IETF Logo Mail Archive

Re: [Apn] Further revised draft Charter

Andrew Alston - IETF <andrew-ietf@liquid.tech> Fri, 20 January 2023 21:13 UTC

Return-Path: <andrew-ietf@liquid.tech>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83D01C14CE39 for <apn@ietfa.amsl.com>; Fri, 20 Jan 2023 13:13:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=liquid.tech
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXZZH_nUBP9W for <apn@ietfa.amsl.com>; Fri, 20 Jan 2023 13:12:57 -0800 (PST)
Received: from eu-smtp-delivery-182.mimecast.com (eu-smtp-delivery-182.mimecast.com [185.58.86.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 510FCC14CF09 for <apn@ietf.org>; Fri, 20 Jan 2023 13:12:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=liquid.tech; s=mimecast20210406; t=1674249175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=U5R3clzkU8lTELfPAa20tjoDjHb2k5ktDSbHhAMwmZc=; b=Dtk4JDvcddUuKu2F4k8ZATlvLd0LYddsAcYjjaC1afLLzGJ24rW1J9H6AR0ymPwL46oAMQ 65oqiJ0psvkNe7a6LwfytEMd83RN8xYD4CN+DEnvuwZD7P9AfBDIC+E5C9GKFaS478qIWA ugyb9Gd7DyJ35zG+H9ZhsEcqyfaCuN0=
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05lp2112.outbound.protection.outlook.com [104.47.17.112]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id uk-mta-155-mYDjX1jyO3aUstEnRt3CMQ-2; Fri, 20 Jan 2023 21:12:53 +0000
X-MC-Unique: mYDjX1jyO3aUstEnRt3CMQ-2
Received: from AM7PR03MB6451.eurprd03.prod.outlook.com (2603:10a6:20b:1b3::22) by PA4PR03MB6704.eurprd03.prod.outlook.com (2603:10a6:102:e2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.27; Fri, 20 Jan 2023 21:12:51 +0000
Received: from AM7PR03MB6451.eurprd03.prod.outlook.com ([fe80::dcd4:db4e:50ff:de78]) by AM7PR03MB6451.eurprd03.prod.outlook.com ([fe80::dcd4:db4e:50ff:de78%9]) with mapi id 15.20.6002.027; Fri, 20 Jan 2023 21:12:51 +0000
From: Andrew Alston - IETF <andrew-ietf@liquid.tech>
To: Donald Eastlake <d3e3e3@gmail.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
CC: "apn@ietf.org" <apn@ietf.org>
Thread-Topic: [Apn] Further revised draft Charter
Thread-Index: AQHZKuJfkCaLf7IwqUq5gbkrzMTAWq6kryEAgAIlUACAAC85gIAAHfwAgABrRwCAAELfEA==
Date: Fri, 20 Jan 2023 21:12:51 +0000
Message-ID: <AM7PR03MB6451BA2D16C7BF5385CDD671EEC59@AM7PR03MB6451.eurprd03.prod.outlook.com>
References: <CAF4+nEFHcKBbc7J8v3yj_b6V1==4yUBOOhdazR2yrP75Gcd0mA@mail.gmail.com> <051d01d92b82$73cda4a0$5b68ede0$@olddog.co.uk> <CAF4+nEGj_94YoG330zb5-p6BGaJ5Cce3tuiVDt-eo7E6NaCU5w@mail.gmail.com> <CA+9kkMAQcjd4Xckd9wiQiyUCQe0FxwHaOiZ5efZDHmWvYpThoQ@mail.gmail.com> <062101d92cbb$b70ab8e0$25202aa0$@olddog.co.uk> <CAF4+nEGdhjha17DDs7X3s+HDu9sC6RH37=TZdhF9-fhvZ4k82Q@mail.gmail.com>
