Spam Blocker <kspambot@gmail.com> Mon, 03 January 2022 20:29 UTC
Return-Path: <kspambot@gmail.com>
X-Original-To: tsv-area@ietfa.amsl.com
Delivered-To: tsv-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 757983A0C24 for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 12:29:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.125
X-Spam-Level:
X-Spam-Status: No, score=-0.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id irUvDRXXlSRO for <tsv-area@ietfa.amsl.com>; Mon, 3 Jan 2022 12:29:39 -0800 (PST)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F3043A0C21 for <tsv-area@ietf.org>; Mon, 3 Jan 2022 12:29:39 -0800 (PST)
Received: by mail-yb1-xb30.google.com with SMTP id 139so70539506ybd.3 for <tsv-area@ietf.org>; Mon, 03 Jan 2022 12:29:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=+qV4WguyW59vklIi53q0Uj6MixFGudN1R/TpUgUnQQw=; b=NrGoLKYyec6ubVF/EoK3MARBVsdj915mZ7Nua8iDvPO7GNpspGMchRCy4cZ2YhdljH /LT0EN5kKkMnt6ERqXjBA1CAjtmTBOZbFcAYnacV/OTbS+OQKW+oMCYFvJNAtfde2mWe gw1rdR9twsEcvS4TPvxb4puMZzYvKQGz/Pu3TpPXwKFNZCvc3fcYDFyijLnDhcIgH5mQ ZabPXivyzafJk48nrHs5DStAQusA1iIf8TCs3k9oCxO5H4rzpIfYUfM7N4npkJ6gnH2Y OHMLM5jAMkF7sl7nZK0Nlu4Gux9fTTXcEpscJb7jr9PMx02/+r4Ae5BYrA8RkKBVZxiz EnaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+qV4WguyW59vklIi53q0Uj6MixFGudN1R/TpUgUnQQw=; b=DFC0YKI8dcS84ivxj0cjSP1l+QSw4e29aUkxANrB75VsROCEVuak/dTPr+1DxtsII9 EbRWoUurKa+LnNUCghV2vT2m9N3usLEjJFdCon8Opk2qv87lRBnnt/pyA4xTh5ZuUg55 S0CHHbqZ9FCwq2BAOYv6uyuI+7LE+/42H0OCZqLAKrNChO1Wh36WVEgxgUlClIvdGsxD r02Y2aZxVU2iI4G7PXPYwQ/kIN7AU8dAigUH9X/VmLYDLuGoOfb5MDRVUukKuZxZoaDF 0uJLaxlsrkdaFNeU/6D7rJiqU0cz1tI+9dsvtbkp6+5xD7qZwMscLXnYB/Ebjhs/houn qTCw==
X-Gm-Message-State: AOAM533jQEOJgVILCB3s4JWGGJwDA4QpTIaVI5i490r7P0ZzN5lgFoMR QJeOfU7MUfEnkK7/PiqA5n7YQjG9e0o4ReBEsnjdUFr2naw=
X-Google-Smtp-Source: ABdhPJx1p+tm0Osb3ztm1q1jGr21A5sg6va63Nsi2De0iWwMfuLOIR1LFsPAsMvFCSo+4AM6F5kc4jo0gDC4xFtrBt0=
X-Received: by 2002:a25:5ca:: with SMTP id 193mr51481463ybf.406.1641241777073; Mon, 03 Jan 2022 12:29:37 -0800 (PST)
MIME-Version: 1.0
From: Spam Blocker <kspambot@gmail.com>
Date: Mon, 03 Jan 2022 13:29:26 -0700
Message-ID: <CAHHQuSh2YE+PNB=EOXDex8P=sGGm0TBh3jaOtGgTTktM0WjbvQ@mail.gmail.com>
Subject:
To: tsv-area@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001cef8c05d4b361a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-area/sImynyaxWUJzp3iSFL0SU-oK9as>
X-BeenThere: tsv-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Transport and Services Area Mailing List <tsv-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-area/>
List-Post: <mailto:tsv-area@ietf.org>
List-Help: <mailto:tsv-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2022 20:50:36 -0000
Dear Sirs, I would like to submit a suggestion for an RFC. I have included a rough description on the RFC below in this email. Please advise on if this is acceptable and what the next steps might be. Regards, Kyle RFC – Privatization of service type in IPv4/IPv6 data flows Rationale: The socket number in data flows across the internet is usually tied to a specific service type. This is a security flaw in that flows can be intercepted, denied, or compromised by using the socket number in the IP packet. This RFC is to enable IP data flows across the internet to hide the type of service being provided from intermediate routers etc. This will enable internet software developers to build applications that cannot be subjected to censorship. This also prevents intermediate points from profiling certain applications. There are well known sockets (ports 0-1023) that are assigned to specific services (i.e. 80 is HTTP, 443 is HTTPS, 25 is SMTP, etc.). Other ports (1024-49151) are registered ports that can be reserved with IANA. Having well known ports for specific services enables intermediate routers etc. to snoop, block, or spoof these services. This RFC is meant to eliminate the ability of intermediate entities to attach a specific service by controlling the port used by a service in their routers. Design: This Secured Service Type (SST) feature will start with a new (0th bit in the Flags header) in the IPv4/v6 header that will indicate that the packet is encrypted at the point that the IPv4/v6 header ends and the TCP/UDP header starts. Implementation: The IPv4/v6 stack will implement a ‘side stack’ that will implement the decryption when the received flow has the bit set indicating a SST type packet. Then the ‘side stack’ will send the decrypted packet up the stack as a normal frame. Applications that want to obscure the service type will indicate in the APIs that the UDP packet be encrypted using SST, and to establish a TCP connection using SST.