IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt

mohamed.boucadair@orange.com Fri, 07 January 2022 10:08 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B9723A1847 for <tsvwg@ietfa.amsl.com>; Fri, 7 Jan 2022 02:08:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdtkMfSYMD3W for <tsvwg@ietfa.amsl.com>; Fri, 7 Jan 2022 02:08:21 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB343A1842 for <tsvwg@ietf.org>; Fri, 7 Jan 2022 02:08:20 -0800 (PST)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr21.francetelecom.fr (ESMTP service) with ESMTPS id 4JVf766hhmz5vfM; Fri, 7 Jan 2022 11:08:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1641550098; bh=+6tv/OobNt/X1k7bOsDpUsE9GPm4l2+j/T3RZWTs2jY=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=SuxQxpRhC5Mwc7pJRJlxIim3R3PpeVgKXEquOrsoLlSx7nBEpd3UkA7dUlO5FXdLo XxW7B699hU7PFzxSmOJ1W6LFSdyxeJBy/8dXsHNCMDtqzmOw54UtEJaRPYUiD0qc/d X6nVJTAoOhy2dUNDPcbTxHvWl7ZL4wBLEdYwXt8FPqn37wfNs4MgiwUJayR9nMHcKt i2K3bnS1pVzGWs/sUlvKTq71w11O1aC3bPbMlXbn4RNOiyMMvpJL/+EFr6a1Qof4l3 OsqZhzaM1QZZ/BqGectS7kFmK/bwRn8oXCDghPuqpKaOYyAQULKCqm4E79BIxw1dXH 15nP46ylUqosg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr01.francetelecom.fr (ESMTP service) with ESMTPS id 4JVf765RMTzDq7S; Fri, 7 Jan 2022 11:08:18 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Joe Touch <touch@strayalpha.com>, "Black, David" <David.Black@dell.com>
CC: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
Thread-Index: AQHX8A1/Rhb2d4rstUiGiZQ8n2rW+KwwQNQAgCWS34CAAHWvgIAAANsggAACrICAAA6TAP//7SUAgAExVXA=
Content-Class:
Date: Fri, 07 Jan 2022 10:08:17 +0000
Message-ID: <22209_1641550098_61D81112_22209_232_1_787AE7BB302AE849A7480A190F8B93303546F799@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <MN2PR19MB4045CD27C1D68972799BC139834C9@MN2PR19MB4045.namprd19.prod.outlook.com> <094A2FC3-38BC-41CA-9A81-AF93BDF5FAE6@strayalpha.com>
In-Reply-To: <094A2FC3-38BC-41CA-9A81-AF93BDF5FAE6@strayalpha.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-01-07T09:58:04Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=a6eb1ed2-24de-4d06-80b0-fb4804f8f867; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.245]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93303546F799OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/cIGZvGGsSy10wi32UmHyAO-k0Kg>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2022 10:08:26 -0000

Hi Joe, all,

Please see inline.

Cheers,
Med

De : Joe Touch <touch@strayalpha.com>
Envoyé : jeudi 6 janvier 2022 17:45
À : Black, David <David.Black@dell.com>
Cc : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; Gorry Fairhurst <gorry@erg.abdn.ac.uk>; tsvwg@ietf.org
Objet : Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt




On Jan 6, 2022, at 8:33 AM, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:

Joe,

> FWIW, IMO, if you want to expect security, you should use security.
And my opinion differs … and that difference of opinion doesn't matter here.

This is about robustness to potential interference from an off-line entity.

Only if you expect that from a protocol that hasn’t deployed security.  I don’t make that mistake.


What matters is to state the property – values are unpredictable to an external observer

If that is what you want, encrypt.
[Med] You can  … but for off-path attacks, this can be fixed without encryption. That’s the same reason we have the following for ISNs, for example, in draft-ietf-tcpm-rfc793bis:

           The Initial Sequence Number.  The first sequence number used
           on a connection, (either ISS or IRS).  Selected in a way that
           is unique within a given period of time and is unpredictable
           to attackers.

That’s consistent with the reco in rfc3552#section-3.5


   However, designers are expected to give more weight to

   attacks which can be mounted by off-path attackers as well as on-path

   ones.

and also documents such as draft-irtf-pearg-numeric-ids-generation.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email