Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
Paul Vixie <paul@redbarn.org> Wed, 10 June 2020 19:00 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DF543A0FB2 for <tsvwg@ietfa.amsl.com>; Wed, 10 Jun 2020 12:00:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wm3NrlqwGlrl for <tsvwg@ietfa.amsl.com>; Wed, 10 Jun 2020 12:00:39 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 224F63A1082 for <tsvwg@ietf.org>; Wed, 10 Jun 2020 12:00:29 -0700 (PDT)
Received: from linux-9daj.localnet (dhcp-166.access.rits.tisf.net [24.104.150.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (1024 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 08C90B07D1; Wed, 10 Jun 2020 19:00:26 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: "tsvwg@ietf.org" <tsvwg@ietf.org>
Cc: Mike Bishop <mbishop@evequefou.be>
Date: Wed, 10 Jun 2020 19:00:24 +0000
Message-ID: <1676009.p4SS4celVB@linux-9daj>
Organization: none
In-Reply-To: <MN2PR22MB20937288EA97CC6713196657DA830@MN2PR22MB2093.namprd22.prod.outlook.com>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com> <63DFB8B9-83DA-445E-AB71-1486D7BA33B4@eggert.org> <MN2PR22MB20937288EA97CC6713196657DA830@MN2PR22MB2093.namprd22.prod.outlook.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Bw7eNTrcZkLPV0fTOxn4VP1vndo>
Subject: Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 19:00:50 -0000
On Wednesday, 10 June 2020 15:45:50 UTC Mike Bishop wrote: > ... > Interestingly, this includes at least one example of exactly the behavior > that’s discussed as a problem in Section 2: > A network operator can observe the headers of transport protocols > layered above UDP to understand if the datagram flows comply with > congestion control expectations. for managed secure networks in homes and businesses, unclassified traffic won't be permitted. UDP itself is a privileged protocol in those environments, allowed to pass through the outbound firewall only if the source or destination address or port or some combination. this constraint should be highlighted for all protocol designers. things like QUIC need a "hook". i know that public networks might use such a hook for the opposite purpose -- to deny what they can recognize rather than to allow what they can recognize. if that risk isn't already well enough described in the IAB's PM dictates, i have no objection to adding references or even new text to this draft to make sure this document isn't accidentally misleading. i don't agree with the restriction quoted above that it be for "congestion control expectations" although flow-aware rate limiting is one important manageability concern. for policy or legal regime reasons, a protocol which maximizes entropy such that there's no way to identify its flows so as to allow them to exit, will be less deployable and less deployed. > Dropping packets which don’t comply with the operator’s “expectations” in a > protocol they don’t understand is exactly why new protocols and evolution > of existing protocols want to limit the ability of these devices to inspect > their traffic. while true, that's unbalanced. forget about dropping packets which don't comply, and consider the networks who won't forward packets unless they comply, and who very much want the benefits of modern encrypted protocols but who cannot enjoy those benefits because they cannot identify that traffic. > On the whole, I think this document could be suitable for publication as an > Informational RFC; it provides real-world context for a trade-off that > every protocol designer needs to consider carefully. However, I don’t > believe its current state reflects, in Ekr’s words, “the IETF community's > view of the relative priority of these concerns.” the ietf community is incredibly narrow compared to the world it serves. very few of the people and companies whose future will be chosen for them by ietf work can afford the time or travel it takes to be represented. this may be an inconvenient truth, but it is my reason for considering whether this document reflects the broader view of the world's digital economy. i think it does. -- Paul
- [tsvwg] 3rd WGLC (limited-scope): draft-ietf-tsvw… Black, David
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… mohamed.boucadair
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Paul Vixie
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Mike Bishop
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Paul Vixie
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Spencer Dawkins at IETF
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Eric Rescorla
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Joseph Touch
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Black, David
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Spencer Dawkins at IETF
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Kathleen Moriarty
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Spencer Dawkins at IETF
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Joe Touch
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Rodney W. Grimes
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Mike Bishop
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Kyle Rose
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Eric Rescorla
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Roni Even
- Re: [tsvwg] [Int-area] 3rd WGLC (limited-scope): … Tom Herbert
- Re: [tsvwg] 3rd WGLC (limited-scope): draft-ietf-… Holland, Jake
- Re: [tsvwg] [Int-area] 3rd WGLC (limited-scope): … Gorry Fairhurst
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Eric Rescorla
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Christopher Wood
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Hannes Tschofenig
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Gorry Fairhurst
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Martin Thomson
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Spencer Dawkins at IETF
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Colin Perkins
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Colin Perkins
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… mohamed.boucadair
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Hannes Tschofenig
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Ruediger.Geib
- Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draf… Kyle Rose
- Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-s… Dirk.von-Hugo
- Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-s… Joseph Touch
- Re: [tsvwg] [saag] [Int-area] 3rd WGLC (limited-s… Behcet Sarikaya
- Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-s… tom petch
- Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-s… Spencer Dawkins at IETF