Re: [tsvwg] UDP source ports for HTTP/3 and QUIC

Joseph Touch <touch@strayalpha.com> Fri, 23 July 2021 03:26 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5D0D3A1A0F for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 20:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.308
X-Spam-Level:
X-Spam-Status: No, score=-1.308 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UBDEgHzni0h for <tsvwg@ietfa.amsl.com>; Thu, 22 Jul 2021 20:26:28 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E8D73A19FE for <tsvwg@ietf.org>; Thu, 22 Jul 2021 20:26:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=uU4AGPmh+GsQ1o6PrEorJi2T8WGR7klQRG1G/gaTnrk=; b=Tp/9Kvkz839XAtyWkhfHOq5/13 eZRh6dGMCFpRmxSDqLgTqILao0g+l+dAl7YgXCHAPy3rg8ZYN9mPl38jquWtUGk7eNF4P2wraQOpx 4WaIU/EI3VZIFH/T13pIpVvyacWkcazORQgapHNYFwI/RQ+ajh8ZGlh2nRT8M3/Q2R9gAB6y2q927 wuYPy5sK7RQ2mGWCwriAvLLyrlzeKEzX9GPgBeUQXXH9+L8PsLJxKLqqSp+tO2NFYSMJe5w8Pq2nK vQqpCe+MPg6rL++IXg5svPZRpfk3wLDQ19/bVEkcSQz6AaKdDCQQhswpEh0BG1oruUIyhszpHUU7h X1ZpykTg==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:51955 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1m6lpN-003njr-N2; Thu, 22 Jul 2021 23:26:26 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_E9DDECC6-111E-4F42-8246-A83D415DD88F"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <MN2PR19MB40450ACCE13E4A335FF929A483E49@MN2PR19MB4045.namprd19.prod.outlook.com>
Date: Thu, 22 Jul 2021 20:26:18 -0700
Cc: Mark Nottingham <mnot@mnot.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Message-Id: <C28BAF21-2C9D-41FF-93A7-E73684E671CE@strayalpha.com>
References: <3985895D-D420-4995-831E-332E33693B79@mnot.net> <CF409524-96F3-412A-A8DB-E4EFFDD9F4E7@mnot.net> <E62515E7-38FD-4197-8CF0-2D196FB6D6C4@strayalpha.com> <16CD883B-9561-41A5-97E0-43EF3618333C@mnot.net> <8235BE77-7849-49A3-A709-EB32EB039982@strayalpha.com> <AA5B1FC1-E0E8-488F-AE2E-F21696AD0A06@akamai.com> <MN2PR19MB4045E5063CE13DDE39D5BE8683E29@MN2PR19MB4045.namprd19.prod.outlook.com> <9263482C-2E0A-46F0-9351-B63C0E3B53E0@strayalpha.com> <MN2PR19MB40450ACCE13E4A335FF929A483E49@MN2PR19MB4045.namprd19.prod.outlook.com>
To: "Black, David" <David.Black@dell.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/uS03VS2G9-9HlVybCAYCIHkJAVU>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2021 03:26:39 -0000


> On Jul 22, 2021, at 8:05 AM, Black, David <David.Black@dell.com> wrote:
> 
> Hi Joe,
>  
> Let's start from a couple of aspects where we're in rough agreement:
>  
> "… agree with documenting the problem as a problem, but not as a practice." &
> " … no problem making a list of ports that people ... attribute to attacks."

This is the core Issue though. So we have a problem where people generate spoofed traffic.

And some patterns of that traffic can be identified by how they use source ports.

So we document that this happens. That’s fine.

But then we make a list of the ports that have been abused this way. That step is problematic. It serves to endorse what is, in essence, squatting. Even though source ports are not assigned, it says “hey, they now own these”.

I know that’s not what you will say, but that’s what will happen.

And that, in essence, is what I object to.

I would welcome some sort of suggestions of what could be done that doesn’t end this way, but can’t imagine one.

Joe