Re: Call for Comment: <draft-trammell-wire-image-04> (The Wire Image of a Network Protocol)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 06 September 2018 02:01 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06903130E2B; Wed, 5 Sep 2018 19:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1lRAc22IcIB0; Wed, 5 Sep 2018 19:01:48 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 899F4130DE8; Wed, 5 Sep 2018 19:01:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5BC8DBE24; Thu, 6 Sep 2018 03:01:44 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9HjRxFV7RXz; Thu, 6 Sep 2018 03:01:41 +0100 (IST)
Received: from [10.244.2.138] (unknown [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 16D8FBE20; Thu, 6 Sep 2018 03:01:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1536199301; bh=cJmvUjp3f80lIdls6z7R7k5lfZDEfdXGgpCBfoze4Og=; h=To:References:From:Subject:Date:In-Reply-To:From; b=GlnClUqXGzeL3QF3yxAaaf0hZwz9UmoiU2p9J32PDONBtciD5zeFdI9UXw2WcJUxs LUfheSHbgBsGpQZRnCc6zoaxiReQeIdwaZWXaybDBla8qiHUsu2WD6bEUmEa9o/b4m g9baSomx2lwHXV8Zapd+fLKA9i9kgARa/Z8rK5yg=
To: architecture-discuss@ietf.org, iab@iab.org, IETF-Discussion <ietf@ietf.org>
References: <153619287953.19753.5995314701986579146.idtracker@ietfa.amsl.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABzTJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsLBgAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxM7BTQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAcLBZQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Subject: Re: Call for Comment: <draft-trammell-wire-image-04> (The Wire Image of a Network Protocol)
Message-ID: <8b52dce5-1ee4-b40b-e1ba-e7c9b241dd82@cs.tcd.ie>
Date: Thu, 06 Sep 2018 03:01:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <153619287953.19753.5995314701986579146.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Jj5jHKfo5m6b8jU5l84QpgoHPVAQ6MWbO"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/dIuKCqqw4zCQhTKa7zg2dAwYxk0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2018 02:01:53 -0000
Hiya, (cc'ing ietf@ietf.org - I'm not keen that discussion of such IAB drafts be banished to architecture-discuss@ietf.org:-) I don't believe this is ready. It's an interesting topic, but the IAB ought do more work on this before freezing text in an RFC. There is a useful RFC to be written here, but this is not yet it IMO. More detailed comments below. Aside: as a process question - was there any indication to the community that this would be an IAB draft? Neither the draft filename nor content (other than acks) indicate that the IAB were collectively involved in this work. It puzzles me that the IAB don't ask earlier in cases like this. On 06/09/18 01:14, IAB Executive Administrative Manager wrote: > This is an announcement of an IETF-wide Call for Comment on > draft-trammell-wire-image-04. > > The document is being considered for publication as an Informational RFC > within the IAB stream, and is available for inspection at: > <https://datatracker.ietf.org/doc/draft-trammell-wire-image/> > > The Call for Comment will last until 2018-10-03. Please send comments to > architecture-discuss@ietf.org and iab@iab.org. > > Abstract > > This document defines the wire image, an abstraction of the > information available to an on-path non-participant in a networking > protocol. This abstraction is intended to shed light on the > implications on increased encryption has for network functions that > use the wire image. > - Why does section 1 only have references to things that call out difficulties with more confidentiality and has no references to things that explain why that's needed or potential benefits? Seems unbalanced to me. (And not in isolation - ISTM there's a real trend that folks primarily interested in transport protocol issues "sin" like this. I'm not casting aspersions, it's entirely understandable to focus on the issues that are of most concern, but better to be more balanced I think? For other examples, see the evolution of Gorry's header encryption draft, and text contributed by various folks to versions of Kathleen and Al's RFC.) - Section 2 & 3: you're right! the definition *is* so vague as to be useless:-) In particular that definition doesn't seem to reflect RTT, which I guess would affect inferences that can be derived from packet timing. Similarly, the definition doesn't reflect message sizes correctly (referring to a "sequence of messages" or "bits") which seems to me to ignore the possibility that APDUs are mapped to ciphertext packets in non-trivial ways so that an observer cannot reliably distinguish APDU boundaries. Also, I think you need to explicitly include protocol headers at the levels below the one at which