Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 30 June 2020 07:29 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78EA3A10EB for <tsvwg@ietfa.amsl.com>; Tue, 30 Jun 2020 00:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqsu-VdeqLYx for <tsvwg@ietfa.amsl.com>; Tue, 30 Jun 2020 00:29:54 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id E64D33A10F3 for <tsvwg@ietf.org>; Tue, 30 Jun 2020 00:29:53 -0700 (PDT)
Received: from Gs-MacBook-Pro.lan (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 924501B00320; Tue, 30 Jun 2020 08:29:48 +0100 (BST)
To: Christopher Wood <caw@heapingbits.net>, "Black, David" <David.Black@dell.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com> <74555802-326d-4730-9f54-50a043704a4d@www.fastmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <4fa1e1a7-6735-596c-4617-fd2e4c7e3b8c@erg.abdn.ac.uk>
Date: Tue, 30 Jun 2020 08:29:47 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <74555802-326d-4730-9f54-50a043704a4d@www.fastmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/35k6Yzy7MdcyCqQWA-Z6lMHMqvc>
Subject: Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 07:30:04 -0000

Thanks, see below.

On 30/06/2020 02:35, Christopher Wood wrote:
> On Mon, Jun 8, 2020, at 6:41 PM, Black, David wrote:
>> This 3rd WGLC is limited to the following two topics:
>>
>>   1. Whether or not to proceed with a request for RFC publication
>> of the draft. The decision on whether or not to proceed will be based on rough consensus of the WG, see RFC 7282.
> As currently written, I'm still not sure this document is ready for publication. While many of the items in my secdir review [1] were addressed, I think the document is still somewhat misaligned with the IETF's overall view on this document.
>
> For example, Section 6 (on intentionally exposing information) and some of Section 7 (the impact of header encryption) seem out of phase with our general mission to "encrypt all the things." Minimally, I would expect to see some discussion of endpoint privacy here, and reasons for why an endpoint might not want to expose certain signals to the network. Section 6.3 seems to outright encourage endpoints to expose cleartext information in the name of performance. Certainly this can't be a necessary condition for performance given studies on QUIC [2] (it's not always better than TCP+TLS, though).
> In general, while I appreciate that the Conclusion narrows in on User Privacy, I would expect it to be more prominent in this document, especially one that ultimately seeks IETF consensus. As a document "about design and deployment considerations for transport protocols," I think we ought to focus more on deployment considerations for who those transport protocols actually service: the end users. I happily offer up my service in producing such text should it be desired.

Your offer is appreciated. Some suggested text on these topics would be 
very welcome.

I also agree that the way section 6 finally was written would benefit 
from some privacy considerations text (and the need to protect from 
misuse of info) this could be usefully added at/after 6.3.

A few other corrections have been submitted off-list, and we would like 
to make a new revision soon.

Gorry

> Best,
> Chris
>
> [1] https://datatracker.ietf.org/doc/review-ietf-tsvwg-transport-encrypt-01-secdir-early-wood-2018-12-27/
> [2] https://dl.acm.org/doi/10.1145/3131365.3131368

-- 
G. Fairhurst, School of Engineering