IETF Logo Mail Archive

Re: [tsvwg] [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC

Tom Herbert <tom@herbertland.com> Thu, 11 February 2021 18:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66533A1823 for <tsvwg@ietfa.amsl.com>; Thu, 11 Feb 2021 10:19:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wrX5NQvvs6H for <tsvwg@ietfa.amsl.com>; Thu, 11 Feb 2021 10:18:56 -0800 (PST)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7451B3A1820 for <tsvwg@ietf.org>; Thu, 11 Feb 2021 10:18:56 -0800 (PST)
Received: by mail-ej1-x635.google.com with SMTP id bl23so11518188ejb.5 for <tsvwg@ietf.org>; Thu, 11 Feb 2021 10:18:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z9mFnEKdTD2LMHifmwkEZGNK8TKLLe2nUvSujHM4R2U=; b=Mz68MWTejFWP/lkqKKomXp3gXvT/AsG/SLEzNVUeYLGUGVJv9vRmHNG2+P6PdLyUDt bimzpWmJVLJQWLCRcoao8gf69X3bDxBvpLIqgZ/qmeb+7PaFfGS6z/7/c6nfwYdgtLZX Y7PYZ1DAuyUyo5/e5NBdvapcK3CUlBZrAah0nWuCSiSO13ejKS9gKhqCsMzZc22Uf5Vo X/XjcayWTKVOdUeQSWYv2yxzPKZNDqiq7Ae7fpNTS4q7QavTfbI2qDguDp49c6K24FqG I7/JhqLWnOM3O6r8X/IYBcuX5JiHpZKE0bNPpAoWkb0upjRBLxpcsg9RDmvHy6knzaLB tBUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z9mFnEKdTD2LMHifmwkEZGNK8TKLLe2nUvSujHM4R2U=; b=NUUjwTAQ4xggVEynNdjvseOku2yqa1Pn8P0G++IALzBA0B5CYvMiH7D6aBAhVZJ2R6 mHGz8sZ4ijEcpZK9GElvVgs2i7VtM8SJPOnHWv8fvxJ3reL6VZtmJGpRfrBQJXRNb5Yq sEfsYwptt9+xAb87KWvWDZmHE9f3C9FeHvYxirEHN03rUxYqqs/11dwqmieme/BQZY6L XwMogge7AyXN4BVSnpaRCrKJLS7f0GI0H/8aGVa1S8wfayyVvvrKTgSD068nT7cvvSm8 fBr3PkKajLG6rP1AMu1/jc93Q6KRKfAyz2uH9Do+oGNkaifKYXc8TNVgz1dm/g64OGsj 6cBQ==
X-Gm-Message-State: AOAM530jrSz0THS6nUI8O9IAkKcXWftPUHbNEJh/vYTTdHdRf5qvnSfD rDiGzZWngchcqZR+/lGP1XHnvZYNUFwbQqXfsSCItQtjM0g=
X-Google-Smtp-Source: ABdhPJzXKNk5qIbvdzcW6MqH1b404HFYTOAGLYsoVrSiGJ9b2h4MrhTNVe4sC78Ect6SYk1haa0NyXGKIaJpxPOIgms=
X-Received: by 2002:a17:906:16d0:: with SMTP id t16mr9328829ejd.259.1613067534731; Thu, 11 Feb 2021 10:18:54 -0800 (PST)
MIME-Version: 1.0
References: <161257199785.16601.5458969087152796022@ietfa.amsl.com> <20210210062551.GI21@kduck.mit.edu> <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar> <MN2PR19MB4045B25A78B3C0841CC8EAFE838D9@MN2PR19MB4045.namprd19.prod.outlook.com> <2fb9d724-7f8a-93cd-9045-eb3852345a9e@erg.abdn.ac.uk> <1416490d-6532-59ce-e09f-388db716af8f@si6networks.com>
In-Reply-To: <1416490d-6532-59ce-e09f-388db716af8f@si6networks.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 11 Feb 2021 11:18:43 -0700
Message-ID: <CALx6S35_Rb_vUyDddaiJtt2iT2Gvev=bLs7Rip8TQ8yZppMLDQ@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "Black, David" <David.Black@dell.com>, Fernando Gont <fernando@gont.com.ar>, Benjamin Kaduk <kaduk@mit.edu>, "saag@ietf.org" <saag@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/IS0M-vvdwwUYcd7unu7SBhfPqOA>
Subject: Re: [tsvwg] [saag] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 18:19:02 -0000

