Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

Tom Herbert <tom@herbertland.com> Mon, 23 March 2020 23:11 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24D63A0EEF for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 16:11:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVbtxdDgN3_E for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 16:11:46 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D08C3A0EEC for <tsvwg@ietf.org>; Mon, 23 Mar 2020 16:11:46 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id w26so12073110edu.7 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 16:11:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Y2PVpJDQre5puXgf8rI91HtfyyL5z+zurVddKqGJCF4=; b=DpJD9jKeGSQOpW6V050dyzhjo9hPf4rYu0tcfJw3rATgCYjHvvMrcwi3C5MOwCytoA fG+emJ1HkdwWTQDCIk5zGim9af81TLTAhB0cD32rQD/qdE7JbfOGIT3FExx+fvvzvwFv tgM3Ne+xqZX+DQF7Ih7DNvOCiwwK1pSc8Pe2WRUzCaveRbPVhPxcLLLT1DZB9a2yqiIK /C+yQnVtidOsIdxe3BTblirIZ6EVfKrP9N6s1SLrCFVFw1KhY8pB2dTkoWabtZWY3hM2 wxKxzE+gNtYRtWuHyyiIAwiMaPH38IaL1T/f3BvWT5Dbfj1h5dJsfA9821XElmcnoazs Z9rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Y2PVpJDQre5puXgf8rI91HtfyyL5z+zurVddKqGJCF4=; b=pvGFoBUk9V/3P0xLlNTA1yQ/ldQRDfS0xqrM6iuWNr2GiTIwhc3DO+yIRHS9SZ0GBL vMTEW9EcIbHLLgE3ZY8t/tJamRWMZb1nKLHami4/Dgr1HRzyNWzPO7dvB60dKGmyrY+A PyVa9WHvNwbvulZaXTBtcnmzHVHiZE22qJoFgPQAAxiL3mqhnP2jdqUFXZfapk+2IXEM PXmuwxTj5s/UGJ2+OY1JSkPvc8g3drHGWKRaX6F2PJlcgYEwiwV8hZ4uHefQGEbcdo4l Y85wBZ7/o/STv7OhC3pXIIkIwI5RjvxOdelnDrwOCDZD2SSs+dIPn33z/VVwHGO7I1nn /AzA==
X-Gm-Message-State: ANhLgQ2/yOnfBrrZVKcjBsCgkYOE/WN7zdzrIUqIGhBd0X51A+sFnfOk RXy7ivqMFgVechGpUsw04IVwiobtiyS/dm1p7uNngg==
X-Google-Smtp-Source: ADFU+vtlpKZG6L3lyknqlChoAVWhE8CKVNFyml5m+FpE/R+1aFicbpzjtv/w2z6cSupDZAtG9DNyMl7RDRWpVX8/aA0=
X-Received: by 2002:a17:906:a28d:: with SMTP id i13mr9475117ejz.166.1585005104718; Mon, 23 Mar 2020 16:11:44 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 23 Mar 2020 16:11:33 -0700
Message-ID: <CALx6S36RvMOkmQt3x26Loz3eLjKQw7xq=dHhfKoZLnczCyW_TQ@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: Joseph Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/OcIiNzyDDjRHiIHKLJ-9p6c1sC4>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2020 23:11:49 -0000

On Mon, Mar 23, 2020 at 3:19 PM Black, David <David.Black@dell.com> wrote:
>
> [writing as draft shepherd]
>
>
>
> Point taken – would it be reasonable to rework that paragraph to observe that there should be incentives for endpoints to expose transport information, e.g., otherwise implementers may simply not bother?
>
David,

I think the draft is trying to highlight the benefits of exposed
transport layer information, and presumably the opportunity to reap
those is the incentive to expose the information. I believe that those
benefits are real. The problem is that all the benefits of exposed
transport layer information are anecdotal and general. As I type this
email, which I assume is sent over TCP, I cannot tell you if I'm
getting any benefit from TCP having plaintext headers. Maybe I'm
personally benefiting, maybe I'm not, I don't know. If the exposure
was innocuous it wouldn't matter, but it has not been established that
exposure of transport layer information is not a privacy or security
risk. Unfortunately, all this degenerates to the only real incentive
for exposing transport layer information is that if we don't expose it
then the network may our drop packets.

Tom

>
>
> Thanks, --David
>
>
>
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> Sent: Monday, March 23, 2020 11:20 AM
> To: Tom Herbert
> Cc: tsvwg
> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
>
>
>
> [EXTERNAL EMAIL]
>
>
>
>
>
> On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
>
>
>
> Fundamentally, transport layer is end-to-end information. There is no
> contract between end hosts and the network that hosts have to be
> honest or correct in setting information in the transport layer-- the
> only contract is between the endpoints.
>
>
>
> +1
>
>
>
> Another point worth mentioning:
>
>
>
> - if endpoints can lie or mislead about transport info to get their way, they can, will, and IMO *SHOULD*.
>
>
>
> That goes for using port 53 for nearly anything anyone wants to. Transport info isn’t there to make things nice for network operators - that’s what the network layer is for.
>
>
>
> Oh, yeah, I know - network operators don’t want “heavy” stuff in *their* headers because it slows them down when they don’t want it. Too bad, IMO. If they want the info, they need to deal with the pain.
>
>
>
> Joe