Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 01 July 2020 13:20 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03F713A0AF7; Wed, 1 Jul 2020 06:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=H9Ps5y70; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=H9Ps5y70
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XpLq86i18fLT; Wed, 1 Jul 2020 06:20:40 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2061.outbound.protection.outlook.com [40.107.21.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BEF03A0AA4; Wed, 1 Jul 2020 06:20:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78XuLf3ib3YUQBG3g8aAWxtM/fcBu7eBwSYh/ay0sIA=; b=H9Ps5y70w5aAnlKlAWXCjcycr22HkJAQ/Qf+cno/VGulJKYskG7AGCwMqlz4TFmS6mDV31Oyb8HpNOHvn44dz8biDpvRqGjvYG5iRCJ0swi92iD2Tj8whse2gJoayoZ1iGh7DhTCYlORY52PjockD9G0aEGqM8Nmno9HgPlg64E=
Received: from DB6PR0802CA0041.eurprd08.prod.outlook.com (2603:10a6:4:a3::27) by VI1PR08MB3727.eurprd08.prod.outlook.com (2603:10a6:803:b7::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Wed, 1 Jul 2020 13:20:36 +0000
Received: from DB5EUR03FT023.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:a3:cafe::a4) by DB6PR0802CA0041.outlook.office365.com (2603:10a6:4:a3::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.20 via Frontend Transport; Wed, 1 Jul 2020 13:20:36 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT023.mail.protection.outlook.com (10.152.20.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 1 Jul 2020 13:20:36 +0000
Received: ("Tessian outbound a4b10e5b482d:v62"); Wed, 01 Jul 2020 13:20:36 +0000
X-CR-MTA-TID: 64aa7808
Received: from f91e640928f3.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 39B7EC00-81C3-4133-A840-4DA083F2AD3D.1; Wed, 01 Jul 2020 13:20:31 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f91e640928f3.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 01 Jul 2020 13:20:31 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mOvAbcO+d+V8PNtMpG8PuvHzon5k/zSINU2Kodcnety/fHWujLl6jnmJpahEApDHvKfTqDMCHodakAf4I9xC8mC7pMJg+OCCbNHqJbdUMudbztAny6EK7GhU3p57TmMz/DakFcvO9u7dYR9AX6IyDTYai3MccaDSpNaftODIJDrJcDddlZ6eX9MpnwhOeeV1ONq4kmh2jjKTispHIQW5Z9DMaBeNDFJYLAVfgcN7h4pW/QW8jHFZTcXEdrrjZlbnJVfwblf9Kox7ZP1beiDoFrgJKbY50Mm5EJHnC1Swc60zsl2nBK1ZOrMrRLkQQinbAd9/w1MeyrA81VsLSvuCdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78XuLf3ib3YUQBG3g8aAWxtM/fcBu7eBwSYh/ay0sIA=; b=M6GehTzEkC5v54hOQz5U5IBYK/4vOhVT+LtmfZnBbO3H3CmpirJgn/3k77FBsl+n10wWv9o7CVzQN1Gd1/1RGQqVkDRNHTDq978H/yw+iPyStCyPb0JirSzOORd7rEtm+n+hITdxJP80FhKbtUI7LmAU0So5jg9vJb/LFmH7ITkFRcY/x1fI+657fola5KvpQa4aydn6VjOLTORpdvp+16Dx6DiaPJx7ZITnxSpcafMHHdmG5izefKNQxwzY3XrHxPNcogLkJz64EfIsuGsmXWj92233CmdUVCdbUkRLAjau+bbY8jDVT7X5IFf7XTl3RG/X7hggPdESdaSjippoGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78XuLf3ib3YUQBG3g8aAWxtM/fcBu7eBwSYh/ay0sIA=; b=H9Ps5y70w5aAnlKlAWXCjcycr22HkJAQ/Qf+cno/VGulJKYskG7AGCwMqlz4TFmS6mDV31Oyb8HpNOHvn44dz8biDpvRqGjvYG5iRCJ0swi92iD2Tj8whse2gJoayoZ1iGh7DhTCYlORY52PjockD9G0aEGqM8Nmno9HgPlg64E=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4977.eurprd08.prod.outlook.com (2603:10a6:208:163::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.21; Wed, 1 Jul 2020 13:20:29 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3131.030; Wed, 1 Jul 2020 13:20:29 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Black, David" <David.Black@dell.com>
CC: int-area <int-area@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
Thread-Index: AdY9/kL5KQoLk/CbSKeZ9xMZ8uq3SAQe3d4AAAnHrZAAQX40gAAAU19A
Date: Wed, 1 Jul 2020 13:20:29 +0000
Message-ID: <AM0PR08MB371604E04179C212341100EEFA6C0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com> <CABcZeBM9A1RxOiHGZdBznTb7zzArG5GTQs=bhNtBy90tSXs3Pg@mail.gmail.com> <AM0PR08MB3716528B48BCF9447002B551FA6F0@AM0PR08MB3716.eurprd08.prod.outlook.com> <21886_1593608278_5EFC8856_21886_470_1_787AE7BB302AE849A7480A190F8B9330314EBA5C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <21886_1593608278_5EFC8856_21886_470_1_787AE7BB302AE849A7480A190F8B9330314EBA5C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 71cf9ee7-494e-4a40-bbc7-63e39d5a400a.1
