Re: [tcpm] Secdir last call review of draft-ietf-tcpm-rfc793bis-24

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 08 September 2021 15:55 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43CBF3A2D1B for <tcpm@ietfa.amsl.com>; Wed, 8 Sep 2021 08:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKEpJQKkXznq for <tcpm@ietfa.amsl.com>; Wed, 8 Sep 2021 08:55:52 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 455353A2D00 for <tcpm@ietf.org>; Wed, 8 Sep 2021 08:55:51 -0700 (PDT)
Received: from GF-MBP-2.lan (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 7F7BA1B00193; Wed, 8 Sep 2021 16:55:45 +0100 (BST)
To: Kyle Rose <krose@krose.org>, Wesley Eddy <wes@mti-systems.com>
Cc: tcpm IETF list <tcpm@ietf.org>
References: <CAJU8_nXi5=6MD9cvGkd3E3xvF3o=JeR4xw4+x5NphTQxstYGbw@mail.gmail.com> <D00D6D29-226C-4C2D-85D2-D133FAF5E27A@erg.abdn.ac.uk> <64c81d66-a566-cc92-cfb0-61302ec2fabb@mti-systems.com> <CAJU8_nXn41btL6FY_e_BfC1rrN-WfNo6wJ8p+YRSExjikiBZsg@mail.gmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <99a37672-8b4d-a51e-31ae-6620f9f20a0d@erg.abdn.ac.uk>
Date: Wed, 8 Sep 2021 16:55:44 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <CAJU8_nXn41btL6FY_e_BfC1rrN-WfNo6wJ8p+YRSExjikiBZsg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------4B640CC7201B57A5EA3AEBDE"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/kBFuXAGgYGuoLQn-PZdOGXNqEOo>
Subject: Re: [tcpm] Secdir last call review of draft-ietf-tcpm-rfc793bis-24
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 15:55:57 -0000

On 08/09/2021 15:52, Kyle Rose wrote:
> The concern here is broader than security/privacy considerations: 
> while exposing data unnecessarily to the network does create such 
> concerns, your proposed text doesn't touch on the problem of protocol 
> ossification, which is orthogonal to privacy even if it can be 
> mitigated by many of the same mechanisms.
>
> Kyle
>
Kyle,

RFC9065 might bring some context, when it concluded:

      "Unencrypted transport header fields are likely to ossify rapidly,
       as network devices come to rely on their presence, making it
       difficult to change the transport in future.  This argues that the
       choice to expose information to the network is made deliberately
       and with care, since it is essentially defining a stable interface
       between the transport and the network. Some protocols will want
       to make that interface as limited as possible; other protocols
       might find value in exposing certain information to signal to the
       network or in allowing the network to change certain header fields
       as signals to the transport.  The visible wire image of a protocol
       should be explicitly designed."

My point was that to some extent, ossification - in as much as the wire
image is visible and usable by middleboxes, was a design decision made
when TCP was defined. Many of the methods defined in the PILC WG for
various types of subnetworks also utilised these features.
Connection-tracking firewalls have been around for decades, and rely on
this, etc. This isn't/wasn't a bug, although not making it clear what
middleboxes should do might have been an oversight.
Different design decisions were made for RTP/UDP and QUIC and others,
with different implications.

Gorry

> On Tue, Sep 7, 2021 at 11:37 PM Wesley Eddy <wes@mti-systems.com 
> <mailto:wes@mti-systems.com>> wrote:
>
>     Hopefully wrapping this thread up ... I've just posted a -25
>     revision that contains a new paragraph which I think now has
>     references to all of the mentioned documents.
>
>         The concept of a protocol's "wire image" is described in RFC 8546
>         [54], which describes how TCP's cleartext headers expose more
>         metadata to nodes on the path than is strictly required to route the
>         packets to their destination.  On-path adversaries may be able to
>         leverage this metadata.  Lessons learned in this respect from TCP
>         have been applied in the design of newer transports like QUIC [58].
>         Additionally, based partly on experiences with TCP and its
>         extensions, there are considerations that might be applicable for
>         future TCP extensions and other transports that the IETF has
>         documented in RFC 9065 [59], along with IAB recommendations in RFC
>         8558 [56] and [66].
>
>     (where [66] is the IAB use-it-or-lose-it I-D)
>
>     I think this should be good for Martin to move ahead with it if
>     captures the right sense of what everyone has been suggesting to add.
>