IETF Logo Mail Archive

Re: [tsvwg] [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC

"Black, David" <David.Black@dell.com> Wed, 10 February 2021 22:53 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D355D3A0C2E; Wed, 10 Feb 2021 14:53:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.369
X-Spam-Level:
X-Spam-Status: No, score=-2.369 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCZYhna1b24b; Wed, 10 Feb 2021 14:53:29 -0800 (PST)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B9C93A0C87; Wed, 10 Feb 2021 14:53:28 -0800 (PST)
Received: from pps.filterd (m0170390.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11AMqSSV000601; Wed, 10 Feb 2021 17:53:26 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=0/hjQojr1Wu/tFA2fNtdF4jaDrMImEpbjC5cI/yplmQ=; b=LfJDuqS8WtzOk4lOlCawmWKIlxi1B1u7EGJh0VLx05SmsVGrD2kvYwKrCmiLgpmCuQpS S2idDalQ5z+9WHBvpTzM3OLfzfJcAfTBfnZclzF2ajGEEhM2OOF2nTKrqps2m1XKjdvH VJiJ2wHnhYfy1N95pPYe37yN61ImcwSe7dmLUExLlQUHJkxhSturm+fPmX/fkfG6Tcd7 3s2NmOKVy11ffl2EJ1qDahnlsao163zxq9OcO9GUYr5l3mai9DVD3Gr6diZ3qnMbmGaO JbU+DZYFSXtAAZGC2GSOZSZmhoInZWiD8wCbj3Hv7TWpif3MH3Sm/ccREy9/dzJ8s26u 9Q==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 36hq26y14k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 10 Feb 2021 17:53:26 -0500
Received: from pps.filterd (m0144102.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11AMk5OI098012; Wed, 10 Feb 2021 17:53:25 -0500
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2175.outbound.protection.outlook.com [104.47.56.175]) by mx0b-00154901.pphosted.com with ESMTP id 36hp91j86u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 10 Feb 2021 17:53:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j5+trsAvDhZEofI3+X7gF51S2cUfof+wuYPyhXjDexIylqPjmfO9ILTvB5IgRbNP2R4Nk1/a2BCDBqm7rXJM5GJfEyReoT7gVqPbr3u86NC90oEMUlivFihK5bTxomJK3kw7D+vDwpHFMopTqy1bbUNBA1SQNS+/CS2QlZw0J1DhSnM17XPYrvuZGORr9RFFn7O2ASFOGnCMgcnJcKc/eKvAZGdbTBHE8KYLkihkyMrWeD6ysyl6otwMcU6JpgRqJtEeJxyZRh8vxmDbt1diW7sRgXGLXla+OoAS0MdECKBvvRS/iGfNnmI4V80EhbmQ2u0w/QSTNUURNXZAFLqTYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0/hjQojr1Wu/tFA2fNtdF4jaDrMImEpbjC5cI/yplmQ=; b=HZ8Sf+9F5ljSDBJT2LY96GFGqUcwvwyvXRuNESes0QfZmu+mx0LvCznKM0eb9hlKBWMLxFpCqi+SehS8rDBQW1hnJ3y5h3SSXIwUPPLNiZva/zpchHaLP7C1WXnvV0HuRdYfm4GYCQD81Jl/5uTjnBm1aKqo2QbolEyAiSklOXzrGJbG0yMqE3movGV41hUDv2bPGdH2GaXsRDLplTKmB08gEQfw8vjAx30B8IR4uhNo7BPxsKN8tj53oCA8KoB2ck+G2VCP5MqKIHw7D5+3FYyjkrnmuLqC9WVbECa40tCuM0OUdTSLBm4XvXS2BFHgg7yxR3yyOXBGHigxuHJ8Mw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3933.namprd19.prod.outlook.com (2603:10b6:208:1e0::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.20; Wed, 10 Feb 2021 22:53:23 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::5423:2c81:dffb:f76a]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::5423:2c81:dffb:f76a%7]) with mapi id 15.20.3846.026; Wed, 10 Feb 2021 22:53:23 +0000
From: "Black, David" <David.Black@dell.com>
To: Fernando Gont <fernando@gont.com.ar>, Benjamin Kaduk <kaduk@mit.edu>, "saag@ietf.org" <saag@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
Thread-Index: AQHW/CCa+/200/fqF06+pbFziQd+z6pQ8uaAgAEHV4CAAAxS4A==
Date: Wed, 10 Feb 2021 22:53:23 +0000
Message-ID: <MN2PR19MB4045B25A78B3C0841CC8EAFE838D9@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <161257199785.16601.5458969087152796022@ietfa.amsl.com> <20210210062551.GI21@kduck.mit.edu> <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar>
In-Reply-To: <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2021-02-10T22:53:01.1037552Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_ActionId=a42433aa-3dd2-4cf4-82e7-cc05d90cfeb5; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual
authentication-results: gont.com.ar; dkim=none (message not signed) header.d=none;gont.com.ar; dmarc=none action=none header.from=dell.com;
x-originating-ip: [72.74.71.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d46d8af1-b056-41b6-6d53-08d8ce16ab48
x-ms-traffictypediagnostic: MN2PR19MB3933:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB39334B05DBB9D5B1A0B5FD43838D9@MN2PR19MB3933.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tpHe4GPCcvKhK5EyGd+sa1D/uWghtz0Y0Az/Om2DH+JInZx4uAV9y00hj+0Cl5j/hjCzK9EP0tCvHUio5SGP51wpX8Ct5A7IF4S0qC0/4baDjmiRfQj6qio7UvdOz5RRNfQ2+KTpeys4fy8vWaLvtonHnCuC1dtnUIoMuTCXWIT/HX4JYOJogl7xqXkjHm4Y7oEvYm438kRCKQoDRFZ9lmF/w2rvgAV+hec4wGkkCgq9VRMCfgZBkiyNygeOZmqtdfrip6LP2IRQozwkMYVqVqRxf75QwFWWjLiAdIl/jN9LBrpyUEIs2wGsvzNLgXWZ//3W5aBwiAggdVMNeOTNB06N/Ms8smqfBOSdCzgHj1AAZP53QR/5CdPUVpjmzXgNa3v/VmTlPbLMz0hROTTW1aFMIfEiHD0QLk40GJ4wDbUZXCXSRls73lkG+D+cH9ULHio8W+ofO38tlyoITaWVwO1o9S4DSUDCsCIugo+4TK1NCtCS7TFnXK6AhAE43oTTLzbONhiAC03ZbbRVQRARiPkyrbhtsLgSLKpx5WcLAxpHWsEcbFdL9x99qNhwio6naFS/MpRcZiZp7yD1SNJIshWkcyzOUbRQWQJXV0YDqM0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(366004)(376002)(136003)(39860400002)(71200400001)(66574015)(4326008)(64756008)(76116006)(966005)(5660300002)(66946007)(110136005)(52536014)(6506007)(478600001)(83380400001)(107886003)(8676002)(53546011)(2906002)(66476007)(86362001)(186003)(26005)(9686003)(8936002)(786003)(7696005)(66556008)(66446008)(316002)(33656002)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: UcmMtoWOHkBXlYdyBpulBq+l/IKoBYKcaByIBDyqboCdbNGOYg5ld09kXhWU9TFTOXHpQL+Apz4Au4HGOtRn9n/s5MR2M/QPkeQGOrxPwzsPTKLj54folrufupRCJuMYg4Sr5w5ayXfrhtT0yLkGxdqDtUJlPPh8NTVmAaJMupJKux27clDaaDy21B31SZmg+AZvcfiNpJgIQtnetc9WcAfquMkqOh6c4P5yR5PZndW1Wk9Y9K4auh6kynjE+c/1BV3IJ1fqdFCM2z8ocsG4Sd/JZd/kij1t12OVs7Qk2zOeFVh/TnbNWIxu6jf662aTgjMuLafETeQyzfllzA3uIrvWP6wfLDhT++xSX9K/JqWQZ5Lpecu74AnrYJEP7hkN0Y+qmInVY3oI4FeYdPeGDq88ey64g16LtQopCABylvxSaRKDiEjh19FRhiAeQg4Uk1tWHJ8aSdcFjcTW7tqJmgzf666/J+J4WEEPuyUw3rFLujPFbBbvzLLIQFCuSXutcCkqyDJW1QyJ31DHTpFJRu79DM69eHSPb2yhWODElOc2p7COEDtv/eFB18tEGKuaeWRM2k8NkWco9xnzgNstYfUUcJfQvdJLk4Cz2s2aUfhZj1UPoZPg16qGfLqcFj3tB6BQgsKXHmc5rQ1mzNR44qR1x2YX0y1mUCmEJ3Hp7565QiOlXGN4ycAB29DQ+rgye0WTraCfKP2jmasCGmxU/jt5xToxCN+Mh/2Q+ADghMiAVkXYRR2dZkrpPz3+QEY+s+wRtnBfOTPsbVOFL3CWR53FvvdsWPHihx10g/pAZmufqEXPyfkUGymnDUicv/37WRhsz43BPX/kOTiQSdIhTxeEu9RAkgCfk43NiBeBfvc5kirpoRP1Be8ZHnSwgcg0fKim6H07CvmBZpjRm2E1rKLZS5i6oqKh7q8FyR9LVIxAlpCEDmzCR3qiAifrHQxIPBizGn+Vb7vV21qW8M3L0Q8PohpbL1HEZsXFNApW5pd0QIUwfuQbxl9az0R8ACGDYcNm4G7swwVH8jJxdZM26c/VpAEtEOqbcpYJ/dzabL8iibZ4kzItgBj05o+twdXUfl2eCoYJgsyc8HLdMNuCsxX+XAfBHhMU8SCEfcSvvSr3ihwZyFGzQ8vPykcpQ9nJAgl1xEo/ijYFErUa4uMj+8tVKsXgcPc3Me8RmTt8Q/cHsqZ4ZmyiDGHTFG10xHjyhB2fTqDQWWIZGxuiAZkc7s3ZUx47OOalbiDLaFAC/69J4A9kgC/2zVkXV+P5n5mAh9EwVlHQPhU5YrGcyKcCwVe22Ofh0mWn6bspc5GDVpmY9xhI2DgQmbPZMj4eEdgM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d46d8af1-b056-41b6-6d53-08d8ce16ab48
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2021 22:53:23.0540 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zKVTGRMllC0OfFrynKkIseK8PF1CSsBTUUcFgudX1SX+pKKP41lbbMI83WomnSyHSXihOjrAWTfz5SCVnKJz+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3933
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-10_11:2021-02-10, 2021-02-10 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 bulkscore=0 mlxscore=0 phishscore=0 clxscore=1011 adultscore=0 priorityscore=1501 mlxlogscore=999 suspectscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102100198
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=0 phishscore=0 mlxscore=0 adultscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102100199
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/UcTZAWup51UUeSU1tdqJWSkea90>
Subject: Re: [tsvwg] [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 22:53:31 -0000

