Re: [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
Eric Rescorla <ekr@rtfm.com> Tue, 30 June 2020 01:00 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EB233A0EED for <saag@ietfa.amsl.com>; Mon, 29 Jun 2020 18:00:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19UZfL5NEJyJ for <saag@ietfa.amsl.com>; Mon, 29 Jun 2020 18:00:16 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 472EC3A0EEA for <saag@ietf.org>; Mon, 29 Jun 2020 18:00:16 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id 9so20480854ljv.5 for <saag@ietf.org>; Mon, 29 Jun 2020 18:00:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NkYnxQEum5VCcUYmn4jELm3W207v3ZHJfLLeoCska0Q=; b=tEzrAv7oLirchBe37I+ar9VJ5F8xNR/qyOOiFbp1PJDFVSlHZgM1Hx3Uab/C0Sq9K4 iuhllqAqY661Nw6q06S8JY5zGFpMs7+0tIa5jX70qjc6cdXNbQfc9vXxrQ+JXrDqRfxS J5rNAzV8hoJqLOqnNK9DJ9194rr9zRNsQ7wJtIPfr9Wq3WNtUV7Sb2QYk1WtbUVIs6+y wOAIse9OOy2TdyfP3uv6PQn8ynGnoQ59QBDnW/hrEb+84097MA9/OxDDmKDyq0+xNYH4 G533NZOv4jJNSE/JXjAkuUQ0N0kUV2c0wBozyDotfiUm74Sx+nwlwVr9NscLitJflOQJ 4KWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NkYnxQEum5VCcUYmn4jELm3W207v3ZHJfLLeoCska0Q=; b=TFZIWtyldmbOxooF2nhhZD/FuysvbwUPqPIq3Of1GLggpRcKCTBzT8Huwha+TRfMrc EmWcvJIm1sSYB86ilcgq1Vrvx5N47CwX7THBQlmLx3/W2isKS9GYPJC7Xsi7wLOY86RA CxC8CPbiELeA3R5w8EVpafDrwFabq0EvojoXLFlrvCEhfokvc3mlM15+4EkEdYXViLi0 fVULDWPMGt+zb32KVU91pclsdqrVkjuQJB7P6oLBKZDOA1y4iidi9TdoR9f+iDDPUWcx 61rHYZQaqbHsel7AN8IkuIVwIg54hk8oBtu1HOFLGsZbMJcm+rfX+aVjzLG75StmIa+7 0PJQ==
X-Gm-Message-State: AOAM533VzXzG+G+IpT2Smchf9wQFnhty7LElnmdMBuT2FXunhzoDCgT6 F8BoVP3sReLw485DiikeN8JrsdBI3ErHiERBKXaZFA==
X-Google-Smtp-Source: ABdhPJz5CCHE7nJJf2Elo7RQP/IMh4cAdpbvUSE5hPYJeEbbBqABKyB4LkCazUYjfvq1PB+tIHsOYTcoOWnYr7LWv6w=
X-Received: by 2002:a2e:8092:: with SMTP id i18mr1258584ljg.265.1593478814391; Mon, 29 Jun 2020 18:00:14 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 29 Jun 2020 17:59:38 -0700
Message-ID: <CABcZeBM9A1RxOiHGZdBznTb7zzArG5GTQs=bhNtBy90tSXs3Pg@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>, int-area <int-area@ietf.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b0732f05a942b220"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/EoUNZZ05G2Tzu4JAQtUJPKrrN4w>
Subject: Re: [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 01:00:19 -0000
> > This 3rd WGLC is limited to the following two topics: > > > Whether or not to proceed with a request for RFC publication > > of the draft. The decision on whether or not to proceed will > be based on rough consensus of the WG, see RFC 7282. > During the 2nd WGLC, Eric Rescorla and David Schinazi expressed > strong views that this draft should not be published – those > concerns have not been resolved and are carried forward to > this WGLC. This email message was an attempt to summarize > those concerns: > > https://mailarchive.ietf.org/arch/msg/tsvwg/i4qyY1HRqKwm0Jme9UtEb6DyhXU/ > > Further explanation from both Eric Rescorla and David Schinazi > is welcome and encouraged to ensure that their concerns are > clearly understood. Well, I'll try again, but I'm not sure that I can do better than I have before. For reasons that are laid out in RFC 7258, the trend in protocol design in IETF is towards encrypting more and more. The last two transport protocols that were designed and widely deployed (SCTP over DTLS and QUIC) both encrypt the vast majority of the protocol metadata. This document advertises itself as "considerations" for design of such protocols: The transport protocols developed for the Internet are used across a wide range of paths across network segments with many different regulatory, commercial, and engineering considerations. This document considers some of the costs and changes to network management and research that are implied by widespread use of transport protocols that encrypt their transport header information. It reviews the implications of developing transport protocols that use end-to-end encryption to provide confidentiality of their transport layer headers, and considers the effect of such changes on transport protocol design, transport protocol evolution, and network operations. It also considers some anticipated implications on application evolution. This provides considerations relating to the design of transport protocols and features where the transport protocol encrypts some or all of their header information. However, as I said above, the new transport protocols that are actually being designed already feature metadata encryption and as far as I can tell, there is no