IETF Logo Mail Archive

Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Wed, 06 November 2019 07:32 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 675F912004F; Tue, 5 Nov 2019 23:32:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id colDHN_BtQQO; Tue, 5 Nov 2019 23:32:09 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140081.outbound.protection.outlook.com [40.107.14.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10FD5120024; Tue, 5 Nov 2019 23:32:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EDLHys/+IlTV+YSzzMAMfrbvCYW1ZOxoBx1GKgSS0+2dzGgAlzwgL/Wpi0SI5W2RFc1Hkmtf67FArjoHI7fhLGl9ESz/Vm7OZIRzwt1wKDvsSM8fl7dy5/GKrwPE9XDvl7d6jK6RauMgOtleIFZbSlSjvyTgJe+cChZ0luBifoqj7qDZ1r+ijtwCWPgGu4/3aFVAS5ccH3XWw2xoN8kzgDalgH6Y9LaxpG4bbxvAxXfiZ4AiHyawBJ3WEz7/u64t+IaH0GsuJ2Q+tmPO8mXYrBqd0ppxH4x6eCJ8v+0s8B6VOQyRcvhPQsjonQ7+0lnljKbdsRDGdQavu1mOauBcfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qdnpiWaz7r4xK0EbQ8IkgElo2FCNd3M4ltQyKamVnA4=; b=ADR9cP1SOHMqUb+sCRb00nnX8QV49Ebjl9pn94+QpD+qE1IwhNyU6Os3rD+mQXbtNcvo4dKfiKdqNE0/EvAF/WbAJmSvxIHZMrb04z3k5PFDpOpSS3veWgMo7L6yEtLeI3al6elo+BKutCSu1il1/0zJJ/BU07eytrAVBcgtomAKrvC1/SRAKGbg9heF8yToT/XWTy4ORl7BYpBnxQR7JOqgBICxoO9kzBJeM6GWU9HsauTCbztfTasIDMrApY1AA+y2Vo+0GjTkdmgTlJNv+t2BSCgFqMvcDAdH6oobNcV7pOVbJzv6bIRU0BOsdNduacjLr5sAtrwpjhZGQ//Xow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qdnpiWaz7r4xK0EbQ8IkgElo2FCNd3M4ltQyKamVnA4=; b=qw2mw4HcljJe5nviGc+jlnDx0kY1RMptXK9YpH3hs915b8fUjNKC0PVuWxr4DSQUZMfIJDLJpKwpw4MjFSkdEB4zbHeQI4r99RhENvEtcvpq0S3XNnWdDlXCZKqQc0djt6iabAiOoYb3ATRvxfjK4J2/KdsUN3LzGivOW0nUyfI=
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com (52.135.149.158) by AM0PR07MB5665.eurprd07.prod.outlook.com (20.178.115.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.16; Wed, 6 Nov 2019 07:32:05 +0000
Received: from AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4189:4ef8:bfc1:ec58]) by AM0PR07MB4691.eurprd07.prod.outlook.com ([fe80::4189:4ef8:bfc1:ec58%7]) with mapi id 15.20.2430.014; Wed, 6 Nov 2019 07:32:05 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>
CC: David Schinazi <dschinazi.ietf@gmail.com>, tsvwg IETF list <tsvwg@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
Thread-Index: AQHVlFgnDgpdd/GtUkWp5DmTXAsvvKd9v+EA
Date: Wed, 06 Nov 2019 07:32:05 +0000
Message-ID: <9EC2E60F-6044-4135-A802-1665028E6075@ericsson.com>
