Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt

Colin Perkins <csp@csperkins.org> Thu, 07 November 2019 19:10 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD07E120144; Thu, 7 Nov 2019 11:10:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I762qAhnfcYo; Thu, 7 Nov 2019 11:10:16 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A95120025; Thu, 7 Nov 2019 11:10:16 -0800 (PST)
Received: from [82.152.40.192] (port=61261 helo=[192.168.1.135]) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1iSnAZ-0000fZ-6i; Thu, 07 Nov 2019 19:10:11 +0000
From: Colin Perkins <csp@csperkins.org>
Message-Id: <A3BBFF1F-11FB-41F8-9E5E-D7C5E9C34CAF@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_42569CB8-9B5B-43B2-A57B-15EC50EA73DE"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 07 Nov 2019 19:10:03 +0000
In-Reply-To: <CAPDSy+6Ls0DLgN+-Ju5Zr+56wgqgq_PUj+2kkhwcAhhYUC3dCA@mail.gmail.com>
Cc: Mirja Kühlewind <mirja.kuehlewind@ericsson.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Joe Touch <touch@strayalpha.com>, tsvwg IETF list <tsvwg@ietf.org>, "saag@ietf.org" <saag@ietf.org>
To: David Schinazi <dschinazi.ietf@gmail.com>
References: <67CE4313-A4C2-4CC7-972E-CB465D47B7FE@ericsson.com> <998B7C3E-54D8-40AC-BF91-901390CF70C5@strayalpha.com> <CAPDSy+5rvaXgEGZ7_V4pRdmBss7Hf1XmaGbiXGZceQu9hjjRTQ@mail.gmail.com> <9687A3AC-870A-46E1-BD2A-7041410CFF75@ericsson.com> <CAPDSy+6Ls0DLgN+-Ju5Zr+56wgqgq_PUj+2kkhwcAhhYUC3dCA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 14
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/SkncN6rVDq3nvd1vU1LFsap017U>
Subject: Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 19:10:19 -0000

David,

I don’t know what Mirja thinks is the desired outcome, but my intent – as an author of the draft – is that you think about the issues raised and how they relate to your protocol, then make an informed decision about what parts of the headers to protect and what parts it might make sense to expose.

And, to be explicit, if you think about the issues discussed in the draft and then decide to encrypt all the transport layer headers, that’s fine by me. 

Colin


> On 6 Nov 2019, at 17:52, David Schinazi <dschinazi.ietf@gmail.com> wrote:
> 
> Hi Mirja,
> 
> Perhaps I misunderstood the document. The draft makes a lists
> of issues that arise when you encrypt transport headers, then
> concludes with a call to action to take these issues into
> consideration. In your reading, what is the desired outcome of
> this document? As a protocol designer, what do you expect me
> to do differently when I design my next protocol after reading this
> document? The tone seems to imply that I should leave some
> headers unencrypted in order "to ensure network operators,
> researchers and other stakeholders have appropriate tools to
> manage their networks". If this is not the intent of this draft, then
> what is it? What exact outcome or we hoping for?
> 
> Thanks,
> David
> 
> 
> On Tue, Nov 5, 2019 at 11:14 PM Mirja Kuehlewind <mirja.kuehlewind@ericsson..com <mailto:mirja.kuehlewind@ericsson.com>> wrote:
> Hi David,
> 
> This document is not intended to discourage header encryption but to make sure that operational considerations are taken into account when exactly design new protocols that should have header encryption (as well as payload encryption). If you think this document discourages header encryption, we need to fix that. Would be helpful if you could indicate to the authors where you think this is the case.
> 
> Mirja
> 
> 
> Am 05.11.2019 um 23:10 schrieb David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>>:
> 
>> I also oppose publication of draft-ietf-tsvwg-transport-encrypt. This document discourages transport header encryption and publishing it could harm future protocol development.
>> 
>> David
>> 
>> On Tue, Nov 5, 2019 at 1:04 PM Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> wrote:
>> 
>> 
>> > On Nov 5, 2019, at 12:35 PM, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org <mailto:40ericsson.com@dmarc.ietf.org>> wrote:
>> > 
>> > What I’m hearing is that 2-3 people think this is not aligned but don’t actually say why exactly they think that
>> 
>> That’s not what we’re saying. We gave reasons. 
>> 
>> Joe 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 
Colin Perkins
https://csperkins.org/