IETF Logo Mail Archive

Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Paul Vixie <paul@redbarn.org> Wed, 10 June 2020 19:00 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF543A0FB2 for <tsvwg@ietfa.amsl.com>; Wed, 10 Jun 2020 12:00:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wm3NrlqwGlrl for <tsvwg@ietfa.amsl.com>; Wed, 10 Jun 2020 12:00:39 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 224F63A1082 for <tsvwg@ietf.org>; Wed, 10 Jun 2020 12:00:29 -0700 (PDT)
Received: from linux-9daj.localnet (dhcp-166.access.rits.tisf.net [24.104.150.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (1024 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 08C90B07D1; Wed, 10 Jun 2020 19:00:26 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Cc: Mike Bishop <mbishop@evequefou.be>
Date: Wed, 10 Jun 2020 19:00:24 +0000
Message-ID: <1676009.p4SS4celVB@linux-9daj>
Organization: none
In-Reply-To: <MN2PR22MB20937288EA97CC6713196657DA830@MN2PR22MB2093.namprd22.prod.outlook.com>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com> <63DFB8B9-83DA-445E-AB71-1486D7BA33B4@eggert.org> <MN2PR22MB20937288EA97CC6713196657DA830@MN2PR22MB2093.namprd22.prod.outlook.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Bw7eNTrcZkLPV0fTOxn4VP1vndo>
Subject: Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 19:00:50 -0000

On Wednesday, 10 June 2020 15:45:50 UTC Mike Bishop wrote:
> ...
> Interestingly, this includes at least one example of exactly the behavior
> that’s discussed as a problem in Section 2:
 
>       A network operator can observe the headers of transport protocols
>       layered above UDP to understand if the datagram flows comply with
>       congestion control expectations.

for managed secure networks in homes and businesses, unclassified traffic 
won't be permitted. UDP itself is a privileged protocol in those environments, 
allowed to pass through the outbound firewall only if the source or 
destination address or port or some combination. this constraint should be 
highlighted for all protocol designers. things like QUIC need a "hook".

i know that public networks might use such a hook for the opposite purpose -- 
to deny what they can recognize rather than to allow what they can recognize. 
if that risk isn't already well enough described in the IAB's PM dictates, i 
have no objection to adding references or even new text to this draft to make 
sure this document isn't accidentally misleading.

i don't agree with the restriction quoted above that it be for "congestion 
control expectations" although flow-aware rate limiting is one important 
manageability concern. for policy or legal regime reasons, a protocol which 
maximizes entropy such that there's no way to identify its flows so as to 
allow them to exit, will be less deployable and less deployed.

> Dropping packets which don’t comply with the operator’s “expectations” in a
> protocol they don’t understand is exactly why new protocols and evolution
> of existing protocols want to limit the ability of these devices to inspect
> their traffic.

while true, that's unbalanced. forget about dropping packets which don't 
comply, and consider the networks who won't forward packets unless they 
comply, and who very much want the benefits of modern encrypted protocols but 
who cannot enjoy those benefits because they cannot identify that traffic.
 
> On the whole, I think this document could be suitable for publication as an
> Informational RFC; it provides real-world context for a trade-off that
> every protocol designer needs to consider carefully.  However, I don’t
> believe its current state reflects, in Ekr’s words, “the IETF community's
> view of the relative priority of these concerns.”

the ietf community is incredibly narrow compared to the world it serves. very 
few of the people and companies whose future will be chosen for them by ietf 
work can afford the time or travel it takes to be represented. this may be an 
inconvenient truth, but it is my reason for considering whether this document 
reflects the broader view of the world's digital economy. i think it does.

-- 
Paul

v2.23.0 | Report a Bug | By Email