Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
Martin Thomson <martin.thomson@gmail.com> Tue, 02 January 2018 05:14 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE61C126C2F for <stackevo@ietfa.amsl.com>; Mon, 1 Jan 2018 21:14:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cf7LEEYy40Xx for <stackevo@ietfa.amsl.com>; Mon, 1 Jan 2018 21:14:36 -0800 (PST)
Received: from mail-ot0-x229.google.com (mail-ot0-x229.google.com [IPv6:2607:f8b0:4003:c0f::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02CD124205 for <stackevo@iab.org>; Mon, 1 Jan 2018 21:14:35 -0800 (PST)
Received: by mail-ot0-x229.google.com with SMTP id d10so4004262oti.7 for <stackevo@iab.org>; Mon, 01 Jan 2018 21:14:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jHjv6H7SHmrAaIuQrWYmk1i36ZG+g8llfkHTOhVD0GU=; b=n+tU9U3lQ0JD00L06BqG0wA/Vw3QBtY8DXhnAarJTblzfBIJXRKv/Gdkk0XhQDPd2g 8MP8F9sG3IQ5qDutrzppTJzge599lt1JOSiGhat1leAyEZq3U8jTZrQzBmZ1epRTuYJp RY7MTD5Kr68lg3udbbxGw8A5oDWuYINiUP4DoCa1F/k4D45RHqbQqKQuTP8uBJ7ohVdS X0pVYh9uImQ7QmxPbLbRkT+2EzKGPedBCtzxHTkCWv9P5AjquuH93b2nwYU9VeHJMipL J568XkbqRhZc9fSt3Qrs3Wj/XqVluHjnauY+JqRvMFJ2aDu7EDKjzOszCvZd4n9Isj8p V/qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jHjv6H7SHmrAaIuQrWYmk1i36ZG+g8llfkHTOhVD0GU=; b=gjtywHyvoVnny38ovWuL7MMashJJGo+1DM9smps16Qntk6PxkUrBl8VZomG38K/7gV nvKPcllqSYJZLTmUomM2jfEa71DX71/R46xhdg71yHj9lP2bxogTQ0RoPGxfFtuomWp0 FQ237K5FTi+wx9rzCDmcTXhP12L00aKq7hDwB0why4+CFNtTuQi+SpX/md9MO+uNxGre sYlgWdWI4a0zHgK450m2m4B4khknEk2QLFCoaS3R1GdGZfbKPm3B8pDkYQmiQN73+MnP o+7QfHjy8/FbqX7UdISQRExdVDEO7oJ1rcpCV3w4xla5RCD7F6dWR4OtMDSLEybc4w8W 56Cg==
X-Gm-Message-State: AKGB3mJsUcRZfHK7mP2zrpXCvCH8Ej7os7J8LyUW9BPquczQnEbvUkxE TLMNck9t9Aurv4eg4z4KiKtF8Rym1luW/kAzmHE=
X-Google-Smtp-Source: ACJfBos8ZVZt3+89FKi9X8e/ZnG64QCZBN2PZ9wZdgCFVoUkTSzvirGmg/78pU38IcJ6bMcCDTvUi8Bv4rTyRmf4ero=
X-Received: by 10.157.10.72 with SMTP id 66mr28470195otg.133.1514870075262; Mon, 01 Jan 2018 21:14:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.182 with HTTP; Mon, 1 Jan 2018 21:14:34 -0800 (PST)
In-Reply-To: <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 02 Jan 2018 16:14:34 +1100
Message-ID: <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, Stackevo <stackevo@iab.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/QVv4lM62xTTBhGNDNeKhqOp_rAI>
Subject: Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 05:14:38 -0000
I also think that we should explicitly identify not encrypting as an option. We could still have integrity protection. Of course, we should then make it clear that rampant misguided inference is why we are encrypting. I'd put something in the introduction to Section 4 there. I have one consideration to add, probably to security considerations (more on that below). Explicit signals can be disconnected from the protocol signaling machinery. Doing so might be necessary to avoid path entities inferring more from the signal than is intended. If QUIC takes a spin bit, that's a clear example of where we take RTT information and signal that, but we separate that signal from all of the rich acknowledgment information the protocol really needs. However, this split creates a potential for those signals to be incorrect or even for them to be falsified, presumably with the intent of manipulating path entities in some way. I don't think that we need any specific mitigation, but we should recognize that this is a natural consequence of the recommendations in the draft. That isn't strictly a negative outcome either. One conceivable - but actually highly unlikely - outcome of designing explicit signals is that intermediaries might insist on a certain set of signals before a packet is allowed to pass ("give me SNI or I kill your flow"). A signal that isn't directly coupled to the actual protocol machinery can be falsified to appease a middlebox, even in cases where the endpoint might otherwise prefer not to provide the information. I wouldn't include all that exposition though, just note that falsification is possible, without affecting the e2e protocol operation. On structure, I think that the bulk of the security considerations are better moved elsewhere. The bullet list seems to belong in Section 5. (I agree with Eliot regarding editing. There are quite a number of typos that I would have sent a PR for, had there been a destination that a PR could be directed toward.) On Fri, Dec 22, 2017 at 12:00 AM, Eliot Lear <lear@cisco.com> wrote: > Hi Ted, > > Following up on Brian's comment, as I wrote to you the last time, I really > like this draft. For some reason, Section 3.1.1 seems to have suffered > editorially and needs just a bit of work. > > Eliot > > > On 01.12.17 00:40, Ted Hardie wrote: > > As discussed in the last meeting, I have updated this slightly and brought > it back into circulation. The changes are very small (updating a reference, > slightly enlarged pointer to fingerprinting risk). > > Hack away, > > Ted > > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: Thu, Nov 30, 2017 at 3:39 PM > Subject: New Version Notification for draft-hardie-path-signals-02.txt > To: Ted Hardie <ted.ietf@gmail.com> > > > > A new version of I-D, draft-hardie-path-signals-02.txt > has been successfully submitted by Ted Hardie and posted to the > IETF repository. > > Name: draft-hardie-path-signals > Revision: 02 > Title: Path signals > Document date: 2017-11-30 > Group: Individual Submission > Pages: 8 > URL: > https://www.ietf.org/internet-drafts/draft-hardie-path-signals-02.txt > Status: https://datatracker.ietf.org/doc/draft-hardie-path-signals/ > Htmlized: https://tools.ietf.org/html/draft-hardie-path-signals-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-hardie-path-signals-02 > Diff: > https://www.ietf.org/rfcdiff?url2=draft-hardie-path-signals-02 > > Abstract: > TCP's state mechanics uses a series of well-known messages that are > exchanged in the clear. Because these are visible to network > elements on the path between the two nodes setting up the transport > connection, they are often used as signals by those network elements. > In transports that do not exchange these messages in the clear, on- > path network elements lack those signals. This document discusses > the nature of the signals as they are seen by on-path elements and > reflects on best practices for transports which encrypt their state > mechanics. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > > _______________________________________________ > Stackevo mailing list > Stackevo@iab.org > https://www.iab.org/mailman/listinfo/stackevo > > > > _______________________________________________ > Stackevo mailing list > Stackevo@iab.org > https://www.iab.org/mailman/listinfo/stackevo >
- [Stackevo] Fwd: New Version Notification for draf… Ted Hardie
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] New Version Notification for draft… Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)