpoint might otherwise prefer not to provide the
>> information.  I wouldn't include all that exposition though, just note
>> that falsification is possible, without affecting the e2e protocol
>> operation.
>>
>> On structure, I think that the bulk of the security considerations are
>> better moved elsewhere.  The bullet list seems to belong in Section 5.
>>
>> (I agree with Eliot regarding editing.  There are quite a number of
>> typos that I would have sent a PR for, had there been a destination
>> that a PR could be directed toward.)
>>
>
> I'll get it onto github.  Since I generally start that by cloning one of
> your repos, which is the current one to crib from?

I generally point people at
https://github.com/martinthomson/i-d-template/blob/master/doc/REPO.md#fast-setup
now.  But you can crib from
https://github.com/martinthomson/postel-was-wrong/ which I keep up to
date.

v2.23.0 | Report a Bug | By Email