Re: [arch-d] ETSI launches new group on Non-IP Networking addressing 5G new services

[Toerless Eckert <tte@cs.fau.de>]

On Mon, Apr 13, 2020 at 02:56:30PM -0400, John C Klensin wrote:
> It may also be worth noting that a, perhaps the, major add-on
> change in IPv6 --much touted in its early days-- was supposed to
> be ubiquitous lP-level encryption.

Indeed. It is almost puzzling to think that end-to-end
encryption at IP(sec) level was presumed to be a good
architectural choice. Besides the obvious beneeit of being
agnostic to transport protocol choices but then failing on
ever getting a host stack model that would allow applications
to leverage it easily. Of couse, luckily we have it (IPsec)
as there are a lot of other good use cases for it.
Maybe a bit too much of the "one size fits all" syndrom that
new technologies by sheer self interest always come to presume ?

>  That post-2013 encryption
> deployment, at least AFAICT, relies on methods much closer to
> the applications layer, sometimes ones that are at least
> partially specific to particular applications and applications
> protocols.  If there is a message in those things, I think it is
> either that we are not good at predicting which of our
> innovations will be successful and which will not or that, when
> the IETF says "go forth and do X", thee are no guarantees that
> the world will listen.

Well, i think IPsec was an example of things working well in IETF.
They may have overexpected on the range of where it best
fits (and can be completed by host stack/APIs, which always is
the worst dependency of any IETF work), but they (IPsec) folks
AFAIK never tried to stop TLS with arguments like "we must only
have one protocol" or the like, one of the negative syndroms we
have IMHO seen for othre protocols in the IETF. But nothing
the IETF can really do. Just comes when its participants develop
a particular protocol religion or know how their jobs may depend
on a specific protocol.

> And I expect it will be some years more before we actually know
> whether our more recent push toward encryption has helped the
> Internet and its users by increasing privacy or whether pushback
> and reactions from the political and law enforcement sectors
> ultimately result in fragmentation, large-scale interconnection
> problems, and the either development of a lot of ad hoc
> solutions or movement of work to other SDOs because the IETF was
> too stuck on the importance of encryption no matter what.   I
> don't predict that outcome and definitely don't wish for it, but
> I think our architectural work would be improved by more
> recognition of the possibility.

If i limit your "encryption to "(TLS) end-to-end encryption", then
i think there are already a lot of people that have opinions about
the results even visible today.

IMHO, TLS has two main neglected consequences: It has become the
key component of a strategy for revenue supremacy from one part of
the industry, and it has moved the bad behavior (perpass and its
revenue tail) into a layer of the solution (application) where it
is out of the control of the IETF. Or at least out of the scope
of interest of the companies shaping the IETF standards in that
space because they are the beneficiaries of this evolution.

So, the next round of privacy discussion as we already see will
mostly be happening outside the IETF. For better or worse.

This is of course non-withstanding the basic necessities to use
TLS and its benefits.

Cheers
    Toerless

> best,
>      john
> 
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

-- 
---
tte@cs.fau.de