Re: [tsvwg] Regarding DTLS and UDP options
Joe Touch <touch@isi.edu> Mon, 17 April 2017 22:10 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E45C0131597 for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQD_vMj5GUXs for <tsvwg@ietfa.amsl.com>; Mon, 17 Apr 2017 15:10:18 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2D4413158A for <tsvwg@ietf.org>; Mon, 17 Apr 2017 15:10:18 -0700 (PDT)
Received: from [128.9.184.37] ([128.9.184.37]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id v3HM9WSE001773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 17 Apr 2017 15:09:33 -0700 (PDT)
To: Tom Herbert <tom@herbertland.com>
References: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com> <3a4a6b78-8146-de4c-6246-7bd09de44f1c@isi.edu> <CACL_3VFkr3mGe-yTbvHrTZcKVCpEv3FeSOyoShUxCK5+9Tdqqg@mail.gmail.com> <c79fe3d0-8567-ea7d-72fc-bd33732df60e@isi.edu> <CACL_3VHmoCSo23OWqQFq7upw749CqMK7iazXrBKZARzwbzY5mw@mail.gmail.com> <f97f08d4-0070-437a-e22a-8782497c76eb@isi.edu> <4e36af95-84c3-bc7e-b18a-614f8bfab662@isi.edu> <58F48403.8080302@erg.abdn.ac.uk> <a0f656e8-e847-db54-6046-2078364d428b@isi.edu> <CALx6S36HYHdbGoJHNb+mVY6reu9RLikLxDJqrPgwO9tF1EfSgQ@mail.gmail.com> <8b1829ba-4e8d-5ee1-e24c-f42962f47dde@isi.edu> <CALx6S36=7KbTtv9QNUBTg6gPYQQighsPD_+mWNc=wUQTX70VBQ@mail.gmail.com> <8378ae17-c023-25a2-76e7-07b858916849@isi.edu> <CALx6S35chiqMtqKa+zahfZnLZrQzfYUF7D9m0QGbkwFVpRwHag@mail.gmail.com>
Cc: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
From: Joe Touch <touch@isi.edu>
Message-ID: <bfc36611-6817-fbf9-a9c7-5bdde179b665@isi.edu>
Date: Mon, 17 Apr 2017 15:09:31 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CALx6S35chiqMtqKa+zahfZnLZrQzfYUF7D9m0QGbkwFVpRwHag@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: v3HM9WSE001773
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/NCVCBNrPycNx9qrmOyjjOEiVkNw>
Subject: Re: [tsvwg] Regarding DTLS and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 22:10:20 -0000
Hi, Tom, On 4/17/2017 3:00 PM, Tom Herbert wrote: > On Mon, Apr 17, 2017 at 2:07 PM, Joe Touch <touch@isi.edu> wrote: >> ... >> I don't think we should be writing rules to indicate who should NOT be >> changing them, if we already have rules indicating the only parties that >> can. (granted, the requirement in 7 needs to be revised in 2119-speak). >> > Joe, > > You may want to look at IPv6 EH description for guidance. Even with > all the words about how extension headers can't be examined or > processed with the exception of HBH options, there still has been > considerable discussion on what intermediate devices can or can't do. The situation is completely different. IP is intended for inspection - and HBH headers for modification - by network devices other than the endpoints. Transport headers have no such role. Any device that tampers with transport headers already needs to be (effectively) an endpoint or acting on the behalf of an endpoint. > Clarifying the exact requirements upfront is beneficial. Yes, which has already been done. These are declared as owned by and for the use of the endpoints, just like the transport header. We don't have documents that declare that TCP headers or options MUST NOT be modified by middleboxes, even though that's always been effectively the case. The only way a middlebox gets around that rule is by assuming the behavior of an endpoint, essentially. > In the > absence of such clarity, we need to assume that anything in clear text > is subject to inspection and possible modification We already have docs describing (true) transport and network layer security. If you don't want data inspected or modified, that's the only solution. I see no reason to declare anything special about middleboxes here. Frankly, they can modify these options just like they modify the UDP header - at their own risk. > so that the end > result is often ossification of what might have otherwise been a > useful feature (although even with clear requirements abuse and > ossification is still a possibility). Neither can we expect > middleboxes to always know what they're doing. Fundamentally, if I, as > an application developer, can't trust the network not do mess with my > UDP options, it's likely I simply wouldn't use them (hence > ossification even before deployment). Do you use TCP options? How and why should these be different? Joe
- [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Gorry Fairhurst
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Tom Herbert
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- Re: [tsvwg] Regarding DTLS and UDP options Joe Touch
- [tsvwg] Fwd: New Version Notification for draft-t… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Derek Fawcus
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- [tsvwg] summary of issues for draft-touch-tsvwg-u… Joe Touch
- Re: [tsvwg] Fwd: New Version Notification for dra… Tom Herbert
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] Fwd: New Version Notification for dra… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch
- Re: [tsvwg] New Version Notification for draft-to… Gorry Fairhurst
- Re: [tsvwg] New Version Notification for draft-to… C. M. Heard
- Re: [tsvwg] New Version Notification for draft-to… Joe Touch