prospective protocol new transport protocol design project for which these issues might be live. In that context, it's hard not to read this document with its long litany of practices which are impacted by metadata encryption as a critique of the decisions by SCTP/DTLS and QUIC to encrypt most of the metadata. This impression is reinforced by the description of the actual practices themselves, which focuses almost entirely on practices which appear to be benignly motivated (e.g., performance monitoring, troubleshooting, etc.) However, we also know that metadata is widely used for practices in which the network operator is adversarial to the user, for instance: - Blocking traffic based on TCP port, IP address, SNI, etc. - Performance-based traffic class discrimination - Monitoring the user's behavior via indicia like the ones above or via traffic analysis (see [0]) Yes, I understand that the authors explicitly disclaim judgement on these practices, and the document does briefly touch on the general idea, though the "concerns...have been voiced" tends to minimize those concerns [1] but the selection of practices to focus on is extremely telling. Focusing on the downsides of encryption for (at least arguably well-meaning) network players while mostly ignoring the large class of non-benign behaviors which encryption is intended to protect against has the effect of overemphasizing the costs of encryption to those players and minimizing the benefits to the endpoints whom it is intended to protect. To be maximally clear: I don't object to this document existing and I don't think that the opinions implicit in it are ones that should not be expressed. I merely don't think that it should be published as an IETF Consensus document. -Ekr [0] https://tools.ietf.org/html/draft-wood-pearg-website-fingerprinting-00#section-5 [1] Another motivation stems from increased concerns about privacy and surveillance. Users value the ability to protect their identity and location, and defend against analysis of the traffic. Revelations about the use of pervasive surveillance [RFC7624] have, to some extent, eroded trust in the service offered by network operators and have led to an increased use of encryption to avoid unwanted eavesdropping on communications. Concerns have also been voiced about the addition of information to packets by third parties to provide analytics, customisation, advertising, cross-site tracking of users, to bill the customer, or to selectively allow or block content. Whatever the reasons, the IETF is designing protocols that include transport header encryption (e.g., QUIC [I-D.ietf-quic-transport]) to supplement the already widespread payload encryption, and to further limit exposure of transport metadata to the network.
- [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg… Black, David
- Re: [saag] [tsvwg] 3rd WGLC (limited-scope): draf… Paul Vixie
- [saag] Anticompetitive use of trademark and IETF … Tony Rutkowski
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Kyle Rose
- Re: [saag] [tsvwg] 3rd WGLC (limited-scope): draf… Roni Even
- Re: [saag] [Int-area] 3rd WGLC (limited-scope): d… Tom Herbert
- Re: [saag] [tsvwg] 3rd WGLC (limited-scope): draf… Holland, Jake
- Re: [saag] [tsvwg] [Int-area] 3rd WGLC (limited-s… Gorry Fairhurst
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Eric Rescorla
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Hannes Tschofenig
- Re: [saag] [tsvwg] 3rd WGLC (limited-scope): draf… Colin Perkins
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… mohamed.boucadair
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Hannes Tschofenig
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Ruediger.Geib
- Re: [saag] 3rd WGLC (limited-scope): draft-ietf-t… Kyle Rose
- Re: [saag] [Int-area] 3rd WGLC (limited-scope): d… Dirk.von-Hugo
- Re: [saag] [Int-area] 3rd WGLC (limited-scope): d… Joseph Touch
- Re: [saag] [Int-area] 3rd WGLC (limited-scope): d… Behcet Sarikaya
- Re: [saag] [Int-area] [tsvwg] 3rd WGLC (limited-s… tom petch
- Re: [saag] [tsvwg] [Int-area] 3rd WGLC (limited-s… Spencer Dawkins at IETF
- Re: [saag] Anticompetitive use of trademark and I… Jeffrey Walton
- Re: [saag] Anticompetitive use of trademark and I… Tony Rutkowski
- Re: [saag] Anticompetitive use of trademark and I… John Levine
- Re: [saag] Anticompetitive use of trademark and I… Tony Rutkowski
- Re: [saag] Anticompetitive use of trademark and I… Tony Rutkowski
- Re: [saag] Anticompetitive use of trademark and I… John R Levine