IETF Logo Mail Archive

Re: Results of IETF-conflict review for draft-williams-exp-tcp-host-id-opt-07

Fernando Gont <fgont@si6networks.com> Wed, 27 January 2016 11:35 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5E241A7012 for <ietf@ietfa.amsl.com>; Wed, 27 Jan 2016 03:35:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXxO_kpybjB4 for <ietf@ietfa.amsl.com>; Wed, 27 Jan 2016 03:35:46 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A5B31A701A for <ietf@ietf.org>; Wed, 27 Jan 2016 03:35:46 -0800 (PST)
Received: from [192.168.2.101] (unknown [181.165.125.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 1B723206A36; Wed, 27 Jan 2016 12:35:42 +0100 (CET)
Subject: Re: Results of IETF-conflict review for draft-williams-exp-tcp-host-id-opt-07
To: Harald Alvestrand <harald@alvestrand.no>, ietf@ietf.org
References: <20160125231333.27786.50459.idtracker@ietfa.amsl.com> <56A897AE.9060900@alvestrand.no>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56A8AB81.6000706@si6networks.com>
Date: Wed, 27 Jan 2016 08:35:29 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56A897AE.9060900@alvestrand.no>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/mcpNKsl8u8JspK0p0ZlGibyo0VY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 11:35:50 -0000

On 01/27/2016 07:10 AM, Harald Alvestrand wrote:
> This one surprised me a bit.
> 
> Asking for blockage of an ind-sub is a fairly unusual thing.
> I kind of expected to find in the IESG review would explain the nature
> of the conflict, but the totality of the review is:
> 
> "The IESG has concluded that this document violates IETF procedures about
> pervasive monitoring (RFC 7258) and should therefore not be published
> without IETF review and IESG approval. This work is related to IETF work
> done in the INTAREA WG."
> 
> The procedures I could find described in RFC 7258 are these:
> 
>    Those developing IETF specifications need to be able to describe how
>    they have considered PM, and, if the attack is relevant to the work
>    to be published, be able to justify related design decisions.  This
>    does not mean a new "pervasive monitoring considerations" section is
>    needed in IETF documentation.  It means that, if asked, there needs
>    to be a good answer to the question "Is pervasive monitoring relevant
>    to this work and if so, how has it been considered?"
> 
>    In particular, architectural decisions, including which existing
>    technology is reused, may significantly impact the vulnerability of a
>    protocol to PM.  Those developing IETF specifications therefore need
>    to consider mitigating PM when making architectural decisions.
>    Getting adequate, early review of architectural decisions including
>    whether appropriate mitigation of PM can be made is important.
>    Revisiting these architectural decisions late in the process is very
>    costly.
> 
> The draft in question does have a "Pervasive Monitoring Considerations",
> so the issue has certainly been considered by the authors. One may agree
> or disagree with their conclusions, but one can't argue that they didn't
> consider it.

I agree with Harald.

Besides, if this proposal is knocked down for including a host_id option
(which, skimming through the I-D doesn't seem to be some global
identifier) in flows that traverse a nat, then I wonder:

   What would be the take on deploying IPv6 on such network, since that
   would obviously reveal host identity even more than a host_id option?

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email