References: <67CE4313-A4C2-4CC7-972E-CB465D47B7FE@ericsson.com> <998B7C3E-54D8-40AC-BF91-901390CF70C5@strayalpha.com> <CAPDSy+5rvaXgEGZ7_V4pRdmBss7Hf1XmaGbiXGZceQu9hjjRTQ@mail.gmail.com> <118e630a-3f04-4aa9-8c1f-8083194865e4@www.fastmail.com>
In-Reply-To: <118e630a-3f04-4aa9-8c1f-8083194865e4@www.fastmail.com>
Accept-Language: en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mirja.kuehlewind@ericsson.com;
x-originating-ip: [109.41.192.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 14ee8c58-969f-4930-4dc1-08d7628b6c73
x-ms-traffictypediagnostic: AM0PR07MB5665:
x-microsoft-antispam-prvs: <AM0PR07MB56653D4704596C7F4A7709DBF4790@AM0PR07MB5665.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02135EB356
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(199004)(189003)(256004)(8936002)(54906003)(966005)(229853002)(316002)(8676002)(81166006)(71190400001)(6486002)(486006)(11346002)(478600001)(446003)(99286004)(476003)(71200400001)(36756003)(2616005)(5660300002)(6436002)(76176011)(26005)(44832011)(53546011)(76116006)(66616009)(66476007)(6506007)(66556008)(66446008)(64756008)(102836004)(25786009)(186003)(6246003)(6512007)(6306002)(14454004)(66946007)(7736002)(305945005)(6916009)(66066001)(4326008)(86362001)(81156014)(6116002)(99936001)(3846002)(33656002)(2906002)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB5665; H:AM0PR07MB4691.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3XK8cYyu4xLwTEHlt9cZGxzv9UFewNujchXIIkRpk+ZSwXb7xImtxhBsCjplo7P3P5fzFWAYVDeJjGMMBSJQS6lExYcSpHeT/o+OqrE37h9aEmH5xwX8oJHzz4KV4mf+XmF90+nkYcKnRCBEuIJaMMs1elzfC5n1LuQJ+nL41x5o9GUIPATfWCtZOjToXlDDLQYBY6XdFsJatgnbAIe1GkXNoQMniuoMEf1kSvlx7DKrREdFjMpf+bxPiHgcig3WaGEUUorjZJwEl1HyFbpZA07NChlgrX8zMOt9ojTwPKaIYV4Fks9ruaQ0nnKat8RCxpJXfm28lOh8Itcd4BaZcoldybxyWlRLZE8S79CKo/9RyDx+ipqGRnub97mAohhpOY4T+l1yEf0fe846i/Ykpqf6KJgKgywmRIrOEOsSn/r/cSwKwPWIEquXEB4LtT3j
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail-B8302B21-684B-4D2A-8029-B3CBCC5F30F7"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14ee8c58-969f-4930-4dc1-08d7628b6c73
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 07:32:05.4437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JlDlFnq829q7k+mQvH/RhYtes0WRbQzh482dB9E5107Pd3HQWFbz3kUEotPxw2iOt7U+s2dUIyQdvhQbwRAkRnX/4YSF017tpcRr3tA3H5k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5665
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Aa8J-DCWDHdbZDgzShpNqnfBYj4>
Subject: Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 07:32:12 -0000

