IETF Logo Mail Archive

Re:

Martin Duke <martin.h.duke@gmail.com> Tue, 04 January 2022 01:24 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tsv-area@ietfa.amsl.com
Delivered-To: tsv-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB183A1393 for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 17:24:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.124
X-Spam-Level:
X-Spam-Status: No, score=-0.124 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4S7MCQvCH9w for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 17:24:13 -0800 (PST)
Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 249C23A138F for <tsv-area@ietf.org>; Mon, 3 Jan 2022 17:24:13 -0800 (PST)
Received: by mail-ua1-x92b.google.com with SMTP id v14so42897977uau.2 for <tsv-area@ietf.org>; Mon, 03 Jan 2022 17:24:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6S3X/wRpDTwXXbDO9x/FC1cNryNyI8asCyfYX1I6tQM=; b=H2nVtZxzMl77HRfjwXynYULZMaQDLCJ9QsGMvaYMgtkgiklBHfBX7CrZN+x788cwjN FSvW/K8HosEEZZBIqnzKIR7oldrGAdBsSVM3VOAL7aQMIReVxXZQFj6mXfpIMY4i2BWM MJtCvJ8oLWDYSwn65ytPSF1ajnwRUEP7sXe1S9blLGZDYC1a7NfeGe/gnyhkOeWaAwHF fQoLrFxCnFfZjzNn8lDU8C7OwrC2DLvq8JRYeG0yC4feBenK9uDUSbIYDjoIMMuKw7ur 0085uIOz9RHi4CDg2Gh9ZSKIfkkSQUi1E00DBgGszI26ZRv2lyVkJJN/+aRk255f63aS usTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6S3X/wRpDTwXXbDO9x/FC1cNryNyI8asCyfYX1I6tQM=; b=woV5KDZXaWZN9FuZ4gotlI93YWu3PyjDY6a31gPyJwQr951idCINPA/kqXRBgW/GUm 8846iSDjuyo1fZw8vEivx2l8nVAI+DOjKl32OG14PRmUSSLNQdKsokyTqmhQsR04aRT5 6/rz2DsJcAIwx7+iB759hrbfs+9n5mnZSN8H96HCQfi05VMeXQkD7QgOVNcOi3cn4M+y Wuvbuqr15iy03pPR7WV6Ih22//dqIQEMjWxSjdif/E1wu86wlqjWKx9CnKxPlNQXvb8m xM0WuBySzNHrkP8Tli8MdC7wwwLuqm99Rp99D+kqQx0Pqf9t18WymFmt0ZtSgvZZiAFd c/sg==
X-Gm-Message-State: AOAM531ytxqJ62cTUW11D/Jm+vyXz1aLMpRFnVAnEbVpeiOzXOV9qT6y iNKyJM7O0p2yjcxh7zCC1o2hAmyZaVgobdJrNCc=
X-Google-Smtp-Source: ABdhPJz41PBjuCjXgS1F2TZICeQqTuc0hBcgbcgM0ZraTJIDQ/cMZ4S+2A7Hmy/42I+KsEIfLHqOBK1fQxOmi6Kb+O0=
X-Received: by 2002:a67:e003:: with SMTP id c3mr15022470vsl.32.1641259450114; Mon, 03 Jan 2022 17:24:10 -0800 (PST)
MIME-Version: 1.0
References: <CAHHQuSh2YE+PNB=EOXDex8P=sGGm0TBh3jaOtGgTTktM0WjbvQ@mail.gmail.com>
In-Reply-To: <CAHHQuSh2YE+PNB=EOXDex8P=sGGm0TBh3jaOtGgTTktM0WjbvQ@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Mon, 03 Jan 2022 17:23:59 -0800
Message-ID: <CAM4esxTRyvRC0UkymviKQSgSeNzcypnzUMewP=qj2jK8+5sAnw@mail.gmail.com>
Subject: Re:
To: Spam Blocker <kspambot@gmail.com>
Cc: tsv-area@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008228b405d4b77e32"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-area/oO_a9ax3RnMTKrwQ5bvuHCVo0LI>
X-BeenThere: tsv-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Transport and Services Area Mailing List <tsv-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-area/>
List-Post: <mailto:tsv-area@ietf.org>
List-Help: <mailto:tsv-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2022 01:24:18 -0000

Hi Kyle,

The first step in a proposal is to write an individual internet draft that
explains it. The first draft need not cover every detail.

Home | Internet-Draft Author Resources (Under development) (ietf.org)
<https://authors.ietf.org/en/home>

That said, the means of negotiating the key between the two endpoints seems
like the hardest problem to solve, and deserves some thought. Furthermore,
you should consider if IPSec largely covers your use case. If not, simply
negotiating an alternate ephemeral port to use seems like a simpler
solution.

Regards,
Martin Duke
Transport Area Director.

On Mon, Jan 3, 2022 at 12:50 PM Spam Blocker <kspambot@gmail.com> wrote:

> Dear Sirs,
>
> I would like to submit a suggestion for an RFC.   I have included a rough
> description on the RFC below in this email.
>
> Please advise on if this is acceptable and what the next steps might be.
>
> Regards,
> Kyle
>
> RFC – Privatization of service type in IPv4/IPv6 data flows
>
>
> Rationale:
>
>
>
> The socket number in data flows across the internet is usually tied to a
> specific service type.  This is a security flaw in that flows can be
> intercepted, denied, or compromised by using the socket number in the IP
> packet.  This RFC is to enable IP data flows across the internet to hide
> the type of service being provided from intermediate routers etc. This will
> enable internet software developers to build applications that cannot be
> subjected to censorship.  This also prevents intermediate points from
> profiling certain applications.
>
>
>
> There are well known sockets (ports 0-1023) that are assigned to specific
> services (i.e. 80 is HTTP, 443 is HTTPS, 25 is SMTP, etc.).  Other ports
> (1024-49151) are registered ports that can be reserved with IANA.  Having
> well known ports for specific services enables intermediate routers etc. to
> snoop, block, or spoof these services.  This RFC is meant to eliminate
> the ability of intermediate entities to attach a specific service by
> controlling the port used by a service in their routers.
>
>
> Design:
>
>
>
> This Secured Service Type (SST) feature will start with a new (0th bit in
> the Flags header) in the IPv4/v6 header that will indicate that the packet
> is encrypted at the point that the IPv4/v6 header ends and the TCP/UDP
> header starts.
>
>
>
>
> Implementation:
>
>
>
> The IPv4/v6 stack will implement a ‘side stack’ that will implement the
> decryption when the received flow has the bit set indicating a SST type
> packet.  Then the ‘side stack’ will send the decrypted packet up the
> stack as a normal frame.
>
>
>
> Applications that want to obscure the service type will indicate in the
> APIs that the UDP packet be encrypted using SST, and to establish a TCP
> connection using SST.
>
  •   Spam Blocker
  • Re:  Martin Duke
  • Re:  touch@strayalpha.com

v2.23.0 | Report a Bug | By Email