Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Christopher Wood <caw@heapingbits.net> Tue, 30 June 2020 01:35 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3479E3A0EFF for <tsvwg@ietfa.amsl.com>; Mon, 29 Jun 2020 18:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=dtM7+r7i; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HHy4UlgW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AijXGHyhZFyc for <tsvwg@ietfa.amsl.com>; Mon, 29 Jun 2020 18:35:24 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3887A3A0EFD for <tsvwg@ietf.org>; Mon, 29 Jun 2020 18:35:24 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 906EB5C006E; Mon, 29 Jun 2020 21:35:23 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Mon, 29 Jun 2020 21:35:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=wXn9pg8zbYoQgLHnSf5MR+Ye5XAMWo6 dLL+mR9GwRi8=; b=dtM7+r7iOc6nqp37+oFZjJLr+80LbQBdVu/2s14KDrOgkq7 Dexz0i5kdHZoBQnYryJwCxsVSTx3UkpiPROD+BTvB2TYe1wrxx5/80SpZVI88ZbC VRlDZ4IWVQzs4bgGTnRUext+LQCifeorHlVOntPrXSosQC4UhjNmLX2zxD9dyXdd XhiL17orlIITu7As+EIcDpL78gqyR4q1ev+8s2SxDDHYncGU2rolFDny3448MurM 9yp/VYUD4M8TK62UE+9CuESJP9hG6WLg7dvmx/bP/zvE4kMeuU3hCcRtSBI4seC9 w+F46sb7cO+nKeBMJKDlA10hxHkREx9K/UfvL2g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=wXn9pg 8zbYoQgLHnSf5MR+Ye5XAMWo6dLL+mR9GwRi8=; b=HHy4UlgWziE/sjAW5U5M31 81L+7eKp/3ZnAupVUnKp3JE/X/cv/Aqq4pYaWAx4MEyK7jB93ncPes/gXLhjs5I5 94q/w1Ar3IFcGDuP1tLfddQA91E/CUNI1xZ10K4ir9ZR5WYR+toxxz2n0FjUj2/t hq3njHqyqaIZxXacH6QNLNfb5JbtTB1w8+xbsxlUnDqBTg8gXx/TkeVsb5zl/O25 +Rgex/Rts0AXXGCRYgoZZ0GyRyMLlXaDaUXFzIsJ+U9y74/pS2ISi/EDyCIzj6q2 b4QJ3vRffqaXMkfBV6KZGamU4YDDV4JRmWz1Xw6gOJrNAcN7Nt2l/UopwpY5XD7A ==
X-ME-Sender: <xms:2pb6XkXaQbymL5u54Z3CTAJw8YNKvc5qm7A4gWROzzorbhBfMbVGTg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrvddttddggeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth eqnecuggftrfgrthhtvghrnhepleegfffgjefgleekfeevudfgjeevudfhfeehtefhffeh jeeflefhhfelteffudefnecuffhomhgrihhnpehivghtfhdrohhrghdprggtmhdrohhrgh enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgif sehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:2pb6XokJtqe4NEoJLXv1o346RW6SGVkRyPCurrjQIirNt_JgGXuQUg> <xmx:2pb6XoZ9v4SEcOfgVi65JMRJAKVcV2ENrT67iQrLXYkqJvOb9WRfBA> <xmx:2pb6XjVCusCXASBYHAvDAdJXGbCfUPVHIPOohFR4eoysIvoYkD44gg> <xmx:25b6XqxoVx7VUr9iwX3n4XCIPMUOKzJ3yRdcKJlott2ZjhEBTlfaOg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D9A133C00A1; Mon, 29 Jun 2020 21:35:22 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-576-gfe2cd66-fm-20200629.001-gfe2cd668
Mime-Version: 1.0
Message-Id: <74555802-326d-4730-9f54-50a043704a4d@www.fastmail.com>
In-Reply-To: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
Date: Mon, 29 Jun 2020 18:35:02 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "Black, David" <David.Black@dell.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/KrsBhnVwy33ueaGRx41rbAucHRU>
Subject: Re: [tsvwg] =?utf-8?q?=5Bsaag=5D_3rd_WGLC_=28limited-scope=29=3A_dra?= =?utf-8?q?ft-ietf-tsvwg-transport-encrypt-15=2C_closes_29_June_2020?=
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 01:35:30 -0000

On Mon, Jun 8, 2020, at 6:41 PM, Black, David wrote:
> This 3rd WGLC is limited to the following two topics:
>
>  1. Whether or not to proceed with a request for RFC publication
> of the draft. The decision on whether or not to proceed will be based on rough consensus of the WG, see RFC 7282.

As currently written, I'm still not sure this document is ready for publication. While many of the items in my secdir review [1] were addressed, I think the document is still somewhat misaligned with the IETF's overall view on this document. 

For example, Section 6 (on intentionally exposing information) and some of Section 7 (the impact of header encryption) seem out of phase with our general mission to "encrypt all the things." Minimally, I would expect to see some discussion of endpoint privacy here, and reasons for why an endpoint might not want to expose certain signals to the network. Section 6.3 seems to outright encourage endpoints to expose cleartext information in the name of performance. Certainly this can't be a necessary condition for performance given studies on QUIC [2] (it's not always better than TCP+TLS, though). 

In general, while I appreciate that the Conclusion narrows in on User Privacy, I would expect it to be more prominent in this document, especially one that ultimately seeks IETF consensus. As a document "about design and deployment considerations for transport protocols," I think we ought to focus more on deployment considerations for who those transport protocols actually service: the end users. I happily offer up my service in producing such text should it be desired.

Best,
Chris

[1] https://datatracker.ietf.org/doc/review-ietf-tsvwg-transport-encrypt-01-secdir-early-wood-2018-12-27/
[2] https://dl.acm.org/doi/10.1145/3131365.3131368