Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt

<Ruediger.Geib@telekom.de> Wed, 20 February 2019 12:51 UTC

Return-Path: <Ruediger.Geib@telekom.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF7FC1286E7 for <tsvwg@ietfa.amsl.com>; Wed, 20 Feb 2019 04:51:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telekom.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSZ5F_ekeCDU for <tsvwg@ietfa.amsl.com>; Wed, 20 Feb 2019 04:51:54 -0800 (PST)
Received: from mailout21.telekom.de (MAILOUT21.telekom.de [194.25.225.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4377124408 for <tsvwg@ietf.org>; Wed, 20 Feb 2019 04:51:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1; t=1550667114; x=1582203114; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=xmtKs0MX+LJaKEgxUYOgxICt1gGNzSsaEAsaWNtI5Pk=; b=Z9Rk73m+2dErniLbIjqP+YvkJSEzTypNRyHeKUnMz3OKNi4zM+WM/X9f DWRLmARDZVSqwujFwMVPu7+BEDDsuaJY25CaTl4EN1jIBhAHNEkqVDDMT o+S6jsVQB0KCkbMztCm8h2TvjPzB+uFZEvZcsvO+vymZh+nsRwUpmJwfB j149RxKoKrOX7Gy2CB0A5uwzlPDeVVUPDB0089mYTqO/MTCEoT7mEFF97 Sfp3KiiPZdpZXfSvXHT3Xt2DRstfNXDSHc7Lk7wq9osXxgGxNHujc87yX c6fQc4EkCXLW02mLtEGAYO1HkX4e0wcK7NRDMTk/ov9dcnJUctqLS+pWc Q==;
Received: from qdezc2.de.t-internal.com ([10.171.255.37]) by MAILOUT21.dmznet.de.t-internal.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Feb 2019 13:51:51 +0100
Received: from he105653.emea1.cds.t-internal.com ([10.169.119.63]) by qde0ps.de.t-internal.com with ESMTP/TLS/AES256-SHA; 20 Feb 2019 13:51:51 +0100
Received: from HE105691.EMEA1.cds.t-internal.com (10.169.119.69) by HE105653.emea1.cds.t-internal.com (10.169.119.63) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 20 Feb 2019 13:51:51 +0100
Received: from HE104162.emea1.cds.t-internal.com (10.171.40.37) by HE105691.EMEA1.cds.t-internal.com (10.169.119.69) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 20 Feb 2019 13:51:50 +0100
Received: from GER01-LEJ-obe.outbound.protection.outlook.de (51.5.80.22) by O365mail04.telekom.de (172.30.0.231) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 20 Feb 2019 13:51:50 +0100
Received: from LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE (10.158.142.153) by LEJPR01MB0458.DEUPRD01.PROD.OUTLOOK.DE (10.158.142.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.19; Wed, 20 Feb 2019 12:51:50 +0000
Received: from LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE ([fe80::849c:7800:cb78:e940]) by LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE ([fe80::849c:7800:cb78:e940%5]) with mapi id 15.20.1622.020; Wed, 20 Feb 2019 12:51:50 +0000
From: <Ruediger.Geib@telekom.de>
To: <tom@herbertland.com>
CC: <gorry@erg.abdn.ac.uk>, <tsvwg@ietf.org>
Thread-Topic: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt
Thread-Index: AQHUyRZ5QALK2xYK3keZ6ppDOdPifKXonVUw
Date: Wed, 20 Feb 2019 12:51:50 +0000
Message-ID: <LEJPR01MB0460F9AB6E2113F4CBF246EA9C7D0@LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE>
References: <155052226474.25978.1700439564007128149@ietfa.amsl.com> <CALx6S34o08DY-v-1S59VAerwpnf3wD6puNGe-Jq90aswYdK8Xw@mail.gmail.com> <5C6C3F9C.1070601@erg.abdn.ac.uk> <CALx6S35WuRra0njfY=HOCaF8v9ampkTG612nbjKwid=CHQNumQ@mail.gmail.com> <072547E4-D84D-4313-BEEE-0CB66A3C6A1C@csperkins.org>
In-Reply-To: <072547E4-D84D-4313-BEEE-0CB66A3C6A1C@csperkins.org>
Accept-Language: en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [164.19.3.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5e7d4a3f-1967-4a25-d8b6-08d697322eaf
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:LEJPR01MB0458;
x-ms-traffictypediagnostic: LEJPR01MB0458:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <LEJPR01MB0458F7762C2ACB3B988CF59C9C7D0@LEJPR01MB0458.DEUPRD01.PROD.OUTLOOK.DE>
x-forefront-prvs: 0954EE4910
