[tcpinc] Benoit Claise's No Objection on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)
Benoit Claise <bclaise@cisco.com> Fri, 10 November 2017 08:39 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: tcpinc@ietf.org
Delivered-To: tcpinc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A282A12EBF9; Fri, 10 Nov 2017 00:39:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benoit Claise <bclaise@cisco.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tcpinc-tcpeno@ietf.org, David Black <david.black@dell.com>, tcpinc-chairs@ietf.org, david.black@dell.com, tcpinc@ietf.org, evyncke@cisco.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.65.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151030318065.29910.2393429976619659592.idtracker@ietfa.amsl.com>
Date: Fri, 10 Nov 2017 00:39:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/qYvVpaaqSflyxXT3zvz1XYBAFNs>
Subject: [tcpinc] Benoit Claise's No Objection on draft-ietf-tcpinc-tcpeno-13: (with COMMENT)
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 08:39:41 -0000
Benoit Claise has entered the following ballot position for draft-ietf-tcpinc-tcpeno-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Nothing against the publication of this document but ... as for any experimental RFCs, we must describe the criteria for a successful experiment (evaluation)? Same remark for draft-ietf-tcpinc-tcpcrypt-09 I have seen section 9, which explains why this is experimental. It's only part of the info. Note sure that everybody has seen Eric Vyncke's OPS DIR review: The document describes an _experimental_ TCP option to negotiate at the TCP layer the use of opportunistic encryption at layer-4 for the transparent benefit of applications (which do not support TLS for example). Section 4.2 describes an 'application-aware' bit which seems to tell the other TCP party that the upper-layer are aware but to be honest the text describing this bit could really be improved. Does it allow a responder to signal that it supports TLS? Or something else? I like the idea of application giving hints to the other TCP party to avoid useless double encryption but the description of this bit is really unclear. The specification takes really care of the TCP option size by compressing a lot of the information pieces. I wonder whether allowing only 95 'TEP' (TCP encryption protocols) is not a constraint... suggestion to allow a specific TEP value signaling that the value is on 16 bits for example. This is an experimental protocol, so, we can guess that the authors will experiment around the following issues in order to improve the protocol: - Lack of authentication (and encryption without authentication has little value) even if section 5 talks about it - No wording around MSS negotiation (as encryption could potentially reduce the useful MSS) - The role of middle boxes will be important (see also section 8.1 where SLB proved to an annoyance), removing the ENO - Suggestion to also test NAT64 middle boxes I hope this helps to improve this useful proposal
- [tcpinc] Benoit Claise's No Objection on draft-ie… Benoit Claise