Re: [tcpm] Secdir last call review of draft-ietf-tcpm-rfc793bis-24

Kyle Rose <krose@krose.org> Wed, 08 September 2021 16:23 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB69A3A2DD9 for <tcpm@ietfa.amsl.com>; Wed, 8 Sep 2021 09:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NCgl6c8J-Dq for <tcpm@ietfa.amsl.com>; Wed, 8 Sep 2021 09:23:08 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70B4B3A2DD6 for <tcpm@ietf.org>; Wed, 8 Sep 2021 09:23:08 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id u9so4142149wrg.8 for <tcpm@ietf.org>; Wed, 08 Sep 2021 09:23:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fN2AM1DKuzl30istmTo/1ipKITP2/59Ko/aXARImcAc=; b=Y0eRvVZiMrOUb5bttYTNbDAjt90hWOdhJ6EZhHNC+8y5ZWU2TDbw5C4Yr2Pwjwsmyq idZPXf73zKYiAvES6JBMOufXZgH2VM4UkeQpUUR5l2/QwtgR10+1k37bJ/K0fZ9pIgui 4b665iuhJ/HTD4I1LqXHc9RsO7YuqcL6OJgaQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fN2AM1DKuzl30istmTo/1ipKITP2/59Ko/aXARImcAc=; b=HfEmQNEbbfiY33JQ/n/AUzdwjBr0JL/aZUJPhHG6YaYJ+/OLyhzgOCwZ303xT6qSRq ASnsqrX3wHTqv+P0yUANwhKjhzGlfsHRBgjtnV5ga2505d5kX084MrnRuclmB5rZ1hgC 5bU508uhOPsYXWix13/w6iqtqLPug4ruNCuZq8YqUuuX1Ltd4Fr2Cag76HH2M5cgW6pD fRKSXjLdD/Ccwr8pXtFjcA+GYL945tISZzTl2z/HsNKRcvP+l7OLLixK6iP0cjpIaX1C cQLuNFv/B8cPvZx3E46ckIL+2xymKl/mAZqoMu4GBfr0QMYTVJwOjzxq1BQj4BL0TDKb AfNw==
X-Gm-Message-State: AOAM531wneG5gIafhvOEpvaxuyZXM4ExHw9gYfuJFh3kKGV/iVnnSui3 UmvoEjubaONKV5fDkIe9dTy9J+ZSw74aUWYAvcCDzw==
X-Google-Smtp-Source: ABdhPJwzxbLPhzSd/tHIJh3JWJQIQQqED0V6Ku14dz1+bwwbyOeCAuPXNd67vh960ftj1M4+rnmIqtZYnFflwm5DQR4=
X-Received: by 2002:adf:fd51:: with SMTP id h17mr5116779wrs.178.1631118185583; Wed, 08 Sep 2021 09:23:05 -0700 (PDT)
MIME-Version: 1.0
References: <CAJU8_nXi5=6MD9cvGkd3E3xvF3o=JeR4xw4+x5NphTQxstYGbw@mail.gmail.com> <D00D6D29-226C-4C2D-85D2-D133FAF5E27A@erg.abdn.ac.uk> <64c81d66-a566-cc92-cfb0-61302ec2fabb@mti-systems.com> <CAJU8_nXn41btL6FY_e_BfC1rrN-WfNo6wJ8p+YRSExjikiBZsg@mail.gmail.com> <99a37672-8b4d-a51e-31ae-6620f9f20a0d@erg.abdn.ac.uk>
In-Reply-To: <99a37672-8b4d-a51e-31ae-6620f9f20a0d@erg.abdn.ac.uk>
From: Kyle Rose <krose@krose.org>
Date: Wed, 8 Sep 2021 12:22:54 -0400
Message-ID: <CAJU8_nXCUvf-hE39jRajTxuXua5xqsM5Lv+Y-r24yuRJpd3vzA@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: Wesley Eddy <wes@mti-systems.com>, tcpm IETF list <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000009ec5605cb7e4c12"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/zR-ZUYxIK0EJn4PKs2roJwr6PyU>
Subject: Re: [tcpm] Secdir last call review of draft-ietf-tcpm-rfc793bis-24
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 16:23:14 -0000

Right, I agree the right sentiment is expressed there: my issue is mainly
with the reference to it in the text Wes proposed being in the
security/privacy considerations section, and with no express reference to
ossification, which is an important part of the issue (as noted in 9065).
It's placement and context that I think needs augmenting. No word beginning
with "ossif" appears anywhere in draft -25. It's possible there's an
appropriate place earlier in the doc, or maybe there should be a short
"extensibility considerations" section. Or maybe I'm simply in the rough on
this, and there's no need to link this document to the wire image
ossification issue.

Kyle

On Wed, Sep 8, 2021 at 11:56 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk>
wrote:

> On 08/09/2021 15:52, Kyle Rose wrote:
>
> The concern here is broader than security/privacy considerations: while
> exposing data unnecessarily to the network does create such concerns, your
> proposed text doesn't touch on the problem of protocol ossification, which
> is orthogonal to privacy even if it can be mitigated by many of the same
> mechanisms.
>
> Kyle
>
> Kyle,
>
> RFC9065 might bring some context, when it concluded:
>
>      "Unencrypted transport header fields are likely to ossify rapidly,
>       as network devices come to rely on their presence, making it
>       difficult to change the transport in future.  This argues that the
>       choice to expose information to the network is made deliberately
>       and with care, since it is essentially defining a stable interface
>       between the transport and the network. Some protocols will want
>       to make that interface as limited as possible; other protocols
>       might find value in exposing certain information to signal to the
>       network or in allowing the network to change certain header fields
>       as signals to the transport.  The visible wire image of a protocol
>       should be explicitly designed."
>
> My point was that to some extent, ossification - in as much as the wire
> image is visible and usable by middleboxes, was a design decision made
> when TCP was defined. Many of the methods defined in the PILC WG for
> various types of subnetworks also utilised these features.
> Connection-tracking firewalls have been around for decades, and rely on
> this, etc. This isn't/wasn't a bug, although not making it clear what
> middleboxes should do might have been an oversight.
> Different design decisions were made for RTP/UDP and QUIC and others,
> with different implications.
>
> Gorry
>
> On Tue, Sep 7, 2021 at 11:37 PM Wesley Eddy <wes@mti-systems.com> wrote:
>
>> Hopefully wrapping this thread up ... I've just posted a -25 revision
>> that contains a new paragraph which I think now has references to all of
>> the mentioned documents.
>>
>>    The concept of a protocol's "wire image" is described in RFC 8546
>>    [54], which describes how TCP's cleartext headers expose more
>>    metadata to nodes on the path than is strictly required to route the
>>    packets to their destination.  On-path adversaries may be able to
>>    leverage this metadata.  Lessons learned in this respect from TCP
>>    have been applied in the design of newer transports like QUIC [58].
>>    Additionally, based partly on experiences with TCP and its
>>    extensions, there are considerations that might be applicable for
>>    future TCP extensions and other transports that the IETF has
>>    documented in RFC 9065 [59], along with IAB recommendations in RFC
>>    8558 [56] and [66].
>>
>>
>> (where [66] is the IAB use-it-or-lose-it I-D)
>>
>> I think this should be good for Martin to move ahead with it if captures
>> the right sense of what everyone has been suggesting to add.
>>
>
>