the last confidentiality service was applied as those also expose information and are not clearly "protocol messages" for the protocol that is of concern to the analyst. Information leakage may also depend on the observer knowing about machine details, e.g. if the bad actor is to take advantage of inter-packet timing to infer higher lay protocol features. Lastly, (for now:-) and as reflected below (and in your text), related protocols (like DHCP or port 53 DNS) can expose information, so I think the useful concept here involves more bits, timing, flows and peers than your definition. - "From the point of view of a passive observer, the wire image of a single protocol is rarely seen in isolation." To me that implies that you're considering the wrong abstraction but perhaps that's debatable. Was that debated? If so, are there records of that debate? (This partly replicates one of the points above.) - "However, it cannot be applied to protecting non-header information in the wire image." Not sure that's correct, even with your (IMO-broken:-) definition - the "it" there being cryptography, one could define a ciphersuite so that it adds chaff messages and not only padding, so I think the "cannot" is incorrect. Padding and cover traffic are generally a matter of relative efficiency and not absolute. I think AEAD ciphers may also contradict this statement as there is nothing to prevent a layer 4 AEAD using layer 3 or 2 headers as part of the additional data. (Might be unwise, but could be done, so "cannot" isn't right I think.) - "While packets cannot be made smaller than their information content,..." - I'm not sure if this is correct and perhaps again reflects a problem with definitions. With MPTCP the packets visible to some observers may be smaller than the information content of the exchange between the endpoints. I guess the same is true whenever there are any OOB possibilities. - 3.2: "impossible" isn't correct. We do know there are MITM boxen in the real world for example. I think that may invalidate the subsequent "solely" conclusion, as those boxen can often modify messages or spoof. - "Integrity protection can only practically be applied to the sequence of bits in each packet," seems incorrect. I once wrote code that signed the first N bits of an N byte message and have seen similar bugs, so integrity can clearly be applied to subsets of those bits. I'm also not sure your text matches a TESLA-like scheme. - Since I mentioned TESLA, IP multicast seems not to have been considered here - was it? How about message replication at other layers? - (skipping some...) 3.1.1: the "extent" of a wire image seems to me to deserve an equally precise definition as the wire image itself. I'm not sure which is really more interesting - given that I disagree with aspects of the current definition of the latter, and there's no definition of the former at all, I'm not sure if we can easily argue this. (Could be that the idea of defining invariants is a good approach. Not saying it isn't, just not sure.) I think there may be an interesting thing to define here that's like what I think you mean by "extent." Intuitively it seems there should be a useful thing to define that encompasses all of the bits sent anywhere due to the playing a protocol-role and emitting a (minimally defined) "wire image" of a specific layer-N protocol. - "Parts of a protocol's wire image not declared invariant..." Again I think the broken definitions render this moot, but this seems to conflate ideas about "invariants" with the "wire image" in ways that assume both are much more well-defined than I think is the case. - 3.3.2: I don't know how a protocol receiver can ever handle "veracity" - There's a bunch of text that seems sensible but where I'm not sure, given the definitional issues. Most of it, looks ok though. - Lastly, if the IAB published this as-is, the sky won't fall. But I think the IAB will look a little less wise. Cheers, S.
- Re: Call for Comment: <draft-trammell-wire-image-… Stephen Farrell
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Brian Trammell (IETF)
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Brian E Carpenter
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Stephen Farrell
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Randy Bush
- Re: [arch-d] Call for Comment: <draft-trammell-wi… John C Klensin
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Brian Trammell (IETF)
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Randy Bush
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Christian Huitema
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Spencer Dawkins at IETF
- Re: [arch-d] Call for Comment: <draft-trammell-wi… Stephen Farrell