IETF Logo Mail Archive

Re: [tsvwg] UDP source ports for HTTP/3 and QUIC

"Black, David" <David.Black@dell.com> Thu, 22 July 2021 15:05 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34E133A4984 for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 08:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.54
X-Spam-Level:
X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdDP6jMcR5Us for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 08:05:42 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D1D03A498A for <tsvwg@ietf.org>; Thu, 22 Jul 2021 08:05:38 -0700 (PDT)
Received: from pps.filterd (m0170390.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16MF2rt7027907; Thu, 22 Jul 2021 11:05:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=smtpout1; bh=3IiM6sIpQJ/Hv6sh7mOU+2TFGM/Wa9kpVvyVtMARRNo=; b=YFustPFgxUfCmfC6N+GXRICG4BpnIX5kCwf8ePPea7ccbO1jyinc1sHkeDvS/33iBtZz wpPrpFY1vXYo8uxC8pZ6SHzVQSNtI9rP1GNikQaJ8gAptM5vCrCyXXLmaoY9soNmp+vB rpCUFD8P+JLAm7EzHfytp2EQqcOLsf9fAK2iBmPnphPdSP53RQKfABpf0IVZCHKc1YO0 aTfFNwWimThv4DMBEihHZxFzducdmbYfKA1vRFUMpFfso1+eBb/prZbMuD07fmPPzXnx OZwsdUW151tU06kq2Ja0O/h/ghC2hZDbRXAwd18FYoprCHaUa9O1HcWnP+feEJ0PlDU1 1w==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 39y9bb0ka3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 11:05:35 -0400
Received: from pps.filterd (m0134318.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16MF02PP019670; Thu, 22 Jul 2021 11:05:34 -0400
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2106.outbound.protection.outlook.com [104.47.55.106]) by mx0a-00154901.pphosted.com with ESMTP id 39vcsmugqb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Jul 2021 11:05:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cHWtAqgLR0P7sP8rdD2XPYGKQBaa9TJiHyZYW5ahGw1c/uAi4AuSdge/lS5p2HIHAdspIqyNNuTDF75S8AmxkIGZfhv+l2odeiUcmeRTNUSzT6Ld5GzvEwCGAoWq1Qopysjgn01/8XkUgv9FWS3HBty2knbw56kkCEJSskx81pmciLGZ6uvMuidNXj6oWEsqAnEbpGx3O2VqjChv0QW91rwy+mP+QENgsLTjCiZWC81Nf/lEoDSRgxLwWIH2CmCGQajByPB5wKz8gAdpiAPXcShd1aEUBqZUeBN+8AehJEjmTu6Kzi4r7xRmFY98doFXr7drh7sZqdQXx3bqnD4UMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3IiM6sIpQJ/Hv6sh7mOU+2TFGM/Wa9kpVvyVtMARRNo=; b=P5w93xdlnNL1fvEzw0shfshtQa7oyAfBeWoIbDDoY97TMruf12Hde/1U7lyyo14kN0lfUxSVTQipS3EpKB9kWZHmLD/MWtp1Yur4aNz3LaJT4LqiqsaSx/y8/lugJPTQ1PUKxgLUU2UgM8rFwPgHi0pMsy5s6OMah55IbKrGhvKRYEt+BP8jXxdLFB0aN+Q1M77NonOpG0tY/9Z0Sjzx/Kym5t5jNnf/9Xxo4NsN/fuSoFw8nAzJFhybxYmzlZJI31N9N7gk9T2WDxGp9a3Gg/Axja05RRZqi0qf4AlAihzWS4ahnD4hxNQz5g85sZ6XGpUVRx2VlHq4l2PgQc7lag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3982.namprd19.prod.outlook.com (2603:10b6:208:19e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24; Thu, 22 Jul 2021 15:05:31 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::95f9:b5b3:56ae:4362]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::95f9:b5b3:56ae:4362%7]) with mapi id 15.20.4331.034; Thu, 22 Jul 2021 15:05:31 +0000
From: "Black, David" <David.Black@dell.com>
To: Joseph Touch <touch@strayalpha.com>
CC: "Holland, Jake" <jholland@akamai.com>, Mark Nottingham <mnot@mnot.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] UDP source ports for HTTP/3 and QUIC
Thread-Index: AQHXfRWTZzzPNpBh0k6ullxufsYrSatLOJoAgAAHd4CAALWUAIAAOrNQgAJBegCAAKd1sA==
Date: Thu, 22 Jul 2021 15:05:31 +0000
Message-ID: <MN2PR19MB40450ACCE13E4A335FF929A483E49@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <3985895D-D420-4995-831E-332E33693B79@mnot.net> <CF409524-96F3-412A-A8DB-E4EFFDD9F4E7@mnot.net> <E62515E7-38FD-4197-8CF0-2D196FB6D6C4@strayalpha.com> <16CD883B-9561-41A5-97E0-43EF3618333C@mnot.net> <8235BE77-7849-49A3-A709-EB32EB039982@strayalpha.com> <AA5B1FC1-E0E8-488F-AE2E-F21696AD0A06@akamai.com> <MN2PR19MB4045E5063CE13DDE39D5BE8683E29@MN2PR19MB4045.namprd19.prod.outlook.com> <9263482C-2E0A-46F0-9351-B63C0E3B53E0@strayalpha.com>
In-Reply-To: <9263482C-2E0A-46F0-9351-B63C0E3B53E0@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2021-07-22T14:56:20.7637227Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_ActionId=800d806a-25b0-4a2a-8851-2c242afcf83c; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual
authentication-results: strayalpha.com; dkim=none (message not signed) header.d=none;strayalpha.com; dmarc=none action=none header.from=dell.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a5159436-71fb-4224-5d87-08d94d22261e
x-ms-traffictypediagnostic: MN2PR19MB3982:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB39822178A6F3AF4D8F8ADF0D83E49@MN2PR19MB3982.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aq5BTuiq70db4gV8lcD404Wgo3VtQjiDPDXn30PsAHsS6gv1OEgwwFPOBV1sJ5p+A5MQu0L/DTTmdxYaLKwD4Gz5kid+Vlimjx0I5bNZyJL0r8/BLcDAglaeuTz5EXKo18kJFdNbfq5Yzi8eI71UmjWmLq9ST+tMzAkn8qwcOkDemeSqSfF42ub8p1+zPWm99uD2f2lMx/W5ubtyFL4Zd0Rko03Sea+CMntyZy2jRDJghMpKy4evUvPryZfu3RR8TsTGYYThw9FCuDNnqwoLlHov8RdQ3+4aJX8gTvKRLiyKFIeslPJVQu1/zgz7D815IuepGx2S7gXOWMfAbwaVK4a8uQ4Mu+mjGygpvunpir7fE6s9dUN6kTiKenWVvJRkt+tiVg5+9qI9JJSQm4YN6Pg+qKT6P19AgiyduWjVtTR3gbcXM5RtnKItuIOqgY654XLg3WVvgqcox8iS5tvlytG/IFVH0BWaqKPZqDoT98hoXqsEzMl7fh1OVepTGAvc4XntcGl56woh69Cn8RPe8crABh0Xnc5jO3nFjzAMi5IEf4zVKSetCCXEGzINQ5xlM7/XsHAKFIM+gonYByg/ZNUi1Dck29YAHpg0NpdSzNO4BL6XgdwrGw/xk+spmn/jIMsKZeXDwGVqhWSanCjoMhkEgsF9vdYH00Pyr8X5q7/hAigH72GzXxgHRJ/KiY7rHa7+A5Wv/D+cAwrpuZNkjw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9686003)(64756008)(66476007)(107886003)(53546011)(76116006)(316002)(38100700002)(54906003)(122000001)(4326008)(508600001)(33656002)(71200400001)(786003)(86362001)(26005)(5660300002)(9326002)(8936002)(6506007)(8676002)(186003)(52536014)(55016002)(7696005)(66446008)(6916009)(66556008)(2906002)(66946007)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RAC4PvqLOZpQR+64s8JntJddIa/fxzGnA8FccWVKfhP35aClxOkyHci+YhEHG6KvTFvKyOsxZAZpKR7fGslYk9k58eJaK85jbUEaUAYEf3bWGnNRcWwAuMKFtz+2FP3+3t+l9UT2OgnqgNGhaXfl8JSr0MNJqrpMsVZR3UqcW8UPbCF5WjKB+VbFcUIN2sxjcEIe7WqNjaDe2HMoY+Sa/fSpZQkLWPqYot82f4YiSIv6b7mlP46+Op9g/8kvzdfULafbjwhKEnoTsU7naPEfSUkoWnvOSTTIVY/2r+gUi6wMFBcJUYXFgfSm3q304hpOj6PCJs06aMA5Bf7na2QPO99bn2oS9Ys/A3hBfFaPn6XDeBX6/LtNN4c3c/VSJTK4HzlkVnuBZVPZDE4eOYIwalPssyETjl4PwlStxrcZ7ZxBnTiDkeJl7HaD5UJ8NZtlJZb4t0qNMFNZTuKB1Neib5QjOOxmHVN97+MiYAxd1zKHYrkVvyMaVV8ls2FZzCfEhb6RYziJK0I4v2cOWe6a5xn7Te5lvLnG0Tvbz/O42+hkYqRoneec5M8vnr5BEDAqL54w4dkqX6fbdS254sCEJTVh6cke4nv6a8f+P+gm85lkTtyFDC893FJW3eWVkweSuWKluRPbY5U7lgduqnrC6tEXxnqlBK8pYKqsMzpZjUfVttdE/jKYQPYcn2FVLWcSaqvz+tVycQMw2Zo2LjFZJBD6fHcwwZN1fCJEgdZou6mvs+LZYqQ9pMqoKU6aKw+/Y6jb4jQ4YXI96wfU+6OVfzsT754ln/R8F666AXpRVSzbSJf3aX3dsIHhBRpn3Fd7aisj0K4YCYWu8wlq3aHgHJs+VH4Pmk+jF/S4GcTNkJkOCn7qeRkLfEe01LLMaFu85E2MjUONXht1uYjG/ie925BEHFMYoy0RMDA30ir1azho+H8tDaLLHeeE/jQQSRfaCCeOdPhvzV59JwjvbJaa9Zfo/1M36rSN0hHztb+/1UwrSQlFiDfLnXBtTwheOHWQc3p5nw6OBOsyBh5WpHffL/VlYCRbqnCsBHfgPzwQy/q17aTolnkgyqKwOc0tWRPJIombgakSIc7xM/ndPC04WLXc0J/G5I9sFz5+pbLL0Pp6F1kQQInAqOjZuGi57jdBMsGp4u75eIg5136nPPwI1dTnkX6j10lsk1SphhAJadcgZ1QwPqu9VEXYR00jt/aE09bseVCQnKk7L1h6OpPd/bGd/yEkZihz8s3n3OVPuBKP5ElEV6oPdRROxy0In/npavwpCu0nPBnmC++7p31HrCdxsEm8Zp0zbmljkDEu8b+Dd36/W8WTp7IA+5snuuZo
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB40450ACCE13E4A335FF929A483E49MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5159436-71fb-4224-5d87-08d94d22261e
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2021 15:05:31.1614 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dholsYzHJr+MXYEm/yK2miv+9L0mRtgTylQ2BRnUmQCDuEBR0n7wQ58QKYuvzMcx7tGVLxMB+zBLP9OgG9Qy7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3982
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-22_09:2021-07-22, 2021-07-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 clxscore=1015 priorityscore=1501 spamscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220101
X-Proofpoint-GUID: UzBvh8Mri4wbM9afua32GPAGlaZHKcLh
X-Proofpoint-ORIG-GUID: UzBvh8Mri4wbM9afua32GPAGlaZHKcLh
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220101
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/WwHXPkm0nNXlMneHfJEZ6CNE1Xw>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 15:05:47 -0000