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(39850400004)(366004)(396003)(346002)(189003)(199004)(4326008)(74482002)(66066001)(33656002)(105586002)(106356001)(85202003)(97736004)(26005)(8676002)(3846002)(75402003)(305945005)(186003)(81156014)(81166006)(7736002)(14454004)(6116002)(6346003)(54906003)(93886005)(6916009)(55016002)(53936002)(8936002)(476003)(72206003)(6306002)(53546011)(102836004)(9686003)(486006)(11346002)(446003)(508600001)(68736007)(966005)(5660300002)(2906002)(14444005)(256004)(86362001)(71200400001)(71190400001)(76176011)(52396003)(66574012)(7696005)(85182001)(777600001); DIR:OUT; SFP:1101; SCL:1; SRVR:LEJPR01MB0458; H:LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: telekom.de does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Ruediger.Geib@telekom.de;
x-microsoft-exchange-diagnostics: =?utf-8?B?MTtMRUpQUjAxTUIwNDU4OzIzOi8vSFp0c09wVkpPa1ZEa0xuT3dwRjN4MjBZ?= =?utf-8?B?Sk5yTFFHdkpqU2ZvRmpMTGVYdVM3WWRVdy9VQ041Q3pWRGpTUnV1dGlFMmRL?= =?utf-8?B?WFNrL25XMHRBK01HV2VVenp4YVYrYkNQakRCT1RacjFSME9CNTllQXJYTXd3?= =?utf-8?B?dE91NGZQWTFtbit1cm50K210KzdjWWo3MTRQS1VOL3JQdlc0YlZzdG1FdDhQ?= =?utf-8?B?dS9rQ0x1NmdyNnVKbEJpU1NaREk4bmI5eE1YT0poZ0JCK0VCN0ZNMXRzT0Zx?= =?utf-8?B?d041SGtXaW1BZjBoZ3JkUTRvMzVYeFFtNlZZd3ZYSE9pWGtrRTRCZ1NxeVVK?= =?utf-8?B?cHVad0xTN0ZIMjlrODVkYkNWWnVZblI0eEwzSTBHbXVnNW1UMG1BOGt4cmM4?= =?utf-8?B?TDhsTjAwT2dPZmJibVE2aG5EZHhtL1oyU3JiQmZUdzNHTTBMeHBZT2VjUFQ2?= =?utf-8?B?M3ZINmhQMDc3bXA4dGx2VEFZbFEybWNPbDViczRzaWhDOThKZi8rWUF6dml3?= =?utf-8?B?TmtwWjNDaXpEclhteFhoTlJnQWx4RG5zYWQ0TTFrUDBWY1BaTm1mU3p1TUVz?= =?utf-8?B?b2F4Slk2RGIyamtjVEpjbVd5ZzhhL2FaczI4a3NUb0FESGJXTUpRQitEVThL?= =?utf-8?B?V2c1REtLZVZWM09icm9TRGMzNG5wUG1nM3NLRHBqQzVaY2Jjakc0c25PbkJn?= =?utf-8?B?VkhmdjlnL0J2ekZvT25lZExaVUFPeE91c1pXVURoT1o2bnVLODU1R05RNVNq?= =?utf-8?B?TnBxdjVadDVVQ2x1VXZoc2ZtNnRGeG9icXVNZUFIbldjZEFSQWFqY2NtYXFy?= =?utf-8?B?WDl0QStvdDhkR3FVQy9zRkNMS2I5OWN4bTQvODcwcW1pYzF5RGhZY0IyRTRQ?= =?utf-8?B?VzJZbUZySXUrVHBnbkdyOGVQTlFKNWYwTWJBRnN4Ykx6SGIzdUVmbEtkY1o4?= =?utf-8?B?WXFCSFczMzhKeGVIS2g4bk54RWtzUytuQUR1azQ1aTdzOG9VdEYvL2VEcUg0?= =?utf-8?B?U2NuRXMyZnV5cmFmMEMxZERPSU5mZmVXOHhVMURjU3pvS0J1Y0lCTHFhTmF0?= =?utf-8?B?c1R1K3VmMWVzam5sclpldlY2V05kNUNIeVNKVFNieEZ2ekpvbld4ZFpDd0F2?= =?utf-8?B?TzRLUy9ERkt1aWdVTGZtZ282SVVtcXQvRDRHTytNRE4yZ3Z2TEJLai9EcjBz?= =?utf-8?B?K0FUUFgxY0pDV1hacWNUSnRTTHdBV0lPVDdTOFhwcmhTYnJrOG44UGRhTytD?= =?utf-8?B?c3hoL01wRUJvMXVyOUZEZ3BUSElLODRBdFhSRFRiL0lQeGQ5MmN0d0pWclNr?= =?utf-8?B?QXZqK0V2MEdNQTQrZktuTmdQRXRQeC9ZOFQ5a2ZLbElXay91anExNXhKb3p6?= =?utf-8?B?RFF0elR0dmFPSnZwYWsvTFBMOTZxSDQrUFRQUjZIeFoxdWFub001S0ptNkRt?= =?utf-8?B?LzlIZ3UwaGJNTmJUV2JjZHdUQzRvTVJHck5nN1o2clZvME1VRitrUWVXYXk2?= =?utf-8?B?dGN3bXo3ektQNVRUMWUxUzdPUStsTXFOdzlZQ1NONkRlbDhUNnVzV0Y2VUZG?= =?utf-8?B?V0VsOU1xSlNYS3pobzVHUEtZUWRmaDFrT20xS05XLzJZVDNqSy8vc3RvUGtF?= =?utf-8?B?YTcwZVpFSlVpR0RYVG5WMmVCS1BhNThIK0NGeFFWaVd3SG5UWE1GTGlZNU9o?= =?utf-8?B?cFZGT2NuWU12UVdLSVVyYzJObDFzRVNUNXpGdVoreWc5V20vanFWbDE0U3ov?= =?utf-8?Q?NMc6QPLHNbQ4Qs+gob5rewCJ4dzPELGrnDYhA=3D?=
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: g+lRFDf56F71/7X6JFRsEdYd5YKqlppr17iSiVCX2fFfU4ZLydsQABeyF3G/Z5Pyiuw1srvKfcrbkITXr7+BJ/taPrpGbhcW/LP5K2XJpTesslD++ERc9hasI3wxiGNiiEYigxXnc40kQo8338vp2BwJMFrVAeDqqiVcJTBvwINEVc0lX3SMRl1Ai9hwjxkgGTtmoqG3RSFzxi9kSHqlczX8TkGE6Ld+btaFnxjfY1SLwjh3c8LT0xRjfL3sleyoujTifyFCXQl6HFLKP82hhu+c0tYl7xN6YzmUTT7ir1lS8k1nbwf6tLxL6H3vrV+2sH0ad/XQ6/eK/DQNo82v24YgxIKCAfSLt286DrzwXiNHFA3cdOzHN4LI1EyAAA2bKxxFxjkxNHtBohCQKtWiYhKE/9jmaXR66smVssSL21U=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e7d4a3f-1967-4a25-d8b6-08d697322eaf
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2019 12:51:50.6088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bde4dffc-4b60-4cf6-8b04-a5eeb25f5c4f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LEJPR01MB0458
X-OriginatorOrg: telekom.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/B3oKgwBq0Zp5pC1ug4qytm0nQHg>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 12:51:57 -0000