In-Reply-To: <CAF4+nEGdhjha17DDs7X3s+HDu9sC6RH37=TZdhF9-fhvZ4k82Q@mail.gmail.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_ActionId=38748057-eafe-4b2e-8362-c6cb14a5410a; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_ContentBits=0; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Enabled=true; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Method=Standard; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_Name=Internal All Employees; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_SetDate=2023-01-20T21:04:28Z; MSIP_Label_99ef9a43-ff34-4715-a5f5-dfd82916d644_SiteId=68792612-0f0e-46cb-b16a-fcb82fd80cb1
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR03MB6451:EE_|PA4PR03MB6704:EE_
x-ms-office365-filtering-correlation-id: 1021acff-4a05-4391-e349-08dafb2b1714
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: IfzCe8mQPW66EWqo+xS6r3N6qABJB69o9JGVrgkDm3adpkI8BgC2JcAIc1ExUD5CFoLVWjxhN632bo5irulug421KpEXq5DvOxvvHk5KPpycpQ47WYDPJwXYkai105G0e9mAzHDanqQBpqSHk+i3RC0c8h56y5VP+cV/XoHzaQjRHoUJItz73MIhTdAqrtnHZM4xJ2Hca6zSx39Py17nFm2VNi242rEuSssD/0A5oRkxtqtTpqlsGYIOeVO/8XB0ShDYskmDe20V/e1d3+Hy8CccH1WdCVI5BJMo4rRZGnnBtUfRE96Qd6ODxjq+sQZc4lQOJEsfERniukV0zaoylF07RgbqUdbfl63cYh1mp0yEbjAlAK7qce5FFIMSXIVbjARnSNSyN66jhMYukRX2FUiXo3bRLtppuLYAW8TZwzD7H8NvofS98aZsesUn5IC70p5wnbbyQWzZroUq5YfO0unPv8vNmQ63quyo4+2PNPlT+E5rt3fDBwClvXUAVFc7AaloEAv/tfUMrO6XJRS8+8YJD3e0HDvQrZicnkzMDH6pPW0kcdsURVMf86vGWVBwE5FONvaCJWrhE1Rl80+Qo7UvZFv/2CZuUEb4bmz7r1TCr7DUyc5xRjhGKI7uEn+G+nSTaZToTaOe1Cx6JFABqvebIBmC/3zzHd+hWDxplJa72KINoRGnJ9KwY+UsoytChldIYutKZDRp2MwUvGZjlef01UBDfTXcjQC1kL9grxM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR03MB6451.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(366004)(376002)(39860400002)(346002)(136003)(451199015)(52536014)(5660300002)(8936002)(41300700001)(316002)(66556008)(66946007)(8676002)(66446008)(66476007)(76116006)(83380400001)(26005)(186003)(9686003)(64756008)(122000001)(38100700002)(166002)(38070700005)(86362001)(4326008)(2906002)(40140700001)(33656002)(478600001)(66899015)(55016003)(6506007)(966005)(110136005)(71200400001)(7696005)(53546011); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cmwPOHjjcD5n6rOhZJRx1Y9DzhicYXAWaxK4BTiqhXCVtkWjwIDSGP7aZVpZxo6CMWK22wUxkHk4denVQlZtvw0g5Sgteg6NJ153SNsUKy4s7hb02AweTvhY7yQRmhvWbL6++bLg8j9fHOedWuql9MbnsMJdYKp1Y3eYJ7PW+y6X7gqqO9N9xseyRbny+EFJw8fvg6dhs1KtBIn5DmoBU/FaIDhf8/KGB7t/gfAxfCUnZcAlCg41CUUjw1hBAGkRDqrtlmIamw+wNKJ/jtEJUHx4ZOnBySrixbKWy+mPhBnZB3rpiF31cnrfNBzbheY2aId7C7VN++xfzFHcO4ipVU8O3C6NxwPjkhw6+6diwvJf+T9qdmlQK55CXXSxvRkhmFk4lgf4VOYn6y3CIZE1Kta7ON8Yow0pCYhZe3Gq22FHfCPencI/M0qJHB39sXpyOXFxan6mYzAMsSCqr0WOWDFygHSccYediVgDca1Rnj46yMSb2Sxpjjt0oxydLNQKmEwSmRUJYl4g+o6/sMhJ95PEbodWo+3RCI2d3qjc8ZTiQNoetukfZ6uYElbfE/tlAZ3p1nNpFCdyPEzhef7V/VmfYFl2T6P7fu0Y6ZR/6b2K6i9t8HM4mffqgeeV4ditITj/liAI8SXeV7rFX8G9RRQGoYFaO3cd+yhOz0aNA0xQnIQ2XE5tQrR96SsIpDh3BqYFeWEaYfuYFlzKXSByoWRYxC/dml7ElJFSAbu0xNSoBI2lA89It85xyOpQ1GPN/E7bt1hjzDQH/yquTttIait/jf1B5eMOSE0NsH39UvIY6vnSksXCOSLZak1qjyZQd1Np/8aYiEXh3TEQ79zthOiN6vOVCDeOvGhLKOSDtcC4qLeSXXBMxLDbb3p9wXuy/3QIlEY0nZiEbwAqj8zFaOq6buZhMJDtH9fgLtUWZ87Wzt591iV9VX6Emuv+xiDLQIoOZUsNI3JLypcd6G6ybP9u2Rd2aGuOtAXuUMMJTm2qWNHltvia3GHIi37wcjT6RKfRpcYmKNaA1RRLaTN2tK9r9DvN42FyAaZD3B/jqqDpxZ5GvYHI2ryWdxXgwKLfapKKUBAQQGihHJlrQmWu3f41KQS8wCLPkldnD6pt7v01YuO6Mg0GR4wMYtYyFd88n652P9sPcp36HKZDgSrhX3d6rhImK1jPXiZiC0D0/9UnYFhgGjVZQ956//tXFBB7OH5AA9gdCmUFx2jUwWzBRPczKrAvI05CZalzo3pTkNFeAfkz3GijYnZxnd7uZP0+64haPBqMDuPay0QmsR5OCt1Cah2Mh2u9DqYWQOBEW/OpD+Lojr2+eE6+rD3A2KoychK98w76RxAH2gHWN3lfD5gvOzjObia5793vlWsTIsCAW23pIj9QD/Wo11k7wn3eYFiA2Y1IwcM1W1rXhir252YyNbwyo8NccAFK48Mm9ER9wtFDqdWSZNoDEmzDjaJ3t3TzVNRbzHrsyllg/rbDlLOLgTF8Feh7ULHvEOggQYz1VNW+9r3yK5vYewcwRdEOwHpA/+/8Sn3k7J/zhjDMnFzJbKSfLc2jOFE/rbasxm5Ax3jYWipkeF0fF76dcPzPUTPpYL7mgcSlic1mtHKHbg==
MIME-Version: 1.0
X-OriginatorOrg: liquid.tech
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6451.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1021acff-4a05-4391-e349-08dafb2b1714
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2023 21:12:51.5600 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68792612-0f0e-46cb-b16a-fcb82fd80cb1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LCbjdjfVumaryBzUX9J0L2mwlSq3WXieYJAJPt75l0jnIzOrNR36pqFkGmy0uLgSOWuC/oKBWJbIpU9rFdfcUqyyl18VuY2kSx0iLNsTsek=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR03MB6704
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: liquid.tech
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_AM7PR03MB6451BA2D16C7BF5385CDD671EEC59AM7PR03MB6451eurp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/MOUclIXoFjS53PYGU8klKSGZEjk>
Subject: Re: [Apn] Further revised draft Charter
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2023 21:13:03 -0000

