IETF Logo Mail Archive

Re: [Stackevo] New Version Notification for draft-hardie-path-signals-02.txt

"Brian Trammell (IETF)" <ietf@trammell.ch> Mon, 08 January 2018 13:05 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6C7127978 for <stackevo@ietfa.amsl.com>; Mon, 8 Jan 2018 05:05:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_MUTUALBENEFIT=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZKcUYirv2qW for <stackevo@ietfa.amsl.com>; Mon, 8 Jan 2018 05:05:12 -0800 (PST)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4DD127AD4 for <stackevo@iab.org>; Mon, 8 Jan 2018 05:05:12 -0800 (PST)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 121BD340F27; Mon, 8 Jan 2018 14:05:11 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6597.17994); Mon, 8 Jan 2018 14:05:10 +0100 (CET)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Mon, 8 Jan 2018 14:05:10 +0100 (CET)
Received: from [145.14.214.39] (account ietf@trammell.ch HELO [10.11.33.5]) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 41439707; Mon, 08 Jan 2018 14:05:10 +0100
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Message-Id: <99E9273E-C252-4EF7-86AC-2875D011D9A6@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_6EC42A0E-4D88-4A13-B0D3-4C844623352D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 08 Jan 2018 14:05:09 +0100
In-Reply-To: <CABkgnnUY1_uaitrm2ihFRat_T_nLx_7ApvMeeR4p3s__eo0+pQ@mail.gmail.com>
Cc: Eliot Lear <lear@cisco.com>, Stackevo <stackevo@iab.org>, Ted Hardie <ted.ietf@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
References: <151208514657.11969.10317537698734955463.idtracker@ietfa.amsl.com> <CA+9kkMAFdXX2YJ=pBiMc5Jsp7GwkW+ovcn-dwiMZE9DK_cmsbA@mail.gmail.com> <1809c3fe-78b4-a151-87e5-b42c9c0c6f9c@cisco.com> <CABkgnnVV66b=L8o7DKFayLb85eRGjfBzP8vWOTufsWgc2xyf2Q@mail.gmail.com> <42a159ed-f104-49fa-264e-d530356655dc@cisco.com> <CABkgnnUY1_uaitrm2ihFRat_T_nLx_7ApvMeeR4p3s__eo0+pQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/otLeM0wHWU2CTVdQYjHqgsX857o>
Subject: Re: [Stackevo] New Version Notification for draft-hardie-path-signals-02.txt
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 13:05:14 -0000

> On 3 Jan 2018, at 23:25, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On Thu, Jan 4, 2018 at 3:33 AM, Eliot Lear <lear@cisco.com> wrote:
>>> I don't think that we need any specific mitigation, but we should
>>> recognize that this is a natural consequence of the recommendations in
>>> the draft.  That isn't strictly a negative outcome either.  One
>>> conceivable - but actually highly unlikely - outcome of designing
>>> explicit signals is that intermediaries might insist on a certain set
>>> of signals before a packet is allowed to pass ("give me SNI or I kill
>>> your flow").  A signal that isn't directly coupled to the actual
>>> protocol machinery can be falsified to appease a middlebox, even in
>>> cases where the endpoint might otherwise prefer not to provide the
>>> information.  I wouldn't include all that exposition though, just note
>>> that falsification is possible, without affecting the e2e protocol
>>> operation.
>> 
>> I think it's probably worth expanding this point.  Falsification of
>> signaling means that middleboxes will not trust it.  To what degree that
>> holds true will depend on circumstances, but if it becomes the general
>> case, one has to ask what the point of including it was in the first
>> place?  That way lies dragons.
> 
> That's why I think we are better avoiding saying anything.  The value
> of signals will depend greatly on whether endpoints provide accurate
> values, and that in turn will depend on the consequences that are
> attached to either faithful or falsified values.  I can't predict the
> outcome, which remains the big open question in this entire space.
> It's certainly true that there is a case for mutual benefit to be
> gained by filling explicit signals accurately, but it's not clear if
> the gains are as well understood as for other voluntary things, such
> as using a sane congestion control algorithm [1].

For what it's worth, https://tools.ietf.org/html/draft-trammell-quic-spin-01#section-7 addresses this issue in particular for the spin bit in the last two paragraphs of section 7. IMO it might make sense to mention this in the general case, and to note that the specifics of trustworthiness have to be considered separately for each signal.

> [1] Side discussion for bonus credit: In TCP, an endpoint that fails
> to observe proper sender behaviour with respect to congestion control
> can be managed in the network by terminating their TCP connections.
> End-to-end protection of the transport prevents that.

Keeping a LRU stateful flow rule to drop all packets for a five-tuple, refreshed on every packet seen, is sufficient for a forwarding middlebox to terminate a connection identifiable by five-tuple. AFAIK at least one of the famous stateless RST-emitting censorship firewalls has migrated to stateful operation along these lines, so there's at least one existence proof for stateful connection killing that scales (if you're motivated to pay for it).

Breaking the five-tuple = connection equivalency is necessary to really screw thing up. :) So, more accurately, end-to-end protection of the transport together with aggressive connection migration or multipathing prevents that.

Cheers,

Brian


> _______________________________________________
> Stackevo mailing list
> Stackevo@iab.org
> https://www.iab.org/mailman/listinfo/stackevo

v2.23.0 | Report a Bug | By Email