Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
Eliot Lear <lear@cisco.com> Wed, 03 January 2018 16:33 UTC
Return-Path: <lear@cisco.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2060124D68 for <stackevo@ietfa.amsl.com>; Wed, 3 Jan 2018 08:33:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J34w4qgikqdt for <stackevo@ietfa.amsl.com>; Wed, 3 Jan 2018 08:33:31 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0851128961 for <stackevo@iab.org>; Wed, 3 Jan 2018 08:33:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4637; q=dns/txt; s=iport; t=1514997210; x=1516206810; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=alRJm5OoCmNdaICHPtBTlnupRUxFAU1D8fYPD0eNyR0=; b=aezfxGLHY/yQFDi5RbLgpgB0W911933efYiI7lKBKGP62XSkjmo71amT tSCp060yWqLSJqh65eekJAtfzSjagWbnrsVNKUk7pv3iUX10RgpDNH+r0 cDURow9nOcNOxO76+zDWkSFwVDdik9AbcMz0LSZVXtMNAEakoVY43xb0K g=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqAgCPBE1a/5hdJa1TChkBAQEBAQEBAQEBAQEHAQEBAQGDPoFahC6ZPYIBmT8HA4U7AoQwQxQBAQEBAQEBAQFrKIUjAQEBAQIBI1QCEAsYKgICVwYNCAEBiiIIsTyCJ4o+AQEBAQEBAQEBAQEBAQEBAQEBAQEBDg+EE4ISgz8pgwWEc4NCgmUFkzWQHIRSgi2ON4wch2WXBoE8NiKBTzIaCBsVgmeCTjqBbCOKCgEBAQ
X-IronPort-AV: E=Sophos;i="5.45,501,1508803200"; d="asc'?scan'208";a="336949940"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jan 2018 16:33:29 +0000
Received: from [10.82.250.107] (rtp-vpn6-617.cisco.com [10.82.250.107]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w03GXTqU021658; Wed, 3 Jan 2018 16:33:29 GMT
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, Stackevo <stackevo@iab.org>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com> <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com>
From: Eliot Lear <lear@cisco.com>
Message-ID: <42a159ed-f104-49fa-264e-d530356655dc@cisco.com>
Date: Wed, 03 Jan 2018 11:33:28 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="WGB5K3fKKGcjeRGuvL2txh3rRFCNSufG4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/Z5IsKeDTfJ6CiFRScC3NCZgbgO8>
Subject: Re: [Stackevo] Fwd: New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 16:33:33 -0000
Hi and happy new year to all,
On 02.01.18 00:14, Martin Thomson wrote:
> I also think that we should explicitly identify not encrypting as an
> option. We could still have integrity protection. Of course, we
> should then make it clear that rampant misguided inference is why we
> are encrypting. I'd put something in the introduction to Section 4
> there.
Speaking as someone who works with a company that has done some of that
interference, I am aware that some of it was misguided, but when it
comes to writing this down, let's mind the tone. There are reasons that
firewalls came to be, and continue to be important. We've now in the
last two months had two major examples of how endpoints aren't in a
position to protect themselves on their own, and probably never will
be. I'm not suggesting that we replay that entire discussion this
document, but much of the "interference" is precisely what the
administrator intends, and it is not misguided.
>
> I have one consideration to add, probably to security considerations
> (more on that below). Explicit signals can be disconnected from the
> protocol signaling machinery. Doing so might be necessary to avoid
> path entities inferring more from the signal than is intended. If
> QUIC takes a spin bit, that's a clear example of where we take RTT
> information and signal that, but we separate that signal from all of
> the rich acknowledgment information the protocol really needs.
> However, this split creates a potential for those signals to be
> incorrect or even for them to be falsified, presumably with the intent
> of manipulating path entities in some way.
>
> I don't think that we need any specific mitigation, but we should
> recognize that this is a natural consequence of the recommendations in
> the draft. That isn't strictly a negative outcome either. One
> conceivable - but actually highly unlikely - outcome of designing
> explicit signals is that intermediaries might insist on a certain set
> of signals before a packet is allowed to pass ("give me SNI or I kill
> your flow"). A signal that isn't directly coupled to the actual
> protocol machinery can be falsified to appease a middlebox, even in
> cases where the endpoint might otherwise prefer not to provide the
> information. I wouldn't include all that exposition though, just note
> that falsification is possible, without affecting the e2e protocol
> operation.
I think it's probably worth expanding this point. Falsification of
signaling means that middleboxes will not trust it. To what degree that
holds true will depend on circumstances, but if it becomes the general
case, one has to ask what the point of including it was in the first
place? That way lies dragons.
Eliot
- [Stackevo] Fwd: New Version Notification for draf… Ted Hardie
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] New Version Notification for draft… Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Ted Hardie
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] Fwd: New Version Notification for … Martin Thomson
- Re: [Stackevo] Fwd: New Version Notification for … Eliot Lear
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)
- Re: [Stackevo] New Version Notification for draft… Brian Trammell (IETF)