Hi Martin,

Thanks for your more elaborated review. I don’t think there was an intention in the document to say that „listed practices are privileged and therefore deserving of protection“ but I can see how you could read it this way. I think the intention was to rather not make a judgement if these practices are „good“ or „bad“ because the assumption was that it would be even harder to find consensus on that but I agree that the document could at least explicitly state that these practices are not endorsed and not all of them are seen as worth supporting in future or any way desirable.

However I still think it is important to document current practices and spell out implication that changes in the Transport Layer can have.  I also agree that the document got a bit redundant in the mean time and some of the „could“ and „might“ might actually go too far beyond the goal of documentation. 

The document was initially not intent to talk about potential solutions or future approaches to address desired implications that have been identified. However there was quite a bit of feedback that the document should go one step further. We could reconsider this approach but I actually think the document does a good job listing potential option to move forward. I hope this document can provide a common basis for understanding problems and therefore design work the ietf might do in future in this space. However the goal right now is really documentation and not making design decisions. 

Mirja


> Am 06.11.2019 um 05:10 schrieb Martin Thomson <mt@lowentropy.net>:
> 
> I just read this document.  tl;dr, I agree with David, but I'd like to provide rationale in long-form.
> 
> 
> The introductory material is largely quite good.  Though I found it to be a little long-winded and a bit repetitious, the thesis it sets up is an oft-repeated theme of recent discussion: encryption has these benefits, but increased deployment of encryption affects certain existing practices.  Add text on ossification.  In the abstract, that's all non-controversial.  The risk that this is a repetition of RFC8404 is tempered by the prospect that this document might include a more detailed analysis of transport-level mechanisms.
> 
> However, the remainder of the document says something different.  In reading Ekr's review here, I thought that might be through implication, but I found that it was far more direct.  There is an assumption throughout that the listed practices are privileged and therefore deserving of protection.  No attempt is made to acknowledge that some of these practices are can be harmful in various ways.  No recognition is given to the possibility that involving endpoints might offer alternative methods toward the same ends.  This is perhaps exemplified in the conclusion, which states:
> 
>> An increased pace of evolution therefore needs to be accompanied by methods that can be successfully deployed and used across operational networks.
> 
> And:
> 
>> Protocols that change their transport header format (wire image) or their behaviour (e.g., algorithms that are needed to classify and characterise the protocol), will require new network tooling to be developed to catch-up with each change.  
> 
> The use of "needs" and "will" in these statements is emblematic of the theme that carries throughout this conclusion and - to a lesser extent - the preceding sections: the document clearly states that these goals are important and stresses the importance of finding replacements.  For instance, I don't think it is appropriate for an on-path box to reset a flow that doesn't conform to some ideal (S3.2.4).  If I were to state the requirement for a network operator it would be that it be possible to identify and isolate sources of traffic that are consuming disproportionate amounts of resources.  That might avoid any implication that the network operator be able to measure goodput (S3.1.2), for instance.
> 
> End-to-middle and middle-to-end signaling is something this organization has repeatedly attempted to tackle.  It's a hard problem.  Success has been patchy.  Though we might debate relative success, successful signals are few in number.  This document contains a direct and specific plea.
> 
> It is possible that this problem could be addressed by adding water until this skew is sufficiently diluted.  Sadly, the homeopathic approach we took with RFC 8404 failed.  The IETF ended up publishing an RFC in the absence of consensus.  I don't see that tactic being any more effective in this case.  The catalogue of techniques here is somewhat interesting, even if it is now outdated as Bernard suggests.  A document with the right framing might work, but that would omit any conclusion other than the one that says that these techniques are approaching extinction.  Though that might be a shame in some ways - the loss of the ability to conduct research in some ways is a loss - those are the facts on the ground.
> 
> As this is a document that intends to represent consensus, I have to oppose publication on the grounds that it includes an ask I disagree with.  I assert that it would be better to concentrate on building those signals, even if it is one hard-earned bit at a time.  For instance, let's see how ECN and spin work out in QUIC.
> 
> 
>> On Wed, Nov 6, 2019, at 09:10, David Schinazi wrote:
>> I also oppose publication of draft-ietf-tsvwg-transport-encrypt. This 
>> document discourages transport header encryption and publishing it 
>> could harm future protocol development.
>> 
>> David
>> 
>>> On Tue, Nov 5, 2019 at 1:04 PM Joe Touch <touch@strayalpha.com> wrote:
>>> 
>>> 
>>>> On Nov 5, 2019, at 12:35 PM, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:
>>>> 
>>>> What I’m hearing is that 2-3 people think this is not aligned but don’t actually say why exactly they think that
>>> 
>>> That’s not what we’re saying. We gave reasons. 
>>> 
>>> Joe 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>> 
>

v2.23.0 | Report a Bug | By Email