Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
Martin Thomson <martin.thomson@gmail.com> Tue, 02 January 2018 05:14 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE61C126C2F for <stackevo@ietfa.amsl.com>; Mon, 1 Jan 2018 21:14:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cf7LEEYy40Xx for <stackevo@ietfa.amsl.com>; Mon, 1 Jan 2018 21:14:36 -0800 (PST)
Received: from mail-ot0-x229.google.com (mail-ot0-x229.google.com [IPv6:2607:f8b0:4003:c0f::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02CD124205 for <stackevo@iab.org>; Mon, 1 Jan 2018 21:14:35 -0800 (PST)
Received: by mail-ot0-x229.google.com with SMTP id d10so4004262oti.7 for <stackevo@iab.org>; Mon, 01 Jan 2018 21:14:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jHjv6H7SHmrAaIuQrWYmk1i36ZG+g8llfkHTOhVD0GU=; b=n+tU9U3lQ0JD00L06BqG0wA/Vw3QBtY8DXhnAarJTblzfBIJXRKv/Gdkk0XhQDPd2g 8MP8F9sG3IQ5qDutrzppTJzge599lt1JOSiGhat1leAyEZq3U8jTZrQzBmZ1epRTuYJp RY7MTD5Kr68lg3udbbxGw8A5oDWuYINiUP4DoCa1F/k4D45RHqbQqKQuTP8uBJ7ohVdS X0pVYh9uImQ7QmxPbLbRkT+2EzKGPedBCtzxHTkCWv9P5AjquuH93b2nwYU9VeHJMipL J568XkbqRhZc9fSt3Qrs3Wj/XqVluHjnauY+JqRvMFJ2aDu7EDKjzOszCvZd4n9Isj8p V/qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jHjv6H7SHmrAaIuQrWYmk1i36ZG+g8llfkHTOhVD0GU=; b=gjtywHyvoVnny38ovWuL7MMashJJGo+1DM9smps16Qntk6PxkUrBl8VZomG38K/7gV nvKPcllqSYJZLTmUomM2jfEa71DX71/R46xhdg71yHj9lP2bxogTQ0RoPGxfFtuomWp0 FQ237K5FTi+wx9rzCDmcTXhP12L00aKq7hDwB0why4+CFNtTuQi+SpX/md9MO+uNxGre sYlgWdWI4a0zHgK450m2m4B4khknEk2QLFCoaS3R1GdGZfbKPm3B8pDkYQmiQN73+MnP o+7QfHjy8/FbqX7UdISQRExdVDEO7oJ1rcpCV3w4xla5RCD7F6dWR4OtMDSLEybc4w8W 56Cg==
X-Gm-Message-State: AKGB3mJsUcRZfHK7mP2zrpXCvCH8Ej7os7J8LyUW9BPquczQnEbvUkxE TLMNck9t9Aurv4eg4z4KiKtF8Rym1luW/kAzmHE=
X-Google-Smtp-Source: ACJfBos8ZVZt3+89FKi9X8e/ZnG64QCZBN2PZ9wZdgCFVoUkTSzvirGmg/78pU38IcJ6bMcCDTvUi8Bv4rTyRmf4ero=
X-Received: by 10.157.10.72 with SMTP id 66mr28470195otg.133.1514870075262; Mon, 01 Jan 2018 21:14:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.182 with HTTP; Mon, 1 Jan 2018 21:14:34 -0800 (PST)
In-Reply-To: <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 02 Jan 2018 16:14:34 +1100
Message-ID: <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, Stackevo <stackevo@iab.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/QVv4lM62xTTBhGNDNeKhqOp_rAI>
Subject: Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 05:14:38 -0000
I also think that we should explicitly identify not encrypting as an
option. We could still have integrity protection. Of course, we
should then make it clear that rampant misguided inference is why we
are encrypting. I'd put something in the introduction to Section 4
there.
I have one consideration to add, probably to security considerations
(more on that below). Explicit signals can be disconnected from the
protocol signaling machinery. Doing so might be necessary to avoid
path entities inferring more from the signal than is intended. If
QUIC takes a spin bit, that's a clear example of where we take RTT
information and signal that, but we separate that signal from all of
the rich acknowledgment information the protocol really needs.
However, this split creates a potential for those signals to be
incorrect or even for them to be falsified, presumably with the intent
of manipulating path entities in some way.
I don't think that we need any specific mitigation, but we should
recognize that this is a natural consequence of the recommendations in
the draft. That isn't strictly a negative outcome either. One
conceivable - but actually highly unlikely - outcome of designing
explicit signals is that intermediaries might insist on a certain set
of signals before a packet is allowed to pass ("give me SNI or I kill
your flow"). A signal that isn't directly coupled to the actual
protocol machinery can be falsified to appease a middlebox, even in
cases where the endpoint might otherwise prefer not to provide the
information. I wouldn't include all that exposition though, just note
that falsification is possible, without affecting the e2e protocol
operation.
On structure, I think that the bulk of the security considerations are
better moved elsewhere. The bullet list seems to belong in Section 5.
(I agree with Eliot regarding editing. There are quite a number of
typos that I would have sent a PR for, had there been a destination
that a PR could be directed toward.)
On Fri, Dec 22, 2017 at 12:00 AM, Eliot Lear <lear@cisco.com> wrote:
> Hi Ted,
>
> Following up on Brian's comment, as I wrote to you the last time, I really
> like this draft. For some reason, Section 3.1.1 seems to have suffered
> editorially and needs just a bit of work.
>
> Eliot
>
>
> On 01.12.17 00:40, Ted Hardie wrote:
>
> As discussed in the last meeting, I have updated this slightly and brought
> it back into circulation. The changes are very small (updating a reference,
> slightly enlarged pointer to fingerprinting risk).
>
> Hack away,
>
> Ted
>
>
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>
> Date: Thu, Nov 30, 2017 at 3:39 PM
> Subject: New Version Notification for draft-hardie-path-signals-02.txt
> To: Ted Hardie <ted.ietf@gmail.com>
>
>
>
> A new version of I-D, draft-hardie-path-signals-02.txt
> has been successfully submitted by Ted Hardie and posted to the
> IETF repository.
>
> Name: draft-hardie-path-signals
> Revision: 02
> Title: Path signals
> Document date: 2017-11-30
> Group: Individual Submission
> Pages: 8
> URL:
> https://www.ietf.org/internet-drafts/draft-hardie-path-signals-02.txt
> Status: https://datatracker.ietf.org/doc/draft-hardie-path-signals/
> Htmlized: https://tools.ietf.org/html/draft-hardie-path-signals-02
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-hardie-path-signals-02
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-hardie-path-signals-02
>
> Abstract:
> TCP's state mechanics uses a series of well-known messages that are
> exchanged in the clear. Because these are visible to network
> elements on the path between the two nodes setting up the transport
> connection, they are often used as signals by those network elements.
> In transports that do not exchange these messages in the clear, on-
> path network elements lack those signals. This document discusses
> the nature of the signals as they are seen by on-path elements and
> reflects on best practices for transports which encrypt their state
> mechanics.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
>
> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org
> https://www.iab.org/mailman/listinfo/stackevo
>
>
>
> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org
> https://www.iab.org/mailman/listinfo/stackevo
>
- [Stackevo] Fwd: New Version Notification for draf… Ted Hardie
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] New Version Notification for draft… Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)