On Thu, Feb 11, 2021 at 10:58 AM Fernando Gont <fgont@si6networks.com> wrote:
>
> On 11/2/21 06:50, Gorry Fairhurst wrote:
> [....]
> >>
> >> Some very specific comments on some parts:
> >>
> >> * Section 5.1:
> >>
> >>      For example, an
> >>      endpoint that sends an IPv6 Hop-by-Hop option [RFC8200] can provide
> >>      explicit transport layer information that can be observed and
> >> used by
> >>      network devices on the path.
> >>
> >> This is not as easy as it sounds. If you convey this information in
> >> multiple places (e.g. the transport protocol itself (that you cannot
> >> see), and e.g. IPv6 options, then the two might not much -- and devices
> >> could e.g. enforce a security policy on contents (e.g., the info in the
> >> IPv6 options), that the destination endpoint might possibly e.g. ignore.
> >
> > This sounds similar to the case of explicitly exposing other
> > information.
>
> Yes. ANything where you have two copies of the same information, and
> different parties are likely to act on different copies, is prone to the
> same thing.
>
Fernando,

When the transport layer is encrypted, network devices would only see
the plaintext EH and that is only what that is what they can act on.
At the destination, we could try to rectify transport information in
HBH with decrypted plaintext transport headers, but I suspect that
wouldn't typically be done. The HBH information is only operationally
useful to the network, not the transport endpoints that have access to
the transport header. The only point of the end host comparing the
data would be to enforce the network's security policy, but it's not
common that end hosts actually know what the network security policies
are.

Tom

> (I guess, unless you can enforce that the two match, and have a strong
> requirement that all parties check that, and otherwise drop the packet
> -- something that in practice, many don't)
>
>
>
> > In this case, the network will make decisions on what it
> > sees or infers - without knowledge of the contents of the encrypted part
> > Would you like to propose some text to help explain this?
>
> I'd be happy to. I'll craft text and come back to you on this one.
>
>
>
>
> >> * Section 5.1:
> >>
> >>      Protocol methods can be designed to
> >>      probe to discover whether the specific option(s) can be used along
> >>      the current path, enabling use on arbitrary paths.
> >>
> >> This might be a problem of "English as a second language", but the above
> >> text sounds to me like you can enable use of this feature on arbitrary
> >> paths.... where's I'd probably argue that what you can do is to
> >> *disable* the feature on paths where the feature cannot be used, such
> >> that you may still communicate (albeit without using the aforementioned
> >> feature).
> >>
> >> Another simpler fix might be s/arbitrary/specific/
> >
> > The whole para currently reads:
> >
> >     An arbitrary path can include one or more network devices that drop
> >     packets that include a specific header or option used for this
> >     purpose (see [RFC7872]).  This could impact the proper functioning of
> >     the protocols using the path.  Protocol methods can be designed to
> >     probe to discover whether the specific option(s) can be used along
> >     the current path, enabling use on arbitrary paths.
> >
> > I think this last sentence can indeed be improved, and I suggest
> > something like:
> >
> >     Protocol methods can be designed to
> >     probe to discover whether the specific option(s) can be used along
> >     the current path, enabling or disabling their use on the path.
> >
> > Is that better?
>
> That's perfect, and indeed addressed my comment.
>
> Thanks!
>
> Regards,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>

v2.23.0 | Report a Bug | By Email