Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
Ted Hardie <ted.ietf@gmail.com> Tue, 02 January 2018 21:51 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FD60126CBF for <stackevo@ietfa.amsl.com>; Tue, 2 Jan 2018 13:51:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISgmvbdFHozu for <stackevo@ietfa.amsl.com>; Tue, 2 Jan 2018 13:51:06 -0800 (PST)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33FDD1242F7 for <stackevo@iab.org>; Tue, 2 Jan 2018 13:51:06 -0800 (PST)
Received: by mail-qt0-x22a.google.com with SMTP id g10so64755035qtj.12 for <stackevo@iab.org>; Tue, 02 Jan 2018 13:51:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RveXPjCWVLY0/SLAS2ZEGtfDADY8rsq4yk1Tz4EEzGQ=; b=MjTVC29O3jpBePDwqcRPXiH0jdjpNSDHknFpUFHmwdkMfPQ8oRtg83+D73P9MSa8lu O/RZolnHuDyyT44qjwqNdp+gVxBl4sbwiSwPS/l1hpsPeTkagsgZZA/qE3D5WciFPEdz OTm4UsQpO1i5ugF5M7pdFY3bdTSZAuy447y3giqWTHUT86QGqOd0uOF9JgBcGym4xv+/ H+GFf04wzQqjS89d8SkhK6VC2LIwCGkwy9W7EgpulMhB8MeD9mlYyq34NBf0t8mLpkqJ 7Vgo/zzE3ndXZzwz8TaQHdVZKEe9G4K8SDarM9Ual5JwIyIomGLEQ2s4b61q4cdHd5ZX AVeA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RveXPjCWVLY0/SLAS2ZEGtfDADY8rsq4yk1Tz4EEzGQ=; b=X2b/qloJ6UVRahPJKqwnpfOP0TP56A+Z3GTNUGB4VSkrmeSYtnvDM6uPZhwU31BIP0 esPwwswm5BUsBDa4tIdBWaSn11+i6bTf0n2T73AXNmCiGBAU5e5rHUulxAvwBa1M7UrU bTdrru9CkFjnUoTOY4lemuHjWgdaBav2xzSv3KXAU0zgFyR69pO3KIMhUsu66UMmE1q3 SElSO2v2HNxPv1DcTsFrQuwAlB40dzGpw9KvTMWZzKF3N+yT3gcRmvnIDI9b8RWRReaP /aPpEBmYh9cxy1nF4DpezoD+LFPHnHzmzZWGGzPtpT9O13R9VdSitBRy5Qt3S51h/oIV 6MPA==
X-Gm-Message-State: AKGB3mJatmKbzZqkSEpsE1Uzx3mb1Nf3cfH2UhzEnuvjpj5QB83J31DF jasPLNHyRGSr9Dr+UW0YXRlrxZXi1jWTQ0JhYJ4=
X-Google-Smtp-Source: ACJfBouYDb1VnGR77dgmFq/Ojd4T6MCVtm2KgLZ9KfZjIu4HRrOigmZH1o8vxmVLuIM43ss56Ac/7ZzmYj7OocJtf5Y=
X-Received: by 10.200.34.239 with SMTP id g44mr65510754qta.11.1514929865084; Tue, 02 Jan 2018 13:51:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.36.169 with HTTP; Tue, 2 Jan 2018 13:50:34 -0800 (PST)
In-Reply-To: <CABkgnnVT+g-AJzvHZnNRV-gtNqvtrB-MFAV2-efxbnTyhm6RRQ@mail.gmail.com>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com> <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com> <CA+9kkMCHX5M9H5CzpdkA0F+xVm-7QsCGZ2xHF+Vtb2wrkB_VTA@mail.gmail.com> <CABkgnnVT+g-AJzvHZnNRV-gtNqvtrB-MFAV2-efxbnTyhm6RRQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 02 Jan 2018 13:50:34 -0800
Message-ID: <CA+9kkMDDkpEsVN_qZxJb_4hE1GUYtWYA2E5OPBPG804ChoThpQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Eliot Lear <lear@cisco.com>, Stackevo <stackevo@iab.org>
Content-Type: multipart/alternative; boundary="001a1141588e77d79a0561d21886"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/NUYLF0fvV3ET5aanZkZdgv_wtWM>
Subject: Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 21:51:08 -0000
The new repo is at: https://github.com/hardie/path-signals PR away.... Ted On Tue, Jan 2, 2018 at 1:34 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On Wed, Jan 3, 2018 at 4:51 AM, Ted Hardie <ted.ietf@gmail.com> wrote: > > On Mon, Jan 1, 2018 at 9:14 PM, Martin Thomson <martin.thomson@gmail.com > > > > wrote: > >> > >> I also think that we should explicitly identify not encrypting as an > >> option. We could still have integrity protection. Of course, we > >> should then make it clear that rampant misguided inference is why we > >> are encrypting. I'd put something in the introduction to Section 4 > >> there. > >> > >> I have one consideration to add, probably to security considerations > >> (more on that below). Explicit signals can be disconnected from the > >> protocol signaling machinery. Doing so might be necessary to avoid > >> path entities inferring more from the signal than is intended. > > > > > > As a confirmation/friendly amendment, does rephrasing this as "protocol > > state machinery" work for you? If so, I would actually strengthen this > to > > "should be disconnected". Ideally, I would like the path elements to > > consume the signals explicitly for them even if there is an unencrypted > > portion of a flow; inferring from that tends to ossify things and > avoiding > > that is a key part of our aim. > > Sure, the point is that the signaling that drives the protocol state > machinery at either end is distinct from the explicit signals to the > path. I'd say that should is appropriate (even in the 2119 sense). > > >> If > >> QUIC takes a spin bit, that's a clear example of where we take RTT > >> information and signal that, but we separate that signal from all of > >> the rich acknowledgment information the protocol really needs. > >> However, this split creates a potential for those signals to be > >> incorrect or even for them to be falsified, presumably with the intent > >> of manipulating path entities in some way. > >> > >> I don't think that we need any specific mitigation, but we should > >> recognize that this is a natural consequence of the recommendations in > >> the draft. That isn't strictly a negative outcome either. One > >> conceivable - but actually highly unlikely - outcome of designing > >> explicit signals is that intermediaries might insist on a certain set > >> of signals before a packet is allowed to pass ("give me SNI or I kill > >> your flow"). A signal that isn't directly coupled to the actual > >> protocol machinery can be falsified to appease a middlebox, even in > >> cases where the endpoint might otherwise prefer not to provide the > >> information. I wouldn't include all that exposition though, just note > >> that falsification is possible, without affecting the e2e protocol > >> operation. > >> > >> On structure, I think that the bulk of the security considerations are > >> better moved elsewhere. The bullet list seems to belong in Section 5. > >> > >> (I agree with Eliot regarding editing. There are quite a number of > >> typos that I would have sent a PR for, had there been a destination > >> that a PR could be directed toward.) > >> > > > > I'll get it onto github. Since I generally start that by cloning one of > > your repos, which is the current one to crib from? > > I generally point people at > https://github.com/martinthomson/i-d-template/ > blob/master/doc/REPO.md#fast-setup > now. But you can crib from > https://github.com/martinthomson/postel-was-wrong/ which I keep up to > date. >
- [Stackevo] Fwd: New Version Notification for draf… Ted Hardie
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] New Version Notification for draft… Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)