Feedback on draft-mm-wg-effect-encrypt
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 13 April 2017 09:14 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCD6131868 for <ietf@ietfa.amsl.com>; Thu, 13 Apr 2017 02:14:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARUM1dFUjQDs for <ietf@ietfa.amsl.com>; Thu, 13 Apr 2017 02:14:50 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:241:204::f0f0]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB3913186B for <ietf@ietf.org>; Thu, 13 Apr 2017 02:14:50 -0700 (PDT)
Received: from Gs-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPA id 7F2D11B0159F; Thu, 13 Apr 2017 12:10:09 +0100 (BST)
Message-ID: <58EF416D.70605@erg.abdn.ac.uk>
Date: Thu, 13 Apr 2017 10:14:21 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Feedback on draft-mm-wg-effect-encrypt
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/DCt6TR2mrsX5xUTlsMLg3egMGlc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 09:14:54 -0000
Al and Kathleen,
I read the above draft as part of my preparation to think through the
implications of encrypting transport-layer information, and this is
therefore a very late post (sorry).
I have a few very top level comments, which I hope may help:
* I think this sort of Informational document from a slightly different
perspective is really important to publish for the community. It
raises-up a myriad of topics and starts to expose areas that require
thought in the design of protocols, operational procedures, etc. The
greatest strength is that the scope is wide-ranging. This does not
replace the need for more focussed infromation at each protocol layer.
* It is important to think about current operational support when we
discuss monitoring, otherwise I fear the discussion will tend to focus
on what is perceived as malicous monitoring. It could be easy to simply
lump all monitoring, middleboxes, etc as bad for all, and all encryption
as helpful to all. We need to understand the implications on design, and
how now to best operate networks.
There are actually still quite a lot of NiTs, and I'm assuming these
will be fixed to make this more readable):
* A few places "?" has been substituted for an apostrophe:-)
* "a reasonable
assumption is that the DSCP markings would be withheld from the
outer IP header to further obscure which packets belong to each
application flow."
- Is this true. I know I worked on HAIPE (IPsec) and they allowed DSCP
through, after a struggle, because it was such a powerful tool for
running their networks and piroritising flows? So I question whether
this is a given, or just a consideration that needs to be weighed?
Actually in a mobile context we haven't observed a lot of DSCP support
in networks... but maybe some operators do this well? (I think they
should start!)
* Some of the mobile stuff seemed that it was jargon-rich, and more
general wording would help where this happens. (That also may make it
accessible to people working on Enterprise wireless, anb other network
technologies with varying managed capacity).
* /QAM/ - I think this should be modulation/coding scheme, to be less
technology-specific?
* /PGP/ /SMTP/ /TLS/ /DTLS/ /iSCSI/ /KPIs/ /KQI/ /QOE/ /DRM/ etc, define?
* /TCP transmitter/ /TCP sender/
* /TCP Pipelining/Session Multiplexing/ - does using a VPN also have the
same effect?
Some sarcastic or colloqual sentences will I think make this hard to
follow for someone who doesn't agree or does not have English as a first
language. The key value of a survey is that it is accessible to others.
My last comment is probably the one that I think most concerns me: The
abstract doesn't say that this is from an operational perspective - or -
based on experience of service providers - or - something that sets the
context, I think it is important to call-out this sort of detail for any
informational document, to really differentiate it from publishing IETF
consensus (e.g., BCP).
Thanks for writing this,
Best wishes,
Gorry
- Feedback on draft-mm-wg-effect-encrypt Gorry Fairhurst