IETF Logo Mail Archive

RE: RFC suggestion

"Black, David" <David.Black@dell.com> Mon, 03 January 2022 23:06 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsv-area@ietfa.amsl.com
Delivered-To: tsv-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BF13A114C for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 15:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.691
X-Spam-Level:
X-Spam-Status: No, score=-0.691 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fX2WsuxomG5U for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 15:06:38 -0800 (PST)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34993A1148 for <tsv-area@ietf.org>; Mon, 3 Jan 2022 15:06:38 -0800 (PST)
Received: from pps.filterd (m0170395.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 203JnHR8014630; Mon, 3 Jan 2022 18:06:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=smtpout1; bh=/NfS7ERM2kKy289zbY3gmun9Ut6dcuLXKLBC9BAuEFU=; b=VPuGagbAPqeCbZoYJeFD8X4WNtf9kHsxTrEM2VPO+EZvWGgGxwt2OKMhkXRvCKhQyj6j V+fJ/v4WNctji+IabokLORcfmnNeMzXqpiiwkCxGlEmkRPLapBOvzmFgZ9CBhRBu3Uq8 ssuOCROwyny9B5tWaqzasGjB30F3UpJXY3jl3CT44Z2gVfJJ99Uu0DrjhmpucnhUd5a5 as1hkDGcmX3o3lFqpwdm7gW1eeaSGOFnzaEZmcxK18XxwKi/RcYCyadAUZMQg2JwPPqs 6bVMJTUs/a2vHEj7cImiY98iWFjht9DMyKhwSHmKqwOXHyac3fWK9N5M9PwkDLIKsa5D sw==
Received: from mx0a-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com (PPS) with ESMTPS id 3damgse8fv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Jan 2022 18:06:37 -0500
Received: from pps.filterd (m0089484.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 203N0LhN138592; Mon, 3 Jan 2022 18:06:36 -0500
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by mx0b-00154901.pphosted.com with ESMTP id 3db6fns6nf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 03 Jan 2022 18:06:36 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wvdko7jN77wicK+YlUORLQSYTTPcLVDRSfGAivJLmd8tHtVpH1J74CUHk4o1O26uOqDMmmT1OIBmqdVlF2NLP+dqzkLw902Z69/+2Egf1WO5P2/79VrHDnPrUCnLQgoCyaR8JtQpXoEe5SmPAopCazIszdth3fA5p2FE0oyRyIurDguTbNyO0PbhH1DCnKmFnZi8UX8ttRKCOPjTW3cKx+zbnWf+ILYSPD1qHhBCaQ7jiuUsX6YR2HkoRHWkz1g/BZZcLEVftyFOsgEsGI5EVkBuiuRj3YuDvWAZFuYKBerZ8FhfjRs/w2NRdqmhCPuC3azckdTX7ryB/SHXz10oOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/NfS7ERM2kKy289zbY3gmun9Ut6dcuLXKLBC9BAuEFU=; b=RfxDrBAQ6hl/P4Hew7IHcgQfKFL6WzRfvvtH9R0CBEGKXimzMWq10v6J/0HQ0ttUwTw0dS6t1Q+A6NnyO+Nh+j15iX8DtqP8JVjG2HPKglfBVYnEGB++CF7Ej19Jl3IVMW5AiSG2c9lwciQy40avXPueTCO0+NkMOMrLZWhK3E27pBbtgKvvwZ4SZdLXSYlCRmMkR01TqpJtRGLsgH3pEnIqug+9l+XDfoVd2KED7g44T3hJN7P6jOTC3QMEEAs0hi9vkjztW4UuJdmgQNE47JzHkqqYkA7/OjxZo3exIcbEi9zxVBGI8a+sKF/fKUSAbeQuyRCs/LuSfRTgpnsZxw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB4128.namprd19.prod.outlook.com (2603:10b6:208:1e1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4844.15; Mon, 3 Jan 2022 23:06:34 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::2825:237b:6e94:80bb]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::2825:237b:6e94:80bb%5]) with mapi id 15.20.4844.016; Mon, 3 Jan 2022 23:06:34 +0000
From: "Black, David" <David.Black@dell.com>
To: Spam Blocker <kspambot@gmail.com>, "tsv-area@ietf.org" <tsv-area@ietf.org>
Subject: RE: RFC suggestion
Thread-Topic: RFC suggestion
Thread-Index: AdgA9WyV8XTTwLorR7qjvJ1YSr2zhA==
Date: Mon, 03 Jan 2022 23:06:33 +0000
Message-ID: <MN2PR19MB4045646BF206A7F69167006883499@MN2PR19MB4045.namprd19.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Enabled=true; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_SetDate=2022-01-03T22:57:01Z; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Method=Privileged; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_Name=Public; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_ActionId=1c97be3a-fb0f-4cbb-a9c0-9f161aecb34a; MSIP_Label_34759c52-a6db-4813-b00f-5ea20e29646d_ContentBits=0
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 32b187b2-d7bb-48b0-bc9b-08d9cf0dafc3
x-ms-traffictypediagnostic: MN2PR19MB4128:EE_
