Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Fri, 08 November 2019 09:12 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 632B612080F; Fri, 8 Nov 2019 01:12:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zaDTEIikJ-gJ; Fri, 8 Nov 2019 01:12:15 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id A7562120122; Fri, 8 Nov 2019 01:12:14 -0800 (PST)
Received: from GF-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 1247F1B00081; Fri, 8 Nov 2019 09:12:06 +0000 (GMT)
Message-ID: <5DC53165.3030601@erg.abdn.ac.uk>
Date: Fri, 08 Nov 2019 09:12:05 +0000
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Colin Perkins <csp@csperkins.org>
CC: David Schinazi <dschinazi.ietf@gmail.com>, =?UTF-8?B?TWlyamEgS8O8aGxl?= =?UTF-8?B?d2luZA==?= <mirja.kuehlewind@ericsson.com>, Joe Touch <touch@strayalpha.com>, tsvwg IETF list <tsvwg@ietf.org>, "saag@ietf.org" <saag@ietf.org>
References: <67CE4313-A4C2-4CC7-972E-CB465D47B7FE@ericsson.com> <998B7C3E-54D8-40AC-BF91-901390CF70C5@strayalpha.com> <CAPDSy+5rvaXgEGZ7_V4pRdmBss7Hf1XmaGbiXGZceQu9hjjRTQ@mail.gmail.com> <9687A3AC-870A-46E1-BD2A-7041410CFF75@ericsson.com> <CAPDSy+6Ls0DLgN+-Ju5Zr+56wgqgq_PUj+2kkhwcAhhYUC3dCA@mail.gmail.com> <A3BBFF1F-11FB-41F8-9E5E-D7C5E9C34CAF@csperkins.org>
In-Reply-To: <A3BBFF1F-11FB-41F8-9E5E-D7C5E9C34CAF@csperkins.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/G6u4MnH2DFFSc7WR6qkG-SI4dZg>
Subject: Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 09:12:18 -0000

On 07/11/2019, 19:10, Colin Perkins wrote:
> David,
>
> I don’t know what Mirja thinks is the desired outcome, but my intent – 
> as an author of the draft – is that you think about the issues raised 
> and how they relate to your protocol, then make an informed decision 
> about what parts of the headers to protect and what parts it might 
> make sense to expose.
>
> And, to be explicit, if you think about the issues discussed in the 
> draft and then decide to encrypt all the transport layer headers, 
> /that’s fine by me. /
>
> Colin
>
+1.

My personal view is that this seeks to provide input to those developing 
IETF specifications to describe how they have considered PM, and, if the 
attack is relevant to the work to be published, be able to justify 
related design decisions.

Gorry

>
>> On 6 Nov 2019, at 17:52, David Schinazi <dschinazi.ietf@gmail.com 
>> <mailto:dschinazi.ietf@gmail.com>> wrote:
>>
>> Hi Mirja,
>>
>> Perhaps I misunderstood the document. The draft makes a lists
>> of issues that arise when you encrypt transport headers, then
>> concludes with a call to action to take these issues into
>> consideration. In your reading, what is the desired outcome of
>> this document? As a protocol designer, what do you expect me
>> to do differently when I design my next protocol after reading this
>> document? The tone seems to imply that I should leave some
>> headers unencrypted in order "to ensure network operators,
>> researchers and other stakeholders have appropriate tools to
>> manage their networks". If this is not the intent of this draft, then
>> what is it? What exact outcome or we hoping for?
>>
>> Thanks,
>> David
>>
>>
>> On Tue, Nov 5, 2019 at 11:14 PM Mirja Kuehlewind 
>> <mirja.kuehlewind@ericsson..com 
>> <mailto:mirja.kuehlewind@ericsson.com>> wrote:
>>
>>     Hi David,
>>
>>     This document is not intended to discourage header encryption but
>>     to make sure that operational considerations are taken into
>>     account when exactly design new protocols that should have header
>>     encryption (as well as payload encryption). If you think this
>>     document discourages header encryption, we need to fix that.
>>     Would be helpful if you could indicate to the authors where you
>>     think this is the case.
>>
>>     Mirja
>>
>>
>>     Am 05.11.2019 um 23:10 schrieb David Schinazi
>>     <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>>:
>>
>>>     I also oppose publication of draft-ietf-tsvwg-transport-encrypt.
>>>     This document discourages transport header encryption and
>>>     publishing it could harm future protocol development.
>>>
>>>     David
>>>
>>>     On Tue, Nov 5, 2019 at 1:04 PM Joe Touch <touch@strayalpha.com
>>>     <mailto:touch@strayalpha.com>> wrote:
>>>
>>>
>>>
>>>         > On Nov 5, 2019, at 12:35 PM, Mirja Kuehlewind
>>>         <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org
>>>         <mailto:40ericsson.com@dmarc.ietf.org>> wrote:
>>>         >
>>>         > What I’m hearing is that 2-3 people think this is not
>>>         aligned but don’t actually say why exactly they think that
>>>
>>>         That’s not what we’re saying. We gave reasons.
>>>
>>>         Joe
>>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org <mailto:saag@ietf.org>
>> https://www.ietf.org/mailman/listinfo/saag
>
>
>
> -- 
> Colin Perkins
> https://csperkins.org/
>
>
>
>