Hi Joe,

Let's start from a couple of aspects where we're in rough agreement:


  *   "… agree with documenting the problem as a problem, but not as a practice." &
  *   " … no problem making a list of ports that people ... attribute to attacks."

Someone ought to "Send Draft!" (credit to Randy Bush) that contains an explanation of the problem, text to create the new IANA registry that lists the ports plus some discussion of what can usefully be done.  That draft's text on implications and recommendations (what can usefully be done) can then be discussed in detail to get to precise text that is acceptable to all (e.g., what to do about the view that attribution to attacks in the second bullet may be mistaken).

Does that sound reasonable?

Thanks, --David

From: Joseph Touch <touch@strayalpha.com>
Sent: Thursday, July 22, 2021 12:57 AM
To: Black, David
Cc: Holland, Jake; Mark Nottingham; tsvwg@ietf.org
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC


[EXTERNAL EMAIL]
Hi, David,


On Jul 20, 2021, at 12:02 PM, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:

Explaining as an individual, not WG chair ... TL;DR - +1 on Jake's comments, his understanding matches mine.

Providing some more detail ...


As I understand the proposal, it's to say "these source ports
happen to match common attack targets that are listening ports
for other protocols, and thus commonly get special handling to
help avoid reflection attacks against those servers".

+1 - this is about documenting "running code" that discards traffic that uses one of those UDP source ports.

There’s a hazard with this viewpoint, IMO.

It’s like observing people driving on flat tires and thinking the road is bumpy.

There are two solutions:
              - document existing practice and describe how road engineers can redesign roads to avoid the problem
              - document that driving on flat tires is incorrect and explain what it impacts

I agree with documenting the problem as a problem, but not as a practice. The latter viewpoint endorses it, which then means we all have to accommodate that behavior.


There’s no precedence for that decision and no registry where
those values would be indicated.

The proposal here is to create such a registry.

I definitely agree that a new registry is wanted/warranted,

I have no problem making a list of ports that people MISTAKENLY attribute to attacks.

However, those who assume that a packet is bad simply because it uses one of these source ports is ITSELF incorrect. Just because it works when you’re under this attack, doesn’t mean it is safe to do when you’re not.

Let’s please not endorse incorrect conclusions that source port has this sort of meaning.

Joe

v2.23.0 | Report a Bug | By Email