x-microsoft-antispam-prvs: <MN2PR19MB4128730C1114EC0F51C817C983499@MN2PR19MB4128.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kbl72ojNx+cvw4e8qkt0WJ4KM5qLHfvup/aRB62dFBj9YUhDpddQbjZ56ayT0tv+Ns589DNhKkvQnKW9qlb8lgIjqLvMq+y13e6lCVRb5006OyQd6p3fhQOvU6K5LUY5YNv+NkoaedAbyRWdCKUsq2XXvUupIJMgdZoDNDmJHJJ+Pi/4bO+YAh3ssw+wUhNHQZx9BdsA11v7JPJ0VUTQ5KyHfFVKPmZw3H0infEEa9ofFoMc4nBT1Bm0ZIpWPHg+2HYtoNe6foYx+XDxOxocNSqe7Xr9ICa+ArN/cHD0LqlkFFOqnz/JaUW0OV/Carxlep9QHNCDCqmYaGVyj+dmjYSSov88tfYR9DUt+NtNSCG0oKj5tTZtS21wRSHxD9bNAO3J6j9ItEmu7jjnME0xFduXvWvTGXF+YcfOV3PJIcS/wo8okd449BzOKwUBhg0D4roUpG4jPHGRmIjiZYjEqSYB+e1ymAYmKufEX+8pQARmFwfTGWwSvAWkk4bWkIEa6IGjzcuDnyJ6UPzduC9ZNQYF9a01crQwauMhcRtOtKorLhJOJgAnwjvFm1F6YblmEyUKc9Ww6K7+23CLXb6EKZ385E+R91ZhBQlRq9XbnAMYL+C+zVQqt7WMOQ1mndMrGCOznQdbMiAZizTSS7FMhQwgKQBEdmY1JonXOHbzErmXw5JQ5cuD/3dng9IrudMjGTNIFEnJh7rGWllKkQQ9YQmJjvzndxTGaAermdTivKYV+tB3twbD14NLRrQJVTqq+N/fLY2iSWrEWIRAzB7WkNwWIPws+Ztv1jRIo3x66ag=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(66556008)(33656002)(66476007)(64756008)(38100700002)(122000001)(82960400001)(66446008)(66946007)(2906002)(166002)(86362001)(8936002)(8676002)(786003)(83380400001)(316002)(66574015)(9686003)(52536014)(7116003)(966005)(4326008)(38070700005)(6506007)(110136005)(53546011)(186003)(76116006)(71200400001)(7696005)(508600001)(55016003)(107886003)(5660300002)(3480700007)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XHsuRlGpic0ol7trJuKhZmwm3uipo2DHOdsHFXKpFJlyyACQO3RagFNIUbX8/CBKcfMI4WmucGSb0gxadTeaKrLQ2fF0e4j187sZLBpchoVnZesvHnuPk6LZyi4AvA7ZH96AAovup9/JN3Tiv0FqYrIuiUYQqcsEXydcL2+O7JzTQOBLr4/h09lvVoxyroFuH9Vf/mzmyXdNK6cGoNBUtXzwyCUMETfCj0YxBUosRITPfnXpjBSRGOwC+8VZDYLNC7fujy7OikN008KbcvJGOH+CJ60zfbZLN099F3bw8cK4pUZbc2a8KIOpLWyMwa4LZVV+wTKCkWyuHpFi9Z8dax1sQYRzKxTMSdLx+1uiJNHD0cDdFpEasXrUJRKvEDMZD88HZCq1R266WtpjIehi3P9ZTiZP/2Ij3V+89KDywUwn68h3pgA8YSTb4CcUS69w+6Q437FHpPxBgxagLiS53whtnce8OG67FTkQtWmZ3GSL0s2FNhedsB8LMSrYaXzmhMW5qtGCHV5M2/h7lpUpR+bE1ybfgdcuGy1ztRJcV5Bm9RZhrE4+Vsuu+yrpAGsJk8P30fZK9rbva0tRBxIVNFzwANmGqtnM8oIXfpCItrqqYET4lz6Mtb219Ni68Qzi8x8rEkYw4ciE2e5dUOtYQ2NfU8hGQgI9UIa8LXY2yjrZLsrs8QY4CBriSx0OT8QoUtqx8gaaHXHLRDC6Ope4tBgGH6Voy3cz93EKMFFFgEQpCzsYXw4HQ/AFUHmXc1DCx8Szp/ey9PKgYzwSaQuDPTAy8CmdS0V2jrOFHZ8z3ndX1K00qWawEPAO3ZMEAxYF09kzl8xLucFDL/TJFIlPduzMKtuD4RWc1OCKWc80+BeTSIWoUJ0DsbNuMj076/FaDE2AGmhGbMfxQxXTI6VjyvpTg9TTyCrrS5ANMDeICZInnsu3tiatYAGA1iQG9hFyDrFx1yZSlyAH1RrWESo0ceNx6pN2t79f3R/fr/Dn274YFpkiGI/3iyikXRuP6pEoArOx1fmkK8CH6zHF1ZZiVcs8IbyEDiLanSIXS2KPbUl5D8BGQPEeOfJm0XO5U1ZbNuYBPbwAQEzCXeEXYJvg8nq2tT1bouXfPQa/6pkiBN1ucyAXGc0lMxGDUGylya1VS7UWHsd/mzrQm7K+AEK07Yt3hXB+oYjWzycBFPM8eTJS809lOtTTlt7gHFZPy6fe5tE3aoydVE1y6GGOKrEVjlp8DTiilzzDqwM7vgafa4VmpiHkOxCJhM06j2TaFOebyKleZoR5BWkd19eGjseNKSqrGsgHxI/oliMQcN/iPXEJ8onJ3fGmWpEyZWJLj/8J3j7piLZXj/TRSJdZEugFQm33FhEWDQ3JcCwNw8Qi7g8pk1p6DteSzf/6Id5DZq5u/bnZ/1s+kN73XXNejUrVcbuKlU8qR/wQowqejL136rFUI1grULB/HohFWwTTeVU/b0HITg4AgiSgrzIrnZidzsQCwDZ5ily8WJbSNxLUd2AonHI2PA9IMHzuFhNOfbm+TDXeJOCB1DWAw5HilnZeC1EMVW4j6lJ5L1Dx6nCKTclJsxxk2W+Ga12yXWDtBu7I39n3z1HdxCWqfgDtAHqUUg==
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB4045646BF206A7F69167006883499MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 32b187b2-d7bb-48b0-bc9b-08d9cf0dafc3
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jan 2022 23:06:33.8907 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PfiX8M/IC48JyU3O8eSFZVXfTON12A0XfBEH8fCReg3e98GWvb+OTxeBqmRuhPfTL5SDi9LEyvzcR1zBeA/OLQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB4128
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2022-01-03_09:2022-01-01, 2022-01-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 mlxscore=0 malwarescore=0 priorityscore=1501 phishscore=0 adultscore=0 clxscore=1011 spamscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201030155
X-Proofpoint-GUID: wpJuiBp-EjLlRgjPL-1JGDbBsJ3Z6NJS
X-Proofpoint-ORIG-GUID: wpJuiBp-EjLlRgjPL-1JGDbBsJ3Z6NJS
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 phishscore=0 adultscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201030156
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-area/heie68xUKkqxzNT9BvB4IzOaPpg>
X-BeenThere: tsv-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Transport and Services Area Mailing List <tsv-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-area/>
List-Post: <mailto:tsv-area@ietf.org>
List-Help: <mailto:tsv-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2022 23:06:44 -0000

