[NCAP-Discuss] Defining CI/CE

Casey Deccio casey at deccio.net
Wed Nov 9 21:47:47 UTC 2022 

Jeff,

I'm just looking at this now (apparently I missed it back in February).  I think that the issues (happily, but not surprisingly) correlate very well with those in the comparison doc.  In particular:

1. "TCP/!(80 & 443)" [1] -> On SYN return RST" and "UDP/all -> Drop"
    - considered in "User Experience" under "Communication Interruption".  The differences are:
      - the comparison doc doesn't really specify which ports/applications, but rather speaks more generically (because, again, it doesn't seek to define/specify).
      - the comparison doc proposes suggests that UDP is responded to with ICMP port unreachable for "quick response" rather than dropping.

2. "TCP/80"
    - considered in "User Experience" under "Communication Interception" / "Web Browser / HTTP"

3. "TCP/443"
    - considered in "User Experience" under "Communication Interception" / "Web Browser / HTTPS"

4. "Timestamp, IP, sport, dport":
    - considered in "Telemetry".

5. "SSL Certificate Note":
    - There is a whole discussion on this in the "User Experience" section under "Communication Interception" / "Web Browser / HTTPS".

Casey

[1] Should be "!(80 | 443)" :)


> On Nov 9, 2022, at 10:38 AM, Jeff Schmidt via NCAP-Discuss <ncap-discuss at icann.org> wrote:
> 
> Agreeing with Matt (L) - recall in Feb I sent the below/attached to this list attempting to pin down some pesky technical details on these techniques being promoted. My content is only intended to be a starting point - I would love to see the promoters of these techniques make additions/corrections so at least we're debating from a common frame of reference.
> 
> Jeff
> 
> 
>> -----Original Message-----
>> From: Jeff Schmidt <jschmidt at jasadvisors.com>
>> Sent: Friday, February 25, 2022 6:28 PM
>> To: ncap-discuss at icann.org
>> Subject: Re: [NCAP-Discuss] Defining CI/CE
>> 
>> Sorry, I was too imprecise in my SSL certificate language in the last one.
>> Please replace with this one.
>> 
>> Thx,
>> Jeff
>> 
>> 
>> On 2/25/22, 6:20 PM, "NCAP-Discuss on behalf of Jeff Schmidt via NCAP-
>> Discuss" <ncap-discuss-bounces at icann.org on behalf of ncap-
>> discuss at icann.org> wrote:
>> 
>>    All:
>> 
>>    I think a very important point has come out of this discussion - one of the
>> reasons for the circular arguments is that we have never carefully defined CE
>> and therefore we're operating under a number of assumptions which have
>> vastly different implementation outcomes. Credit to Matt L and Danny for
>> pointing this out.
>> 
>>    Attached is my shot at a careful technical definition of the Controlled
>> Interruption and Controlled Exfiltration options. We need to come to
>> consensus on this before we can further discuss/recommend. The attached
>> is the most conservative technical approach I can think of. This is just a
>> strawman to start the conversation. I'm happy to be wrong on any/all of this.
>> But no more glossing over the details - let's be super specific.
>> 
>>    I would suggest the Chair(s) "force the issue" and call for consensus on this
>> as quickly as discussion allows. Our lack of fundamental agreement here is
>> blocking progress on this important item.
>> 
>>    Thx,
>>    Jeff
>> 
>> 
> 
> <NCAP Implementation Spec2.pptx>_______________________________________________
> NCAP-Discuss mailing list
> NCAP-Discuss at icann.org
> https://mm.icann.org/mailman/listinfo/ncap-discuss
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20221109/c20006ad/attachment.html>

More information about the NCAP-Discuss mailing list