Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
"touch@strayalpha.com" <touch@strayalpha.com> Fri, 07 January 2022 15:15 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 588D93A0863 for <tsvwg@ietfa.amsl.com>; Fri, 7 Jan 2022 07:15:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y_W1pnnvMELX for <tsvwg@ietfa.amsl.com>; Fri, 7 Jan 2022 07:15:15 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7576D3A085E for <tsvwg@ietf.org>; Fri, 7 Jan 2022 07:15:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=S9OZMfyFXEqiKEp1+yECagbfc4+Qex7mBRn9P4+QDjY=; b=1qlnRu9IpjaG9IQoru9MFS3oFE 5XZtdTizySbfGYheBSeyuzsjNSCLZu/imUkc7HcnKU8k76GkkEgRT14wKQwRUBfS8g9kfAAMgosYr aGAKh01W+yKrV/P3rJP7v6WUPNyzZcXwWwmfrFIhanvDWZFh5xb9F+Xz+B18h2UN+eZczrQBu/kW1 PrMd0/ZIbEqnGB7752+vwA+5eH2X8vepPVqwDKX5zI7EnwYrZ9fwzCSCfYZ/afiOtFYXw7JPEQtPl OBNqlbzM7x7IvjDQE9Dg1j8MdQYdefUWMdWxeL3agSS7J2rLDK74R/WzO1xh4iJeERKJBWE5IeRKG st7lEoFQ==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:55185 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1n5qxR-00DhxV-Lo; Fri, 07 Jan 2022 10:15:14 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_7BEB423E-4036-4B62-A3FF-9F0B2026DED6"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <22209_1641550098_61D81112_22209_232_1_787AE7BB302AE849A7480A190F8B93303546F799@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Fri, 07 Jan 2022 07:15:07 -0800
Cc: "Black, David" <David.Black@dell.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Message-Id: <2D0A3951-B5F6-43B2-A5B4-88603EEE199B@strayalpha.com>
References: <MN2PR19MB4045CD27C1D68972799BC139834C9@MN2PR19MB4045.namprd19.prod.outlook.com> <094A2FC3-38BC-41CA-9A81-AF93BDF5FAE6@strayalpha.com> <22209_1641550098_61D81112_22209_232_1_787AE7BB302AE849A7480A190F8B93303546F799@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3693.20.0.1.32)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/FGkJSh3wniXteDTddunqmUU9sAw>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2022 15:15:18 -0000
Med, ... > If that is what you want, encrypt. > [Med] You can … but for off-path attacks, this can be fixed without encryption. That’s the same reason we have the following for ISNs, for example, in draft-ietf-tcpm-rfc793bis: > > The Initial Sequence Number. The first sequence number used > on a connection, (either ISS or IRS). Selected in a way that > is unique within a given period of time and is unpredictable > to attackers. I raised concerns with that text before. It exceeds the advise on which it is derived, notably RFC 6528 - which only provides an algorithm example, i.e., IF you are going to use such an algorithm, here’s one to use. It claims to update RFC793 but only in providing an *example* algorithm. Note the number of caveats about all aspects of this algorithm in the preceding text. > That’s consistent with the reco in rfc3552#section-3.5 > > However, designers are expected to give more weight to > attacks which can be mounted by off-path attackers as well as on-path > ones. That RFC describes how to write security considerations sections, not specifically advise to designers (which is why this is just discussion text rather than stated as a normative recommendation). > and also documents such as draft-irtf-pearg-numeric-ids-generation. That is an IRTF doc, not IETF. Although I agree that this issue has been represented in other documents, it has consistently been noted as per RFC 6528: Good sequence numbers are not a replacement for cryptographic authentication, such as that provided by IPsec [RFC4301 <https://datatracker.ietf.org/doc/html/rfc4301>] or the TCP Authentication Option (TCP-AO) [RFC5925 <https://datatracker.ietf.org/doc/html/rfc5925>].
- [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… mohamed.boucadair
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… mohamed.boucadair
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… mohamed.boucadair
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… mohamed.boucadair
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Black, David
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- [tsvwg] ince Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Black, David
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joe Touch
- Re: [tsvwg] ince Joe Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… mohamed.boucadair
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com