x-checkrecipientchecked: true
Authentication-Results-Original: orange.com; dkim=none (message not signed) header.d=none;orange.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.121.249]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ba924e6f-cf52-4836-f219-08d81dc18a98
x-ms-traffictypediagnostic: AM0PR08MB4977:|VI1PR08MB3727:
X-Microsoft-Antispam-PRVS: <VI1PR08MB3727F6543C29DBC9EB4F3B47FA6C0@VI1PR08MB3727.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 04519BA941
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Fno9NV1gojHFd+XTDhGq/bPqHlu9lI0Nb6r43OQZPeF5iD+ypIz+P970wyjlsQZJyCbsAwCZtpp07WnEZ1gIQ4h5odAeHDJiZNSts1FXGxBz4/4buDkvq2jFlNTWLhHXf+ZyDpwH6lWpszRZeH4AHcaDBNDzJjZBoKEF4xpCiFEkbc4vEfTdsSIiS17fnRTzfEMSD+72a2CHIiaVWOa9n3MqYV0CWCcK3pw26kjJrYA2mb8fkpcCKuWCAZLoYrojvMXhnaXWgPyFRYIJ+UR6u/h+oZNo9+cndNRRXZdoiBBIJpJxuQXYLQWCgb2OX+HasWA0fUBuJBEXUF7GY6sgOODxwqLMjZXHkYFUlnz8Ku9vMy7Xo9GSZv8zwhLK0Qb3GClsze32fI32aWhNlmPJCA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(39860400002)(366004)(136003)(396003)(6506007)(186003)(83380400001)(166002)(86362001)(66574015)(55016002)(8936002)(8676002)(54906003)(478600001)(316002)(966005)(110136005)(33656002)(9686003)(2906002)(7696005)(26005)(4326008)(53546011)(66476007)(66556008)(71200400001)(76116006)(66446008)(64756008)(52536014)(5660300002)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 3JPFhSH+U2YkhxGr3DfWYOelJokkAfxIBXBVf5XyCaGSNpp9Ulmu2CzHfRPE0ZczoT2+e+GmWweF6DLhqDXDWI1ny7bQ79WJbxot1hdS2r9FBALOGPnGf6QLB/rPRH7XugEe52kUq1rvYSNqKi/B2eV+PlLG9B6LKC/zb3y6HGgxaH+4E4naDbTdUIiBsEK5onxxc6uTURaTxfQiXP4YiYimPegBiqXRq7+KLCpF4tUqTvPNyhaP5WT/sKQg4KI7XzPLlVnWRgDwXaXuVc0vAq3w4mqkUNKnP2fssIe4qcLyavi/YKK6PkgI7eBJ7kHCvXxzZJ0ru0BoZt/GmyjO7AJuVapqDI3HY+EyG21BMQpwxIex3OaF+AFi35/2QW1Lz/NH57jGLU7JOg7qkUVUfXd9Xq4oOyepqQdc0kVO0Zb58ePDgMpffqxSxNik3a4ONCzz5CebOBgBDWPsHnFaBqncCWoaFWySJabGW0N2bwo=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB371604E04179C212341100EEFA6C0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4977
Original-Authentication-Results: orange.com; dkim=none (message not signed) header.d=none;orange.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT023.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(346002)(396003)(39860400002)(46966005)(478600001)(450100002)(70586007)(8936002)(70206006)(54906003)(336012)(52536014)(33656002)(166002)(82310400002)(83380400001)(4326008)(966005)(9686003)(66574015)(5660300002)(86362001)(356005)(186003)(82740400003)(53546011)(7696005)(33964004)(6506007)(2906002)(47076004)(8676002)(55016002)(30864003)(316002)(81166007)(110136005)(26005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2fdf7b8e-d6e8-47f0-c6cd-08d81dc186af
X-Forefront-PRVS: 04519BA941
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 4gytnoVnYjxA66B/EnibVzzTI5S5wi9TW1vD3AfMMpByt5veDQyvLuFD1+9mfdTUyPPR6Rh+tdlga7MYgatfUH2m4VG0MN1K5k29o5D1NbchCHGU5bJXfsLKwftIRlGAAsUUOLtw1yfq5hjo+FGQSheQmUnJQ3OxU/r4RwtCBudOsZTAZT2osZqB9iieBgmI1vQ7+NBolW8FPZVwA4lmdJE27AsCUA7YC1YVil64V0pDdA31iNMB+nMLujnOcNb44tITY/SqgQtEO7VlvVnmV5yZ9WNQIyLct3S1r1gu7VETJgfVuzEyEWtXNhYGu6xPdJPJyijhUCT0nko0JwwbqWVhnUi57xKjuGBbD4CFI6B0CANPo92OOecpD83viwCnSTYcA/cgo7H/P7ZTLSfNQ7whhatzPIWw43S+wL7X6MP04ZGY9IqbW2782M+H1EHUpe4xJcXrmRgwbz4dJEhElIajzpQAVI1vKQ7ExVbvDXc=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2020 13:20:36.3968 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ba924e6f-cf52-4836-f219-08d81dc18a98
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT023.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3727
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/nfmTjEPdIZ7UUJ9qzm87HF3Q31o>
Subject: Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 13:20:44 -0000

