IETF Logo Mail Archive

Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC

Fernando Gont <fgont@si6networks.com> Sat, 13 February 2021 02:21 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE4A3A1255; Fri, 12 Feb 2021 18:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQgsyGHvxdnr; Fri, 12 Feb 2021 18:21:06 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 524D83A1220; Fri, 12 Feb 2021 18:21:03 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:4181:442:5061:d73f] (unknown [IPv6:2800:810:464:2b9:4181:442:5061:d73f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id CD2982808A6; Sat, 13 Feb 2021 02:20:59 +0000 (UTC)
To: Tom Herbert <tom@herbertland.com>
Cc: Fernando Gont <fernando@gont.com.ar>, Michael Richardson <mcr+ietf@sandelman.ca>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "saag@ietf.org" <saag@ietf.org>
References: <161257199785.16601.5458969087152796022@ietfa.amsl.com> <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar> <MN2PR19MB4045B25A78B3C0841CC8EAFE838D9@MN2PR19MB4045.namprd19.prod.outlook.com> <2fb9d724-7f8a-93cd-9045-eb3852345a9e@erg.abdn.ac.uk> <1416490d-6532-59ce-e09f-388db716af8f@si6networks.com> <CALx6S35_Rb_vUyDddaiJtt2iT2Gvev=bLs7Rip8TQ8yZppMLDQ@mail.gmail.com> <1005a57d-d24b-a71e-e977-2be84ad63695@si6networks.com> <CALx6S35U_Re0T5f9m4AbNyvv7Gk6s9UoN1wdo7_j_phSMm+2gg@mail.gmail.com> <1dcb48f6-f621-11f8-9e9a-067b65c44818@si6networks.com> <CALx6S351GUy=FJAZ1h6YYfmvJv2yGVVDma26r=Fu56bgzwhFpQ@mail.gmail.com> <16740.1613082711@localhost> <CALx6S376UeJrikyyAbdTFAYzzEMackbaxiXri897xugJJf5mMA@mail.gmail.com> <b6780de8-fc73-cb35-5f44-87907681448a@gont.com.ar> <CALx6S376vcrugJqgk1oGBsfzoGmpTnFqgzzSoiV5hzekswA5rw@mail.gmail.com> <0856c5b2-57a7-cb6f-e74b-c2d1af568c28@si6networks.com> <CALx6S35d4J4i1tRwYbv=uj2gVRudxVnsQXZTEjZdP0ADaj_YsA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <8556e4ca-39a3-7e65-d60c-0ada1412fe46@si6networks.com>
Date: Fri, 12 Feb 2021 23:07:54 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S35d4J4i1tRwYbv=uj2gVRudxVnsQXZTEjZdP0ADaj_YsA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/THd12YWTeTdzymh_GKnzQsT5ofY>
Subject: Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 02:21:09 -0000

On 12/2/21 22:53, Tom Herbert wrote:
[....]
>>> IMO, HBH is the best vehicle
>>> to express this information and there is some good work in Network
>>> tokens, FAST, and APN around this.
>>
>> RFC7872 seems to suggest otherwise.
>>
> I disagree. RFC7872 was one snapshot in time and is now coming up on
> five years since it was published; since then RFC8200 was published
> with relaxed requirements for intermediate nodes and there is a lot
> more active work on extension headers.

There's a lot of active work on EHs, yes. You can use them in limited 
domains. But you'll likely have a bitter experience otherwise.

(To share you my own: I recently replaced my IPv4-transport tunnels with 
IPv6-transport tunnels... but but some failed. Why?  Because, Linux 
employs (by default) a tunnel encapsulation limit option, which requires 
a DO header to be inserted. And such packets often get dropped)

You may get the same when trying to use ESP, too.

RFC8200 changed the processing of HBH. But there are general 
implications of EHs (in general) -- RFC8200 has changed nothing about 
that (and in fact, it couldn't have).



> Besides that, we don't need or
> expect 100% of the Internet to support EH, we can use it
> opportunistically when we know the path works (e.g. the destination is
> a server within the user's provider network that supports the
> features).

That's indeed a different scenario (a so-called "limited domain") -- 
i.e. your network, your rules.

But I believe the discussion here is about the implications on an 
Internet-wide scope.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email