Speaking with no hats on here – I did feel like I need to respond to this.

Let me say – with 100% categoric certainty – there are parts of the world – where pervasive and intrusive surveillance is very very real – at a national level – where every service providers links are passed through hardware under the control of the state and where traffic is examined – monitored – manipulated – and the consequences can be dire – where in some cases – to be blunt – people end up in jail or worse for expressing views at the wrong times (read elections).

This is not in any way shape or form limited to one or two countries either – it is far more common than a lot of people would be willing to admit – I know this – because I’ve seen it firsthand – in a multitude of countries in the region in which I operate.  Do not for a moment think that because such surveillance doesn’t happen in some parts of the world – that it isn’t extremely pervasive in other parts.  For me personally – security and privacy are mandatory.  There are those that would argue that – if it doesn’t really leave the domain it doesn’t matter – but that’s simply not true.  The fact is that when you layer crypto on packets, analyzing them requires context, and anything outside of the layer of encryption that can be used to identify applications people and other such things, adds to that context.  Leaving the domain isn’t necessary when the taps and the surveillance exists inside the domains, and in many places in the world, it does and its real.

When it comes to security and privacy, I believe that the operator has the responsibility, to the best of their ability, to protection from such surveillance.  Now, keeping in mind that a provider cannot refuse certain requests, that leaves the option of not deploying anything that could potentially give further ways to analyze and give context to traffic flows to the detriment of users.  So yes, the security and privacy concerns are real – and they have to be addressed, properly.

Andrew


From: Apn <apn-bounces@ietf.org> On Behalf Of Donald Eastlake
Sent: Friday, January 20, 2023 8:05 PM
To: adrian@olddog.co.uk
Cc: apn@ietf.org
Subject: Re: [Apn] Further revised draft Charter

Certainly there is privacy and security work to be done. What I
objected to is what appeared to me to be an assertion that every
provider and enterprise network link is always being surveilled by
possibly malign outside observers. But that happens sometimes which is
another reason for taking into account privacy and security concerns.

Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
2386 Panoramic Circle, Apopka, FL 32703 USA
d3e3e3@gmail.com<mailto:d3e3e3@gmail.com>

On Fri, Jan 20, 2023 at 5:41 AM Adrian Farrel <adrian@olddog.co.uk<mailto:adrian@olddog.co.uk>> wrote:
>
> Ted, you beat me to it.
>
>
>
> Yes, the whole point of “exposure” is not that it is being wilfully displayed, but that an attacker (who finds a way of viewing or copying traffic) can see every non-encrypted field every packet (on a link or at a node).
>
>
>
> While enterprise networks may consider themselves better protected than service provider networks (where the links are in public spaces), it turns out that enterprises are similarly vulnerable, partly because their traffic may be more valuable.
>
>
>
> A
>
>
>
> From: Ted Hardie <ted.ietf@gmail.com<mailto:ted.ietf@gmail.com>>
> Sent: 20 January 2023 08:54
> To: Donald Eastlake <d3e3e3@gmail.com<mailto:d3e3e3@gmail.com>>
> Cc: adrian@olddog.co.uk<mailto:adrian@olddog.co.uk>; apn@ietf.org<mailto:apn@ietf.org>
> Subject: Re: [Apn] Further revised draft Charter
>
>
>
> Hi Donald,
>
>
>
> On Fri, Jan 20, 2023 at 6:05 AM Donald Eastlake <d3e3e3@gmail.com<mailto:d3e3e3@gmail.com>> wrote:
>
>
> The use of the APNET Field inside an APNET network domain would not
> generally expose it to "outside observers" unless all the traffic in
> the domain was so exposed
>
>
>
> I agree with the statement above and disagree with the statement below. I think you're entirely right to say that the field would only be exposed if the network traffic were generally exposed. On the other hand, the lesson of pervasive surveillance is and was that the amount of traffic being hoovered up is always more than you think. Presuming it will be available to an attacker is a far safer assumption than assuming that this is rare. Certainly I would expect the security considerations to presume that such attackers were within the threat model.
>
>
>
> regards,
>
>
>
> Ted Hardie
>
>
>
>
>
>
>
> which I think is something that would rarely
> happen rather than "necessarily" happen. But some more could be said
> about privacy and security
>

--
Apn mailing list
Apn@ietf.org<mailto:Apn@ietf.org>
https://www.ietf.org/mailman/listinfo/apn<https://www.ietf.org/mailman/listinfo/apn>


Internal All Employees

v2.23.0 | Report a Bug | By Email