Adding TSVWG list, Thanks, --David

-----Original Message-----
From: saag <saag-bounces@ietf.org> On Behalf Of Fernando Gont
Sent: Wednesday, February 10, 2021 5:08 PM
To: Benjamin Kaduk; saag@ietf.org
Subject: Re: [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC


[EXTERNAL EMAIL] 

Hello, Ben,

For some reason, I failed to find the relevant email message on the last-call list :-/


Some very specific comments on some parts:

* Section 5.1:

    For example, an
    endpoint that sends an IPv6 Hop-by-Hop option [RFC8200] can provide
    explicit transport layer information that can be observed and used by
    network devices on the path.

This is not as easy as it sounds. If you convey this information in 
multiple places (e.g. the transport protocol itself (that you cannot 
see), and e.g. IPv6 options), then the two might not much -- and devices 
could e.g. enforce a security policy on contents (e.g., the info in the 
IPv6 options), that the destination endpoint might possibly e.g. ignore.


* Section 5.1:

    Protocol methods can be designed to
    probe to discover whether the specific option(s) can be used along
    the current path, enabling use on arbitrary paths.

This might be a problem of "English as a second language", but the above 
text sounds to me like you can enable use of this feature on arbitrary 
paths.... where's I'd probably argue that what you can do is to 
*disable* the feature on paths where the feature cannot be used, such 
that you may still communicate (albeit without using the aforementioned 
feature).

Another simpler fix might be s/arbitrary/specific/


At the end of the day, when it comes to new features (i.e., features 
that folks do not currently rely on), the folks operating the networks 
trump everything else.  -- same as when folks decide to tunnel things on 
e.g. UDP, but then find out they are rate limited....



Thanks,
Fernando




On 10/2/21 03:25, Benjamin Kaduk wrote:
> You may recall that this draft has a storied history, and that the results
> of the third WGLC included adding a note for the IETF LC that the IETF
> consensus (or lack thereof) is unknown and needs to be explicitly
> determined for this draft
> (https://mailarchive.ietf.org/arch/msg/saag/PQfMkaORBJRE3zkKC8UfLv8JYhU/)
> 
> -Ben
> 
> On Fri, Feb 05, 2021 at 04:39:58PM -0800, The IESG wrote:
>>
>> The IESG has received a request from the Transport Area Working Group WG
>> (tsvwg) to consider the following document: - 'Considerations around
>> Transport Header Confidentiality, Network
>>     Operations, and the Evolution of Internet Transport Protocols'
>>    <draft-ietf-tsvwg-transport-encrypt-19.txt> as Informational RFC
>>
>> The IESG plans to make a decision in the next few weeks, and solicits final
>> comments on this action. Please send substantive comments to the
>> last-call@ietf.org mailing lists by 2021-02-19. Exceptionally, comments may
>> be sent to iesg@ietf.org instead. In either case, please retain the beginning
>> of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>>     To protect user data and privacy, Internet transport protocols have
>>     supported payload encryption and authentication for some time.  Such
>>     encryption and authentication is now also starting to be applied to
>>     the transport protocol headers.  This helps avoid transport protocol
>>     ossification by middleboxes, mitigate attacks against the transport
>>     protocol, and protect metadata about the communication.  Current
>>     operational practice in some networks inspect transport header
>>     information within the network, but this is no longer possible when
>>     those transport headers are encrypted.
>>
>>     This document discusses the possible impact when network traffic uses
>>     a protocol with an encrypted transport header.  It suggests issues to
>>     consider when designing new transport protocols or features.
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/
>>
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>>
>> _______________________________________________
>> IETF-Announce mailing list
>> IETF-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-announce
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
> 


-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.30.2 | Report a Bug | By Email | System Status