This would be a matter for the Security Area rather than the Transport Area, and I would suggest first consulting RFC 4303, IP Encapsulating Security Payload (ESP), to understand how this problem has been addressed in the past.  RFC 4303 is one of a number of RFCs that specify the IPsec protocol suite – RFC 6071, IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap, and the documents page for the IP Security Maintenance and Extensions (ipsecme) Working Group (WG) can help locate the others that are relevant.

RFC 4303: https://www.rfc-editor.org/info/rfc4303
RFC 6071: https://www.rfc-editor.org/info/rfc6071
ipsecme WG Documents: https://datatracker.ietf.org/wg/ipsecme/documents/

Thanks, --David

From: tsv-area <tsv-area-bounces@ietf.org> On Behalf Of Spam Blocker
Sent: Monday, January 3, 2022 3:29 PM
To: tsv-area@ietf.org
Subject:


[EXTERNAL EMAIL]

Dear Sirs,

I would like to submit a suggestion for an RFC.   I have included a rough description on the RFC below in this email.

Please advise on if this is acceptable and what the next steps might be.

Regards,
Kyle

RFC – Privatization of service type in IPv4/IPv6 data flows

Rationale:

The socket number in data flows across the internet is usually tied to a specific service type.  This is a security flaw in that flows can be intercepted, denied, or compromised by using the socket number in the IP packet.  This RFC is to enable IP data flows across the internet to hide the type of service being provided from intermediate routers etc. This will enable internet software developers to build applications that cannot be subjected to censorship.  This also prevents intermediate points from profiling certain applications.

There are well known sockets (ports 0-1023) that are assigned to specific services (i.e. 80 is HTTP, 443 is HTTPS, 25 is SMTP, etc.).  Other ports (1024-49151) are registered ports that can be reserved with IANA.  Having well known ports for specific services enables intermediate routers etc. to snoop, block, or spoof these services.  This RFC is meant to eliminate the ability of intermediate entities to attach a specific service by controlling the port used by a service in their routers.

Design:

This Secured Service Type (SST) feature will start with a new (0th bit in the Flags header) in the IPv4/v6 header that will indicate that the packet is encrypted at the point that the IPv4/v6 header ends and the TCP/UDP header starts.


Implementation:

The IPv4/v6 stack will implement a ‘side stack’ that will implement the decryption when the received flow has the bit set indicating a SST type packet.  Then the ‘side stack’ will send the decrypted packet up the stack as a normal frame.

Applications that want to obscure the service type will indicate in the APIs that the UDP packet be encrypted using SST, and to establish a TCP connection using SST.

v2.23.0 | Report a Bug | By Email