Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 10 October 2019 08:45 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A7B12004A for <tsvwg@ietfa.amsl.com>; Thu, 10 Oct 2019 01:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHpXIsM6ON-M for <tsvwg@ietfa.amsl.com>; Thu, 10 Oct 2019 01:45:43 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id 84D60120033 for <tsvwg@ietf.org>; Thu, 10 Oct 2019 01:45:43 -0700 (PDT)
Received: from Gs-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 206951B001C2; Thu, 10 Oct 2019 09:45:39 +0100 (BST)
Message-ID: <5D9EEFB2.9080209@erg.abdn.ac.uk>
Date: Thu, 10 Oct 2019 09:45:38 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Joe Touch <touch@strayalpha.com>
CC: Christian Huitema <huitema@huitema.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <CE03DB3D7B45C245BCA0D2432779493630766752@MX307CL04.corp.emc.com> <e8c30f3f-606f-0c0d-a7dd-b2bb6f31a9fd@huitema.net> <A2F184BB-E352-4AE6-B7A0-FDF6D8851DFB@strayalpha.com> <5D9DF8E3.3020200@erg.abdn.ac.uk> <2D74F74C-C785-4AED-8390-9102FEBCC9F7@strayalpha.com> <5D9DFE77.9010504@erg.abdn.ac.uk> <7D3A8C5A-4E14-4DC1-9202-3DF573B86E98@strayalpha.com>
In-Reply-To: <7D3A8C5A-4E14-4DC1-9202-3DF573B86E98@strayalpha.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/HK1iBgEcSlq5X__SILG6r9zXnPQ>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 08:45:46 -0000

Thanks Joe for this, I'm keen to see if any of your understanding can be 
translated into a change, so I'd liek to continue this thread a little...

On 10/10/2019, 02:45, Joe Touch wrote:
>
>
>> On Oct 9, 2019, at 8:36 AM, Gorry Fairhurst <gorry@erg.abdn.ac.uk 
>> <mailto:gorry@erg.abdn.ac.uk>> wrote:
>>
>> On 09/10/2019, 16:25, Joe Touch wrote:
>>>
>>>> On Oct 9, 2019, at 8:12 AM, Gorry Fairhurst<gorry@erg.abdn.ac.uk 
>>>> <mailto:gorry@erg.abdn.ac.uk>>  wrote:
>>>>
>>>> On 09/10/2019, 15:38, Joe Touch wrote:
>>>>> +1
>>>>>
>>>>> IMO, this isn’t a “tussle” so much as “I really want to do 
>>>>> something I know I shouldn’t be doing”.
>>>>>
>>>>> A lot of what transport security prevents is - from the middlebox 
>>>>> view - a problem.
>>>>>
>>>>> For many of us users, preventing middleboxes from doing things 
>>>>> like hijacking web, email, and DNS is *exactly* the protection we 
>>>>> were seeking.
>>>>>
>>>> I do not understand this particular comment with respect to this 
>>>> document: How does "hijacking web, email, and DNS" relate to 
>>>> whether transport headers are encrypted or not? I would have 
>>>> expected a comment like this had the document been talking about 
>>>> transport payload (e.g. whether to use TLS).
>>>>
>>>> Could you point me at some text that leads you to think the 
>>>> transport header encryption impacts application hi-jacking ?
>>> The doc mentions IPsec (encryption the transport headers and 
>>> payload), TCP AO (authenticating the header and contents), and 
>>> TLS/DTLS (authenticating contents based on headers).
>>>
>>> Any of these prevent HTTP from being hijacked and redirected, e.g., 
>>> as can occur on public WiFi. IMO,
>> So, in this respect we agree - but where did the text say otherwise?
>
> It doesn’t quite, but...
>
>>> DTLS or DNS over TCP with TLS would protect against DNS hijacking.
>> Again, we agree, which text do you think needs improved.
>
> I’m sorry to say it starts with the title - the impact of security on 
> network ops and the evolution of the Internet, which starts off on the 
> assumption that “security is getting in the way”, rather than 
> “exposure of TRANSPORT information to the network is a privilege”.
>
That was not intended. The scope we were given was not to describe what 
we think must be done, but to focus on what is currently being done with 
respect to how transport information is used.

The first para explicitly says "this document strongly supports the 
increased use of encryption in transport protocols". This document is 
intended to explicitly NOT say "don't encrypt" "don't use IPsec", "don't 
use other encryption".

- It should read more like if the majority of the traffic uses headers 
encryption, then there are some implications - (e.g. This news is not 
exactly new for those running networks that heavily use IPsec..) it this 
means some people need to think and do some things differently.
> Throughout, the assumption is that the network should have access to 
> this information and/or be able to modify it, rather than that users 
> have the right to lNOT let the network have that info or change it.
>
Wait!  Where does it say "should be able to modify it" ... that was also 
NOT intended as a part of this message, and if that can be read into 
what is said, then I'd like to re-address that.
> Encryption and privacy are spoken of as “benefits” and of “interest”, 
> rather than as rights. Access to transport is spoken of necessary and 
> denial of that access a threat to providing services.
>
> IMO, this is both incorrect and inappropriate to promote as an IETF 
> position. It leads to the very behavior discussed - that development 
> of legitimate transport protocol mechanisms being hampered by 
> middleboxes that violate whatever standard or policy interferes with 
> their revenue model.
>
I suggest such "middlebox" issues are covered in RFC 8404, and this was 
not the scope of this document. I had hoped that was already clear, but 
will look again.

The intended the focus is on providing transport and using network paths 
(which some SDO's also call "transport"). Examples of inputs received 
concern:  how to debug router queuing; understand congestion/VoIP 
performance/QoS/QoE/etc; detect and predict traffic patterns; layer 2 
interactions with radio; etc.
> It’s disingenuous to present this problem as merely two competing 
> viewpoints, and it’s hard to find a single way to address this issue 
> the way the document has evolved. It reads more like a warning to the 
> rest of us not to interfere with whatever middleboxes or network 
> operators want to do.
>
> I don’t know how to fix it, but I can’t stand idly by and endorse it 
> either.
>
> Joe
Sorry to hear that. We will take any comments and try to improve the words.

Gorry