I support Colin's view. Estimation of application QoE based on lower layer QoS measurements in general benefits from transport layer information. As an example, IP layer performance measurements are insufficient to estimate streaming QoE. QoE estimation based on TCP/TLS is challenging already.  As far as I can judge, the result is that QoE monitoring solutions which are based on applications running on consumer equipment are promoted. To gain representative data, the number of involved active receivers must be sufficiently high in any network section to be monitored. 

I welcome content encryption. I personally doubt that consumer security is improved by applications on consumer devices which "call home". To me, finding a reasonable balance between commodity network provider concerns like flow QoS based QoE estimation and encryption of contents would be helpful, if security is the concern.

Regards,

Ruediger 

-----Urspr√ľngliche Nachricht-----
Von: tsvwg <tsvwg-bounces@ietf.org>; Im Auftrag von Colin Perkins
Gesendet: Mittwoch, 20. Februar 2019 13:18
An: Tom Herbert <tom@herbertland.com>;
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>;; tsvwg <tsvwg@ietf.org>;
Betreff: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt

> On 19 Feb 2019, at 18:10, Tom Herbert <tom@herbertland.com>; wrote:
…
> Conversely, the draft floats the idea of purposely not encrypting 
> certain fields of a transport header for the purposes that 
> intermediate devices can parse them. What is the deployment experience 
> of that? What transport protocols been retrofitted that do that?

Secure RTP is one example, where the payload is encrypted but the headers are left in the clear. One of the main motivations for that was to support hop-by-hop RTP/UDP/IP header compression, but it also allows middleboxes to monitor flow QoE.


--
Colin Perkins
https://csperkins.org/