IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt

Joseph Touch <touch@strayalpha.com> Sat, 29 February 2020 02:23 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 963C43A0983 for <tsvwg@ietfa.amsl.com>; Fri, 28 Feb 2020 18:23:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qpXs_8f2AhnB for <tsvwg@ietfa.amsl.com>; Fri, 28 Feb 2020 18:23:05 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B864B3A097E for <tsvwg@ietf.org>; Fri, 28 Feb 2020 18:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=3uD+CBUtlWyims541CBYzo0xUuBQaxZ2pU2S/mn4BFc=; b=S9y+Pu7KptaB2kHAwnCO4lyvF tUpsLH1/JEYMSMwkKKHgvZZu4VjVUxaOyVlVd9SgbXur62UTNGuniPeuE6qk8OWHij6fBa/GFkuoH APjaQhg+/70UAMXYardpaWTyMjPEs3NFmZE1KveqQVYFfyQSc5Ulq2ZGbMerGWq4nQ5pwMRgMRp1D SnLnRGMHEpYcT5QsfUAHhV4lrsHMAVP11QflWY18YgbfFdRCM5NvZyMSxp5jvxBE2pRSjx76VZFO3 25rqWNdEm7vp0tEpRL4ucZJ5MlqnqxxXf4vJVAhnT5J6BHZ1hsNlJaAz5glUJJSfEZ+C0Wh5uITJ1 mmPOxjFYA==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:59592 helo=[192.168.1.10]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1j7rmP-001GVo-Co; Fri, 28 Feb 2020 21:23:05 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_8BDA64BD-4A15-4EB9-8F99-F4E9E28476F6"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <CALx6S37KLMLGKnhPs4tfuR7zSA63SUqcL9tA+uo8RBFf+MX82Q@mail.gmail.com>
Date: Fri, 28 Feb 2020 18:23:00 -0800
Cc: tsvwg <tsvwg@ietf.org>
Message-Id: <94B9E18E-6E8E-43F7-83D4-6FAC40579ED8@strayalpha.com>
References: <CALx6S37iBDc7KxOL60=HC_QkWH06-5MU2rqrK=w+mqiKkSdc0w@mail.gmail.com> <5C993764-1D9A-4B04-A217-2B444008EBE2@strayalpha.com> <CALx6S37KLMLGKnhPs4tfuR7zSA63SUqcL9tA+uo8RBFf+MX82Q@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/N87DF5BrztgMfQ4MOj5F4FK60Gw>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Feb 2020 02:23:11 -0000


> On Feb 28, 2020, at 6:17 PM, Tom Herbert <tom@herbertland.com> wrote:
> 
> 
> 
> On Fri, Feb 28, 2020, 6:03 PM Joseph Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> wrote:
> On Feb 28, 2020, at 12:30 PM, Tom Herbert <tom@herbertland.com <mailto:tom@herbertland.com>> wrote:
> > 
> > While the draft certainly has improved both in tone and content, I
> > still feel like there is one area that is very under-represented.
> > Namely the possibility of using extension headers to carry necessary
> > transport information that the network needs. I have brought this up
> > several times, and don't believe it has been adequately addressed.
> 
> Tom, 
> 
> I thought the draft explains (IMO correctly) that the transport layer can make info available to the network layer, but that’s how it works. We shouldn’t expect that the transport header itself is available (for security and privacy reasons).
> 
> Joe,
> 
> If I understand the draft correctly, it is describing a number of use cases where intermediate nodes are extracting information directly from transport headers. When transport layer header is encrypted that ability is lost and the network can't use transport layer information to the benefit of the user. The idea of putting the necessary information elsewhere in the packet in cleartext is what HBH could provide.

Certainly - but the HBH header would be at the network layer, not transport, right? (I got the impression you were hinting at a cleartext part of the transport header for this purpose)

Joe

v2.23.0 | Report a Bug | By Email