IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt

"C. M. Heard" <heard@pobox.com> Sat, 29 February 2020 02:06 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3B13A0931 for <tsvwg@ietfa.amsl.com>; Fri, 28 Feb 2020 18:06:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zvmmryGkcV9t for <tsvwg@ietfa.amsl.com>; Fri, 28 Feb 2020 18:06:48 -0800 (PST)
Received: from pb-smtp1.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29D7B3A0930 for <tsvwg@ietf.org>; Fri, 28 Feb 2020 18:06:47 -0800 (PST)
Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 95BE34F078 for <tsvwg@ietf.org>; Fri, 28 Feb 2020 21:06:45 -0500 (EST) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=GfiFRhfzWr7BVOcq0iImYxTA6N4=; b=w4DU7C LkyZRb6c1zAymTVPonBRvqwFlg3sVwhJU7Oyi+d9NdnDUQfZiYOfQsy9CxNsN/ou 0VZDseQWSG9NiaUaVkRvNt0fNWeJktZlqkktIjTNmW7wnaLm0HnkDtdj0As5wVkj Ot2G13WCKWydjgLGyHSWH7PQZiZYyyCfzWSWk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=tRHEaNMk+sBJ+gnerl85SjdAmh6BmHyQ TOHfZd1P0r1aRt3toP/kHd4trfuIvD7FhBFiPmL2eEz5cUxICuGXzSUH+6z48giO jYHwG65BDBuUgMn3F+8jInHo/FC5Php1bokLUOAqKKX9MaX5EQpY5qfwmei8M14a q9S2jzGItbI=
Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 8E1534F077 for <tsvwg@ietf.org>; Fri, 28 Feb 2020 21:06:45 -0500 (EST) (envelope-from heard@pobox.com)
Received: from mail-il1-f182.google.com (unknown [209.85.166.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 278FF4F076 for <tsvwg@ietf.org>; Fri, 28 Feb 2020 21:06:45 -0500 (EST) (envelope-from heard@pobox.com)
Received: by mail-il1-f182.google.com with SMTP id x7so4486463ilq.11 for <tsvwg@ietf.org>; Fri, 28 Feb 2020 18:06:45 -0800 (PST)
X-Gm-Message-State: APjAAAXvqzHlysJtUtNYR5yRCY9IxhPL6nvKMbgfqw2lHuTedVyfrmAE I8HNLOokc3aR/rBUSMCmE898MIK//Qra1fFbSaE=
X-Google-Smtp-Source: APXvYqwx4p4BB9ytgLH1n0/zUu0cJ83PcdomcKnfrXJ1KTng5xE6DNzdKJC9w2n/f6L2T5s52UA2iM+UKbWqE0u5yv0=
X-Received: by 2002:a92:8307:: with SMTP id f7mr6746171ild.183.1582942004602; Fri, 28 Feb 2020 18:06:44 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S37iBDc7KxOL60=HC_QkWH06-5MU2rqrK=w+mqiKkSdc0w@mail.gmail.com> <CAKKJt-cznw56bimFtqt5Z1Wg_vOKy=id-uD5BWurHDYSQzuPRw@mail.gmail.com> <CAMGpriXDBWxwEXCwqPXX+QPhtQ0Z5NeVMEiEEQRjudR3ZZXW6g@mail.gmail.com> <CALx6S37XFh7Ph2oBjfsiYu0gq=a7yAD+zWHPi5fGHY6T94N-bg@mail.gmail.com>
In-Reply-To: <CALx6S37XFh7Ph2oBjfsiYu0gq=a7yAD+zWHPi5fGHY6T94N-bg@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Fri, 28 Feb 2020 18:06:33 -0800
X-Gmail-Original-Message-ID: <CACL_3VEM1rbNMRtFn2MBXorqcOAiNXR2xWaOHQDZhm=tin3CEA@mail.gmail.com>
Message-ID: <CACL_3VEM1rbNMRtFn2MBXorqcOAiNXR2xWaOHQDZhm=tin3CEA@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>, Erik Kline <ek.ietf@gmail.com>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e2911f059fad6728"
X-Pobox-Relay-ID: 22B0E8A6-5A98-11EA-9833-C28CBED8090B-06080547!pb-smtp1.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/YyWBexj9TY5ItzacBqf5a9JFP_s>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Feb 2020 02:06:50 -0000

On Fri, Feb 28, 2020 at 4:18 PM Tom Herbert <tom@herbertland.com> wrote:

> On Fri, Feb 28, 2020, 4:10 PM Erik Kline <ek.ietf@gmail.com> wrote:
>
>> It also seems possible that some UDP options (
>> https://tools.ietf.org/html/draft-ietf-tsvwg-udp-options) might come
>> along that could help things like QUIC effectively have a path-modifiable
>> portion that (a) isn't a HbH extension header and (b) isn't covered by
>> something cryptographic that would break if it were modified in-flight.
>>
>
> "things like QUIC" would mean protocols encapsulated in UDP. The point of
> HBH is that it works transparently for _all_ transport protocols whether
> they are encrypted. Besides, UDP options hasn't yet been proven deployable,
> so good chance it would just be trading one set of problems for another...
>

Also, UDP options as specified in the current WG draft are not intended to
be modifiable in flight:

   >> Options MUST NOT be modified in transit. This includes those
   already defined as well as new options. New options MUST NOT require
   or intend optionally for modification of any UDP options, including
   their new areas, in transit.


 Mike Heard

>

v2.23.0 | Report a Bug | By Email