Feedback on draft-mm-wg-effect-encrypt
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 13 April 2017 09:14 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCD6131868 for <ietf@ietfa.amsl.com>; Thu, 13 Apr 2017 02:14:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARUM1dFUjQDs for <ietf@ietfa.amsl.com>; Thu, 13 Apr 2017 02:14:50 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:241:204::f0f0]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB3913186B for <ietf@ietf.org>; Thu, 13 Apr 2017 02:14:50 -0700 (PDT)
Received: from Gs-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPA id 7F2D11B0159F; Thu, 13 Apr 2017 12:10:09 +0100 (BST)
Message-ID: <58EF416D.70605@erg.abdn.ac.uk>
Date: Thu, 13 Apr 2017 10:14:21 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Feedback on draft-mm-wg-effect-encrypt
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/DCt6TR2mrsX5xUTlsMLg3egMGlc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 09:14:54 -0000
Al and Kathleen, I read the above draft as part of my preparation to think through the implications of encrypting transport-layer information, and this is therefore a very late post (sorry). I have a few very top level comments, which I hope may help: * I think this sort of Informational document from a slightly different perspective is really important to publish for the community. It raises-up a myriad of topics and starts to expose areas that require thought in the design of protocols, operational procedures, etc. The greatest strength is that the scope is wide-ranging. This does not replace the need for more focussed infromation at each protocol layer. * It is important to think about current operational support when we discuss monitoring, otherwise I fear the discussion will tend to focus on what is perceived as malicous monitoring. It could be easy to simply lump all monitoring, middleboxes, etc as bad for all, and all encryption as helpful to all. We need to understand the implications on design, and how now to best operate networks. There are actually still quite a lot of NiTs, and I'm assuming these will be fixed to make this more readable): * A few places "?" has been substituted for an apostrophe:-) * "a reasonable assumption is that the DSCP markings would be withheld from the outer IP header to further obscure which packets belong to each application flow." - Is this true. I know I worked on HAIPE (IPsec) and they allowed DSCP through, after a struggle, because it was such a powerful tool for running their networks and piroritising flows? So I question whether this is a given, or just a consideration that needs to be weighed? Actually in a mobile context we haven't observed a lot of DSCP support in networks... but maybe some operators do this well? (I think they should start!) * Some of the mobile stuff seemed that it was jargon-rich, and more general wording would help where this happens. (That also may make it accessible to people working on Enterprise wireless, anb other network technologies with varying managed capacity). * /QAM/ - I think this should be modulation/coding scheme, to be less technology-specific? * /PGP/ /SMTP/ /TLS/ /DTLS/ /iSCSI/ /KPIs/ /KQI/ /QOE/ /DRM/ etc, define? * /TCP transmitter/ /TCP sender/ * /TCP Pipelining/Session Multiplexing/ - does using a VPN also have the same effect? Some sarcastic or colloqual sentences will I think make this hard to follow for someone who doesn't agree or does not have English as a first language. The key value of a survey is that it is accessible to others. My last comment is probably the one that I think most concerns me: The abstract doesn't say that this is from an operational perspective - or - based on experience of service providers - or - something that sets the context, I think it is important to call-out this sort of detail for any informational document, to really differentiate it from publishing IETF consensus (e.g., BCP). Thanks for writing this, Best wishes, Gorry
- Feedback on draft-mm-wg-effect-encrypt Gorry Fairhurst