Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt

Tom Herbert <tom@herbertland.com> Tue, 05 November 2019 15:10 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E0B1200B4 for <tsvwg@ietfa.amsl.com>; Tue, 5 Nov 2019 07:10:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzmCSWSGk0f4 for <tsvwg@ietfa.amsl.com>; Tue, 5 Nov 2019 07:10:57 -0800 (PST)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FFFA1200B9 for <tsvwg@ietf.org>; Tue, 5 Nov 2019 07:10:56 -0800 (PST)
Received: by mail-ed1-x536.google.com with SMTP id f7so13326736edq.3 for <tsvwg@ietf.org>; Tue, 05 Nov 2019 07:10:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6IW5A2K/yhQoPOoskXuYiDoDQnNs4zl2Rju0/lKFA48=; b=wOxbq7GM+Ek6+LZ4+k+i97FTVohXs1bSv0NOc03ruct/ck055m/BszGCedQjwEvkPi Z6iPVxKFohtmj8YN0gjkzTC+BsOWkIK8yzQbqIjtW7t1W77xyP+kSuAUq8MXU1sG4xCl TqG8Ru/vAZMeFHhT5GygL7uir+nYtNmr+XR1KEyfB0DveoMtqncHAsnlBakpWAxCTgf4 //4VVl/l4Rvdy4XRDdctUJsxRMEjj4Gk12gTn8DDr8dyMsQC9WWLCMDLeghpxUEXzP9x cA39dlypH+/sn0u5LJEew/u+fVmjQvLr4eTfS7pJ2040X7FIV8hhDkGYvfERUO85yxz5 2Ikg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6IW5A2K/yhQoPOoskXuYiDoDQnNs4zl2Rju0/lKFA48=; b=ro0XZ198Gk3lRc9DP7CQfV8l0NJak9Gmu/TcwH0sFyHe8iC2rhRzgOBds0+XPMZF7G zLi7fnbkWvV0unNhQwv7kK4hoZDYllAYbIiV0lasTRlSKUYp25oo+k1gmIzYjwj/OIRM +KenC0eNdonHnp/0nr09KhLIBNNbygrWseYCNQbdSDkccMYWnK8YHB99UBsTi3YN9vLE OQj+eufur5J5ssaajjaR2FlnY9bVVgwtX9BqE+Dj4YyqP0En4I9ffyG9zt9efJIAyW/e 0WJby9U2ynBbPyPBsBcvTZ0EHA6PXWSGEjJ44j2KYDZur7YPv+fTo19URz24u7QeNO/o x92g==
X-Gm-Message-State: APjAAAXArscAvV4zWAe/0M6ffW0+8vCX8Cyo3xzs4Ei9hzScgeeygmAW xQSk6tECENcdE5GDHYDbq8zgfXoj5bSOxBNLSRy49A==
X-Google-Smtp-Source: APXvYqznyR9D0JkZUWee/IjIfrpEczSCks1rZC/Hu25YiSoaNHi7u7j127WzhxD68CZEX777oWUA6K7LwIuld48+jIg=
X-Received: by 2002:a50:ec83:: with SMTP id e3mr13746044edr.292.1572966655013; Tue, 05 Nov 2019 07:10:55 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBPajzuEdw8=M1g1i-TAniJ9O+H5dEMxv8c6N3tD=7mSvw@mail.gmail.com> <CALx6S35bSAa_zq=HsF-3e9qC-vRNFRu6dn+O4ak4Hi+c=Tmz5A@mail.gmail.com> <bbb870cd-033b-4a99-ba0c-fbd9c965660b@www.fastmail.com> <CALx6S36YQSX2yGaqpK7cVrGdKg1JqBpwuYPD9YxeDy3Dd_Gk8w@mail.gmail.com> <8b26fae5-0db0-48b0-859e-1a5faf6310ea@www.fastmail.com>
In-Reply-To: <8b26fae5-0db0-48b0-859e-1a5faf6310ea@www.fastmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 5 Nov 2019 07:10:44 -0800
Message-ID: <CALx6S37ooC+aVm82umcvUPnxev6qidMi27RwupajJBTTMJbqEw@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: saag@ietf.org, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/-UoI6gpu9QiQuyctr4rkd1elhrk>
Subject: Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 15:10:59 -0000

On Mon, Nov 4, 2019 at 9:09 PM Martin Thomson <mt@lowentropy.net> wrote:
>
> On Tue, Nov 5, 2019, at 15:36, Tom Herbert wrote:
> > > Please refer to draft-ietf-quic-manageability for that discussion.
> >
> > I looked at that draft. While it does mention RFC7605, the explanation
> > for how non-QUIC packets that match port 443 aren't misinterpreted
> > isn't particularly satisfying. Other than assuming port number match
> > is sufficient, the recommended approach seems to be for middleboxes to
> > track flows by handshake. But, that then requires state to be
> > maintained and implies that packets for the flow must be consistently
> > be routed through the same device (a common problem for any stateful
> > device in the network). I don't think the QUIC spin bit serves as an
> > exemplar for reliably exposing transport layer information in a
> > transport protocol that is otherwise encrypted.
>
> Yeah, not saying that this is ideal, but it's what we're handing out.  Well, some of us might, I don't think that our implementation has any intention of leaking anything at this stage.
>
> Note also that QUIC allows for migration where the new path will not see the handshake.
>
> I don't think that there is a lack of interest in this subject, just that there is no real drive toward finding e2m and m2e signaling that will be deployed.  Personally, my interests are aligned more with removing signals, not adding them.

That is happening in IPPM WG and others. Options are being defined in
extension headers for the purposes of host to network signaling.