Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, -> logging

["Lubashev, Igor" <ilubashe@akamai.com>]

> From: Joe Touch <touch@strayalpha.com> on Sunday, October 13, 2019 12:00 AM
>
> Hi, Gorry,
>
>> On Oct 12, 2019, at 12:48 AM, Gorry Fairhurst <gorry@erg.abdn.ac.uk<mailto:gorry@erg.abdn.ac.uk>> wrote:
>>
>> I'm intrigued by how far we can understand opportunities for open client logs to replace pcap dumps, and would like to delve a little deeper into what we understand - there seem many possible actors and that may be interesting to look at a few viewpoints:
>>
>> * a user of a transport protocol (e.g., understanding cost/benefit of feature choices);
>
> There’s only one viewpoint that drives this conversation. It’s the user’s.
>
> If the user wants to encrypt, that’s their prerogative. We should not be recommending or assuming otherwise,

Most users would likely say that they want Internet that is as fast as possible (low latency/high throughput), very reliable, secure (passwords and emails are safe from peeping toms) and reasonably private. Different people will make different trade-offs between the above, especially about the degree of privacy vs performance and reliability.

I see this draft to be about the trade-off between benefits of an attempts at extreme privacy at a single layer and the effects of these design choices on performance and reliability of the Internet.

>> * a service provider (e.g., trying to understand performance impairments in the network);
>
> They should never need to look at others’ transport headers to do this.

What else should they look at?  They have to look at packets flowing via their networks and make sense of what’s going – both proactively in terms of monitoring QoS that their customers are getting and reactively in terms of troubleshooting specific issues.  AOM only works within a single network (when it works) and does not help at all with identifying problems and narrowing down responsibility for a problem upstream or downstream from own network.

<snip>

>> * researchers/equipment developers seeking to correlate/tune transport timing with network policies (e.g., interactions between congestion control and link scheduling);
>
> And if we’re part of their experiment, it needs to be by opt-in and with full understanding of what data they use and how they use it.

We should add “network operators” to the list of entities trying to tune network policies.  Users expect their ISPs (and their upstreams) to do traffic engineering (including running experiments) to improve their network performance/reliability. Browser vendors and server operators do the same all the time.  No opt-in expected/required.  As Christian points out elsewhere, it is no easy task in the face of diverse and sometimes selfish players, but that’s the Internet we have. Everyone has to be able to keep optimizing their part of the Internet ecosystem or users’ experience will suffer.

<snip>

> The doc currently states, in that area (sec 6) largely as somewhat of a conclusion:
>
>   The choice of whether future transport protocols encrypt their
>   protocol headers needs to be taken based not solely on security and
>   privacy considerations, but also taking into account the impact on
>   operations, standards and research.
>
> That, in a nutshell, is the problem.
>
> NO. Security does NOT need to “take into account” the impact on the supposed “rights” of others to make our traffic part of an experiment.

It is, indeed, very hard to compromise on security “a little bit” and still have much of any security left.  There are many aspects to privacy (which sites you visit, when you go online, where you are located – geo-location/ISP/city/country, which devices you use, who else uses your devices, what bandwidth cap you have, are you on a lan or wifi, how many devices you have at home, etc).  It is reasonable to discuss a balance of performance/reliability and degrees of privacy afforded by a general-purpose transport. Users who need extreme privacy already know to use specialized transports like TOR/VPNs/etc (and use specialized measures to protect their privacy on other layers).

I think it is unfortunate that security is even mentioned in this draft. Header encryption is not about security; it is about privacy and protocol ossification resistance.


  *   Igor

> Joe
>>Gorry


On 09/10/2019, 15:32, Christian Huitema wrote:


As the draft mentions:

   The use of transport layer authentication and encryption exposes a
   tussle between middlebox vendors, operators, applications developers
   and users

Much of the draft reads like a lamentation of the horrible consequences of encrypting transport headers, which looks very much like embracing the point of view of the middlebox vendors. Expressing that point of view is of course fine, and it might be enough to change the title, abstract and introduction to reflect that this is an opinion piece. But as a transport working group document I would like something a bit more balanced. It should spend more time acknowledging the ossification and privacy issues. It should ideally lay the ground work for alternative management solutions, such as controlled exposure like the spin bit in QUIC, IP header information, or standardized logs like the QLOG effort.

-- Christian Huitema


On 10/8/2019 2:08 PM, Black, David wrote:


FYI – some OPS area and SEC area eyes on this TSVWG draft now (during WGLC) would be a good thing ;-).

Thanks, --David (TSVWG co-chair)

*From:* Black, David <david.black@emc.com<mailto:david.black@emc.com>>
*Sent:* Tuesday, October 8, 2019 5:06 PM
*To:* tsvwg@ietf.org<mailto:tsvwg@ietf.org>
*Cc:* Black, David
*Subject:* WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

This email announces a TSVWG Working Group Last Call (WGLC) on:

The Impact of Transport Header Confidentiality on Network Operation and

                      Evolution of the Internet

                draft-ietf-tsvwg-transport-encrypt-08

https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dtsvwg-2Dtransport-2Dencrypt_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=Djn3bQ5uNJDPM_2skfL3rW1tzcIxyjUZdn_m55KPmlo&m=HduWXlNCmvkQ42KzIrfSRc8yuu5e4n6FRGCSP2KvqnY&s=4lneLr-2pNpCj281Rh3n0bRTCIG65oeyvN0gNwOC1kI&e=>

This draft is intended to become an Informational RFC.

This WGLC will run through the end of the day on Wednesday, October 23.

That should allow time before the Singapore draft submission cutoff for

the authors to revise the draft with any changes that result from WGLC.

Comments should be sent to the tsvwg@ietf.org<mailto:tsvwg@ietf.org> <mailto:tsvwg@ietf.org> list, although purely

editorial comments may be sent directly to the authors. Please cc: the

WG chairs at tsvwg-chairs@ietf.org<mailto:tsvwg-chairs@ietf.org> <mailto:tsvwg-chairs@ietf.org>  if you would like the chairs to

track such editorial comments as part of the WGLC process.

No IPR disclosures have been submitted directly on this draft.

Thanks,

David, Gorry and Wes

(TSVWG Co-Chairs)