IETF Logo Mail Archive

Re: Comments on draft-mm-wg-effect-encrypt-11

Benoit Claise <bclaise@cisco.com> Wed, 03 May 2017 16:29 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0A8C129457; Wed, 3 May 2017 09:29:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.823
X-Spam-Level:
X-Spam-Status: No, score=-11.823 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFGtvTobCnuG; Wed, 3 May 2017 09:29:30 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B0012945C; Wed, 3 May 2017 09:27:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2253; q=dns/txt; s=iport; t=1493828833; x=1495038433; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=SayP8P2W2uQ1ep0zSF5gHhruohBIugfLmnaGNxGj+P0=; b=NqdhY5D8y2jMhWezp/H1/KtzopU3RsqMWnlIIo7Yr8WqrteywzTWHnTF V1gGoI/f/YGDpGV3Ipki1E5eGe28leyjwBLh47EWYBHp6pcs58oYFX51C kHxAOW4Hx87To+IQH9MXDspXKb3BxXRNj+1UEzwB10LxeOjxlYb4o1IYJ g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DrAQB9BApZ/xbLJq1cGQEBAQEBAQEBAQEBBwEBAQEBhUOOc5BhlW6CD4YkAoUCFwECAQEBAQEBAWsohRYBBRggQRALGC5XBgEMBgIBAReKBrNQinEBAQEBAQEBAQEBAQEBAQEBAQEghl+CCYJwikgBBJ1ckxSKfYZjjAiILCEDM4EKLiAIGRWHNz42iF4BAQE
X-IronPort-AV: E=Sophos;i="5.38,284,1491264000"; d="scan'208";a="651592783"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 May 2017 16:26:50 +0000
Received: from [10.60.67.90] (ams-bclaise-8919.cisco.com [10.60.67.90]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v43GQnkL003543; Wed, 3 May 2017 16:26:49 GMT
Subject: Re: Comments on draft-mm-wg-effect-encrypt-11
To: "Brian Trammell (IETF)" <ietf@trammell.ch>, Mark Nottingham <mnot@mnot.net>
Cc: IESG <iesg@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>
References: <C49A16E7-1680-4FC9-A423-15A32EFF3D8F@mnot.net> <21A01174-4FB6-4F8C-AA3D-DCF6D1FEBA01@trammell.ch>
From: Benoit Claise <bclaise@cisco.com>
Message-ID: <8cb6fefd-200e-1d90-6a36-c32530ecbaf8@cisco.com>
Date: Wed, 03 May 2017 18:26:48 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0
MIME-Version: 1.0
In-Reply-To: <21A01174-4FB6-4F8C-AA3D-DCF6D1FEBA01@trammell.ch>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/aew7v1cvN7UvWvVIksz1Vhh_eJ4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 16:29:32 -0000

Dear all,
> hi Mark,
>
> ...hm, apparently I *will* comment on the structure of the current document, inline below...
>
>> On 01 May 2017, at 05:45, Mark Nottingham <mnot@mnot.net> wrote:
>>
>> Overall, this document reads as if it was originally written to highlight the downsides of increased use of encryption, and then rewritten to be more neutral in tone. Unfortunately, some of the original intent posited there still seeps through.
>>
>> In doing so, it often fails to convey that there are any options other than "this has to be done by the network." I know that this has been cast as a survey of potential impacts, and therefore doesn't necessary need to enumerate alternatives, but the way that it's written could easily lead a reader to think that there aren't alternatives. It also is odd that alternatives are not enumerated when they're often well-known, and the really interesting issues are in the tradeoffs between doing something in the network (i.e., as a third party) vs. by one of the endpoints (a first party to communication) or their delegates.
> I think the statement of alternatives is a different document, though; it's one that needs to be written, yes, but the division of problem space and solution space is IMO useful here.
I would agree.
The operators are used to manage their network in a certain way.
The change for more encrypted traffic will force a change of those 
operational practices.
This document should serve as for a starting point to have this debate 
at the IETF, based on the documentation of those operational practices.
> I see this as the analogous to the split between RFC 7624 and draft-iab-privsec-confidentiality-mitigations. It was quite useful in having the former as a complete statement of what we think the problem is (in more detail that 7258's declaration) before recommending solutions. And, indeed, it's entirely possible that an IETF consensus statement on the solutions available for a given problem is "we have decided that this is not actually a problem we should design for", as in RFC 2804.
And again agree. Not all problems in this document are valid IETF 
problems. It doesn't mean that we should not document them.

Regards, Benoit
>
> Cheers,
>
> Brian

v2.23.0 | Report a Bug | By Email