I noticed this in various IETF discussions and so I will describe it in the abstract.

A group of people propose an idea. Those who do not like the idea are then asked to convince the original contributors that their idea is not sound or contribute text so make it look nicer.
Not only is this requiring me to spend my time on something I don’t agree with but it turns out that no discussions will change the mind of the original contributors. They just strongly believe in their ideas. They will keep proposing the same idea over and over again (for years) till it gets published as an RFC.

Ciao
Hannes

From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
Sent: Wednesday, July 1, 2020 2:58 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>om>; Black, David <David.Black@dell.com>
Cc: int-area <int-area@ietf.org>rg>; tsvwg@ietf.org; IETF SAAG <saag@ietf.org>
Subject: RE: [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Hi Hannes,

It would be helpful if you can explicit the “wrong message” you are referring to, and preferably with text from the draft conveying that message.

Thank you.

Cheers,
Med

De : Int-area [mailto:int-area-bounces@ietf.org] De la part de Hannes Tschofenig
Envoyé : mardi 30 juin 2020 07:50
À : Eric Rescorla; Black, David
Cc : int-area; tsvwg@ietf.org<mailto:tsvwg@ietf.org>; IETF SAAG
Objet : Re: [Int-area] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

I believe this document signals a wrong message to the wider Internet community. I agree that it should not be published as a consensus document.

I understand that some people are unhappy about encrypting more meta-data. This prevents them from doing things they used to do in the past, some of which they should have never done in the first place.
Improving the protection of meta-data is important and well supported by a large number of activities in the IETF (the notable exception being CoAP+OSCORE).

