Re: [tsvwg] Protocol ossification in draft-ietf-tsvwg-transport-encrypt-07.txt

Colin Perkins <csp@csperkins.org> Tue, 09 July 2019 23:38 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E98C120075 for <tsvwg@ietfa.amsl.com>; Tue, 9 Jul 2019 16:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rzx34qacPyM3 for <tsvwg@ietfa.amsl.com>; Tue, 9 Jul 2019 16:38:13 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB2A8120020 for <tsvwg@ietf.org>; Tue, 9 Jul 2019 16:38:12 -0700 (PDT)
Received: from [81.187.2.149] (port=47539 helo=[192.168.0.81]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <csp@csperkins.org>) id 1hkzgV-00051e-0U; Wed, 10 Jul 2019 00:38:11 +0100
From: Colin Perkins <csp@csperkins.org>
Message-Id: <F7AD2015-17D3-48D0-9B0C-97B5E98C2610@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B09DCAC5-BD5F-413D-80A6-7F636ED392A2"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 10 Jul 2019 00:38:05 +0100
In-Reply-To: <CALx6S366rG-dVP0+EVH0hyMuycjCwX4sAfy9LPFKOiWMVGXxbA@mail.gmail.com>
Cc: Joe Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>
To: Tom Herbert <tom@herbertland.com>
References: <CALx6S36-WfCs_BW5iGQzoZHq6HBsLMyEDagkMOmg8VgvEWWeew@mail.gmail.com> <21E819F0-77A1-496C-9B3A-6EF9A8678D5D@strayalpha.com> <A74CCEBF-0BB8-4E5E-A2ED-E0F3794AF3D3@csperkins.org> <CALx6S366rG-dVP0+EVH0hyMuycjCwX4sAfy9LPFKOiWMVGXxbA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 14
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/RldFuQP1CIRQmc5ppG-8ugf0CoM>
Subject: Re: [tsvwg] Protocol ossification in draft-ietf-tsvwg-transport-encrypt-07.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 23:38:16 -0000

> On 10 Jul 2019, at 00:16, Tom Herbert <tom@herbertland.com>; wrote:
> On Tue, Jul 9, 2019 at 3:35 PM Colin Perkins <csp@csperkins.org <mailto:csp@csperkins.org>> wrote:
>> 
>> On 9 Jul 2019, at 05:35, Joe Touch <touch@strayalpha.com>; wrote:
>> 
>> On Jul 8, 2019, at 8:05 AM, Tom Herbert <tom@herbertland.com>; wrote:
>> 
>> "A reliance on the presence and semantics of specific header
>> information  leads to ossification…"
>> 
>> 
>> Relying on the semantics of a protocol header is also called a standard.
>> 
>> “...In some case this could be benign or advantageous to
>> the protocol”
>> 
>> 
>> I am dubious about any statement that protocol ossification of
>> transport layer by middleboxes is a good thing.
>> 
>> 
>> Ossification and stability are two sides of exactly the same coin.
>> 
>> It’s called ossification when the variation of a standard is no longer supported, e.g., because of middleboxes assumptions beyond that defined by the standard.
>> 
>> It’s called stability when we can rely on a set of definitions that constrain arbitrary variation in controlled ways.
>> 
>> 
>> Exactly.
>> 
>> We might choose to declare certain properties of a protocol as invariant, because we want a stable substrate on which others can build, including middlebox vendors. That is, we might choose to intentionally accept and encourage ossification, because we believe the benefits of stability for those features outweigh the benefits of flexibility.
> 
> Colin,
> 
> Who is "we" in this description? Is this is IETF or an open community
> that has diligently evaluated the effects of ossification of some
> feature and has achieved consensus that too much flexibility in a
> protocol was a mistake; or is it random vendors or network operators
> that decide what they support per their convenience or that of their
> marketing department with the side effect that the Internet is driven
> to support only the least common denominator of protocols and protocol
> functionality?

An IETF working group might decide to document such properties in the RFC describing a particular protocol. The QUIC invariants draft does this, for example. 

>> The problem is not ossification as such. It’s ossification of things that we intended to be changeable.
>> 
> Not sure I see the difference. In any case, the irony of this
> discussion is that ossification of the transport layer by middleboxes
> is precisley a major motivation driving encryption the transport
> layer. E.g. a principle of QUIC protocol design is "Beyond the obvious
> privacy benefits, encryption prevents ossification of the protocol by
> middleboxes, which can't make routing decisions based on information
> they can't understand." I doubt that a one-off statement that
> ossification could be a good thing will much effect on those building
> new transport protocols for widescale deployment. For that matter, I'm
> still doubtful that any of the purported benefits listed in the draft
> are sufficient rationale to convince any transport layer and
> application developers not to encrypt the transport layer.


I’m certainly not saying that we shouldn’t encrypt the transport layer. I am saying that encrypting the transport layer has some benefits, but also has some costs. There might be reasons to encrypt all the transport headers, but there might also be reasons to intentionally expose some information and accept that it will be ossified. There’s a trade-off, and different protocols  might make different choices here.

QUIC chooses to encrypt almost everything, for example, and that might be the right trade-off for its users. By way of contrast, when Secure RTP was being designed the working group intentionally decided to leave some of the transport headers unencrypted, because it was considered important to support hop-by-hop compression of IP/UDP/RTP headers by middleboxes. That was a conscious design choice at the time, since the group perceived a benefit from allowing those headers to be ossified.

Colin




-- 
Colin Perkins
https://csperkins.org/