IETF Logo Mail Archive

Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC

Fernando Gont <fgont@si6networks.com> Thu, 11 February 2021 19:28 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CDF3A1899; Thu, 11 Feb 2021 11:28:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MzEtAwzeV5Tb; Thu, 11 Feb 2021 11:28:02 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F4713A1898; Thu, 11 Feb 2021 11:28:02 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:4181:442:5061:d73f] (unknown [IPv6:2800:810:464:2b9:4181:442:5061:d73f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 3DFA4283A13; Thu, 11 Feb 2021 19:27:53 +0000 (UTC)
To: Tom Herbert <tom@herbertland.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "Black, David" <David.Black@dell.com>, Fernando Gont <fernando@gont.com.ar>, Benjamin Kaduk <kaduk@mit.edu>, "saag@ietf.org" <saag@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <161257199785.16601.5458969087152796022@ietfa.amsl.com> <20210210062551.GI21@kduck.mit.edu> <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar> <MN2PR19MB4045B25A78B3C0841CC8EAFE838D9@MN2PR19MB4045.namprd19.prod.outlook.com> <2fb9d724-7f8a-93cd-9045-eb3852345a9e@erg.abdn.ac.uk> <1416490d-6532-59ce-e09f-388db716af8f@si6networks.com> <CALx6S35_Rb_vUyDddaiJtt2iT2Gvev=bLs7Rip8TQ8yZppMLDQ@mail.gmail.com> <1005a57d-d24b-a71e-e977-2be84ad63695@si6networks.com> <CALx6S35U_Re0T5f9m4AbNyvv7Gk6s9UoN1wdo7_j_phSMm+2gg@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <1dcb48f6-f621-11f8-9e9a-067b65c44818@si6networks.com>
Date: Thu, 11 Feb 2021 16:27:47 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S35U_Re0T5f9m4AbNyvv7Gk6s9UoN1wdo7_j_phSMm+2gg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/K4MISK37WCLEf2AZvsWg_2050Jc>
Subject: Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 19:28:05 -0000

On 11/2/21 16:11, Tom Herbert wrote:
> On Thu, Feb 11, 2021 at 11:40 AM Fernando Gont <fgont@si6networks.com> wrote:
>>
>> On 11/2/21 15:18, Tom Herbert wrote:
>> [...]
>>>
>>> When the transport layer is encrypted, network devices would only see
>>> the plaintext EH and that is only what that is what they can act on.
>>> At the destination, we could try to rectify transport information in
>>> HBH with decrypted plaintext transport headers, but I suspect that
>>> wouldn't typically be done. The HBH information is only operationally
>>> useful to the network, not the transport endpoints that have access to
>>> the transport header.
>>
>> Then this is what an attacker would do:
>> He/she would advertise on a HBH option something that looks sensible to
>> the guy enforcing a network-based security policy, and then at transport
>> would do what he/she needs to do. :-)
>>
>>
>> e.g., HBH could advertise that my packets are directed to ports 80/443,
>> while in transport they are actually directed to port, say, 22.
>>
> It's more likely that information in the HBH would be generic and
> abstract, afterall the whole point of encrypting the transport header
> is to hide information from the network that it doesn't require, not
> to just blindly volunteer the same information somewhere else in the
> packet. Port numbers, for instance, are not required for delivery and
> in fact are prone to misinterpretation in the network (RFC7605)-- IMO
> it makes no sense to put those in a HBH option.
> 
> Regardless of HBH though, if the preponderence of transport headers
> are encrytped then network security policiy that relies on the
> information will need to change.

The folks running networks might as well argue that if you want your 
protocol to be successfully deployed (or at all deployed), your protocol 
might need to change.

It's a tussle. ANd I see valid arguments on both sides.

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email