Ciao
Hannes


From: saag <saag-bounces@ietf.org<mailto:saag-bounces@ietf.org>> On Behalf Of Eric Rescorla
Sent: Tuesday, June 30, 2020 3:00 AM
To: Black, David <David.Black@dell.com<mailto:David.Black@dell.com>>
Cc: int-area <int-area@ietf.org<mailto:int-area@ietf.org>>; tsvwg@ietf.org<mailto:tsvwg@ietf.org>; IETF SAAG <saag@ietf.org<mailto:saag@ietf.org>>
Subject: Re: [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

>
> This 3rd WGLC is limited to the following two topics:
>
>
>     Whether or not to proceed with a request for RFC publication
>
> of the draft.   The decision on whether or not to proceed will
> be based on rough consensus of the WG, see RFC 7282.
> During the 2nd WGLC, Eric Rescorla and David Schinazi expressed
> strong views that this draft should not be published –  those
> concerns have not been resolved and are carried forward to
> this WGLC.  This email message was an attempt to summarize
> those concerns:
>
> https://mailarchive.ietf.org/arch/msg/tsvwg/i4qyY1HRqKwm0Jme9UtEb6DyhXU/
>
> Further explanation from both Eric Rescorla and David Schinazi
> is welcome and encouraged to ensure that their concerns are
> clearly understood.

Well, I'll try again, but I'm not sure that I can do better than
I have before.

For reasons that are laid out in RFC 7258, the trend in protocol
design in IETF is towards encrypting more and more. The last two
transport protocols that were designed and widely deployed (SCTP over
DTLS and QUIC) both encrypt the vast majority of the protocol
metadata. This document advertises itself as "considerations"
for design of such protocols:

   The transport protocols developed for the Internet are used across a
   wide range of paths across network segments with many different
   regulatory, commercial, and engineering considerations.  This
   document considers some of the costs and changes to network
   management and research that are implied by widespread use of
   transport protocols that encrypt their transport header information.
   It reviews the implications of developing transport protocols that
   use end-to-end encryption to provide confidentiality of their
   transport layer headers, and considers the effect of such changes on
   transport protocol design, transport protocol evolution, and network
   operations.  It also considers some anticipated implications on
   application evolution.  This provides considerations relating to the
   design of transport protocols and features where the transport
   protocol encrypts some or all of their header information.

However, as I said above, the new transport protocols that are
actually being designed already feature metadata encryption and as far
as I can tell, there is no prospective protocol new transport protocol
design project for which these issues might be live. In that context,
it's hard not to read this document with its long litany of practices
which are impacted by metadata encryption as a critique of the
decisions by SCTP/DTLS and QUIC to encrypt most of the metadata.


This impression is reinforced by the description of the actual
practices themselves, which focuses almost entirely on practices
which appear to be benignly motivated (e.g., performance monitoring,
troubleshooting, etc.) However, we also know that metadata is widely
used for practices in which the network operator is adversarial
to the user, for instance:

- Blocking traffic based on TCP port, IP address, SNI, etc.

- Performance-based traffic class discrimination

- Monitoring the user's behavior via indicia like the ones above
  or via traffic analysis (see [0])

Yes, I understand that the authors explicitly disclaim judgement on
these practices, and the document does briefly touch on the general
idea, though the "concerns...have been voiced" tends to minimize those
concerns [1] but the selection of practices to focus on is extremely
telling. Focusing on the downsides of encryption for (at least
arguably well-meaning) network players while mostly ignoring the large
class of non-benign behaviors which encryption is intended to protect
against has the effect of overemphasizing the costs of encryption to
those players and minimizing the benefits to the endpoints whom it is
intended to protect.


To be maximally clear: I don't object to this document existing
and I don't think that the opinions implicit in it are ones that
should not be expressed. I merely don't think that it should be
published as an IETF Consensus document.

-Ekr

[0] https://tools.ietf.org/html/draft-wood-pearg-website-fingerprinting-00#section-5
[1]    Another motivation stems from increased concerns about privacy and
      surveillance.  Users value the ability to protect their identity
      and location, and defend against analysis of the traffic.
      Revelations about the use of pervasive surveillance [RFC7624]
      have, to some extent, eroded trust in the service offered by
      network operators and have led to an increased use of encryption
      to avoid unwanted eavesdropping on communications.  Concerns have
      also been voiced about the addition of information to packets by
      third parties to provide analytics, customisation, advertising,
      cross-site tracking of users, to bill the customer, or to
      selectively allow or block content.  Whatever the reasons, the
      IETF is designing protocols that include transport header
      encryption (e.g., QUIC [I-D.ietf-quic-transport]) to supplement
      the already widespread payload encryption, and to further limit
      exposure of transport metadata to the network.





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.