Re: [tsvwg] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

<emile.stephan@orange.com> Thu, 24 October 2019 16:10 UTC

Return-Path: <emile.stephan@orange.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAF7D120965; Thu, 24 Oct 2019 09:10:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRfzqf2GIZnG; Thu, 24 Oct 2019 09:10:55 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43D90120979; Thu, 24 Oct 2019 09:10:55 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 46zXKT64zXz10GR; Thu, 24 Oct 2019 18:10:53 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.38]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 46zXKT51sgzDq7l; Thu, 24 Oct 2019 18:10:53 +0200 (CEST)
Received: from OPEXCAUBM44.corporate.adroot.infra.ftgroup ([fe80::e8a4:8bb:d7c2:f4e2]) by OPEXCAUBM5C.corporate.adroot.infra.ftgroup ([fe80::393d:418c:3f1d:991d%21]) with mapi id 14.03.0468.000; Thu, 24 Oct 2019 18:10:53 +0200
From: <emile.stephan@orange.com>
To: "Gorry Fairhurst (gorry@erg.abdn.ac.uk)" <gorry@erg.abdn.ac.uk>, tsvwg-chairs <tsvwg-chairs@ietf.org>, "Black, David" <David.Black@dell.com>
CC: "saag@ietf.org" <saag@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>, "quic@ietf.org" <quic@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "etosat@ietf.org" <etosat@ietf.org>
Thread-Topic: TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019
Thread-Index: AdV+HJIZhebOrRcXTIK6bGArgFWweQEbzmAgAfqMkPA=
Date: Thu, 24 Oct 2019 16:10:53 +0000
Message-ID: <4460_1571933453_5DB1CD0D_4460_57_4_5AE9CCAA1B4A2248AB61B4C7F0AD5FB931F030A0@OPEXCAUBM44.corporate.adroot.infra.ftgroup>
References: <CE03DB3D7B45C245BCA0D2432779493630766752@MX307CL04.corp.emc.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: multipart/alternative; boundary="_000_5AE9CCAA1B4A2248AB61B4C7F0AD5FB931F030A0OPEXCAUBM44corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Ov2ONpAMim49DlcAfD-MX2MAMA0>
Subject: Re: [tsvwg] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 16:10:59 -0000

Hi,

My view on the draft is that a section is missing.

I suggest adding a section 7 named "end-to-end interdomain OAM" to bridge iOAM and OAM of end-to-end encrypted flows. The content of the section might relies on the following:

Fast interdomain troubleshooting requires a minimal interoperability to estimate delay and packet loss.
QUIC spinbit approach is an example which supports end-to-end interdomain OAM. The signal exposed is end-to-end protected and not encrypted; its enforcement is under the control of the endpoint; its activation is limited to a small percentage of the flows.

Here are other comments on the draft. I read the draft very quickly so several ones might be inappropriate:

·         Encryption and protection should be clearly separated;

o    TCPcrypt header protection (part end-to-end encrypted, part end-to-end protected and on-path readable) mechanism ;

o    QUIC spinbit protection (end-to-end protected and on-path readable);

·         QUIC spinbit on-path troubleshooting properties : applies to interdomain;

·         DTLS on-path troubleshooting properties might be described;

·         Not sure that the draft recall transport proxies usage, like for satco;

·         Security section should highlight the privacy risk when on-path probes have to do whole packet decryption to get header information ;

Regards
Emile


De : saag [mailto:saag-bounces@ietf.org] De la part de Black, David
Envoyé : mardi 8 octobre 2019 23:09
À : saag@ietf.org; opsawg@ietf.org
Cc : tsvwg-chairs
Objet : [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

FYI - some OPS area and SEC area eyes on this TSVWG draft now (during WGLC) would be a good thing ;-).

Thanks, --David (TSVWG co-chair)

From: Black, David <david.black@emc.com>
Sent: Tuesday, October 8, 2019 5:06 PM
To: tsvwg@ietf.org
Cc: Black, David
Subject: WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019


This email announces a TSVWG Working Group Last Call (WGLC) on:



The Impact of Transport Header Confidentiality on Network Operation and

                       Evolution of the Internet

                 draft-ietf-tsvwg-transport-encrypt-08

https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/



This draft is intended to become an Informational RFC.



This WGLC will run through the end of the day on Wednesday, October 23.

That should allow time before the Singapore draft submission cutoff for

the authors to revise the draft with any changes that result from WGLC.



Comments should be sent to the tsvwg@ietf.org<mailto:tsvwg@ietf.org> list, although purely

editorial comments may be sent directly to the authors. Please cc: the

WG chairs at tsvwg-chairs@ietf.org<mailto:tsvwg-chairs@ietf.org>  if you would like the chairs to

track such editorial comments as part of the WGLC process.



No IPR disclosures have been submitted directly on this draft.



Thanks,

David, Gorry and Wes

(TSVWG Co-Chairs)


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.