Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14

"Black, David" <David.Black@dell.com> Sat, 04 April 2020 00:36 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81533A03EE for <tsvwg@ietfa.amsl.com>; Fri, 3 Apr 2020 17:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=x9UlViJT; dkim=pass (1024-bit key) header.d=dell.onmicrosoft.com header.b=RyqGLKy8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqulX9UbyGTl for <tsvwg@ietfa.amsl.com>; Fri, 3 Apr 2020 17:36:00 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D43DD3A03EC for <tsvwg@ietf.org>; Fri, 3 Apr 2020 17:36:00 -0700 (PDT)
Received: from pps.filterd (m0170390.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0340RiHm011082; Fri, 3 Apr 2020 20:35:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=unPmn71yq0MH7U8eMySxNC9gr7WuZ5n+rCe7zk6kz7M=; b=x9UlViJTGfh7XvEO+XstNJw25AL2I8gD7UqRReJJhWITqKUCJRxaDKC5K+JEL/50Ix3I 5AL6k1h4LIGyNhgM6BMXjViKaZ38/2rYblVeFG5/UFo931CtYYJqPORKFTFvLmXWQahk u6YnHD0IZCc3zl2Dw8j9oQGqFFFX78Jk1x23k/19B8VEc5CK5MgUWfB9rosKvCZ3AqWj lRznFEEGC6IqLMzs7oysl04+qa5Lx2NqBoCjPumgjBMdzb1qqx/kC/fbvdvO/9AYkr4V lfdDKa1Fnhy+wAvMPl5pHW2PahJC17kP8zIQnRB+kijAAbFdEMg85+HjErQPxnJBb5N4 cA==
Received: from mx0a-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0a-00154904.pphosted.com with ESMTP id 3021n5vnrf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 03 Apr 2020 20:35:59 -0400
Received: from pps.filterd (m0090351.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0340T1TW085461; Fri, 3 Apr 2020 20:35:59 -0400
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2108.outbound.protection.outlook.com [104.47.58.108]) by mx0b-00154901.pphosted.com with ESMTP id 3022xhhe9d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 03 Apr 2020 20:35:59 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ip+q/8gZ1Ni1oiHQcSibqClGSXi0LzJbT61qM3Lm6ucXRXNwLEvgAPaEdt4pw+Yp9+xqaD35yR1lPMlJETWPPdfrbRglZHPAtHV9FV7NwxFzITe7L+E9UI4NcYLoMmBjgixEQjfShriZ8LdELk20nHTnjAozlPvnGXudmsa1Vb1RSbw7M3iCFsiOZne6EH0NCNz79wQBp8Ky6XJXA/GRQ6wN1QltimN+qjFedn4L0DgAv/rXk2SXF1CwElvWbJy6VYKKkr3IdBivDdMJVh+aqhgKI1dweb22DH+KmKZhwcst9UoL7uFakWj/Djjp+Kpps6/9fSYZB1GanHfsnyIuyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=unPmn71yq0MH7U8eMySxNC9gr7WuZ5n+rCe7zk6kz7M=; b=B1DmE/O4Tfci1si1RElAq+KGloY0lbkeS335MBC/0ncRUcnQDbywAVH3Uzye+aeeo4phdHo6GcsYZ8W0X1UAvlKtSnPGQyvO3Ej+AJbiOX4B7oEAR1zHwbQUtKfTDzmL3EA5CcsHndGcqn7bGs2jk+M1+rRqyIDBow2EnH3g4/NJfdqPsienzNndz0HpNHwGFwmltFddvgqKH6LMGqsRvlEPy3/g7u/oJtMI6uuW8X5vMAUyyWJz24d3bilTJZl6GghAZY1YLRyCs5zbJqiAiFO9o79m35WmVYUfAbEyVN+LOYE3hNpy8tVsejBgz2Llp4S5X671iAgJS/YJfLwC/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Dell.onmicrosoft.com; s=selector1-Dell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=unPmn71yq0MH7U8eMySxNC9gr7WuZ5n+rCe7zk6kz7M=; b=RyqGLKy8P6nzQizQ6k4wM5+uSFMFnSyug53xhbCL3rxQH2nPzMP0WGoU0qjA92iicWoFJ/8JoWqhgKfQXHNmd70vAUQLXPfiU9rZdtcLzw1BEXwkCYa9ycIAFewQfT2j5QidPoIZzGD3QFXeL8salf5ajj5psetPV9jFRPEChmM=
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3101.namprd19.prod.outlook.com (2603:10b6:208:156::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Sat, 4 Apr 2020 00:35:54 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd%3]) with mapi id 15.20.2878.018; Sat, 4 Apr 2020 00:35:54 +0000
From: "Black, David" <David.Black@dell.com>
To: Tom Herbert <tom@herbertland.com>
CC: tsvwg <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
Thread-Index: AQHWCdfN95tAuqnQEUqYW+PFgtwk/qhnvS9QgABYMACAAAPy4A==
Date: Sat, 4 Apr 2020 00:35:54 +0000
Message-ID: <MN2PR19MB4045E873D0908044343F8C2283C40@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <CALx6S345Ta5LjSkZ+XmNmH8dxKnM++VRCej2iGxfdUqDc+M-Jw@mail.gmail.com> <MN2PR19MB4045652C80DB5348A5A3505F83C70@MN2PR19MB4045.namprd19.prod.outlook.com> <CALx6S36yzDTLaxUhWibZjmK5Cxu2zfzxiawFRCbVn9aPF4rs1A@mail.gmail.com>
In-Reply-To: <CALx6S36yzDTLaxUhWibZjmK5Cxu2zfzxiawFRCbVn9aPF4rs1A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2020-04-04T00:34:11.3942410Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public
x-originating-ip: [168.159.213.214]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b820a438-6b70-4e02-7e78-08d7d8302262
x-ms-traffictypediagnostic: MN2PR19MB3101:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB31012F1546095E985A07CB9983C40@MN2PR19MB3101.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03630A6A4A
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(136003)(366004)(396003)(55016002)(5660300002)(9686003)(4326008)(7696005)(86362001)(316002)(2906002)(786003)(107886003)(66476007)(76116006)(64756008)(53546011)(66556008)(6916009)(66946007)(52536014)(6506007)(66446008)(54906003)(71200400001)(81166006)(478600001)(33656002)(26005)(8936002)(186003)(8676002)(81156014); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: dell.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RPZGiw6M8xC2lcUzIG8pD7chO2vx+pKsbszqu8t1/b+E/PDjiXiTXD2YQ4RUI3S1IEtXutCb/SspaXg4I4VwcdVnkT1i31BF1BDBzVlWffXy/1xXJOjlRkTX0IS9YqtQl7IiStw/cbbh+O2wdVYKZtOW8KnSXUvqsWFh8QzX1U+tKYhDDzA424rvCb+i80nFTRQO8X54XCaFYIKp1Fd6kJ2MC/VvL+oYCciYB6A9Fcdn6iSVJ9+a4J/5DZgu/0ruXVxB5P4sswByojzZchMXnL8XU/e1QcsSBdrNGK1w4qKKra7x0BQWnGe38kmIXUcyCAlDyxtuticXM9HJNfQ5KB68PM9Nk2u46Et/psnJE4v6IJG6qHiL03b2RiUm9BX+qe1ijzb0hPKJJYy2Kqw47PGfeBiBKSsx1KCTCrbQdF/rM3MtZVnxuJFHZuZAy+va
x-ms-exchange-antispam-messagedata: PkwK+oy+b601qUmfkYmw57Kx/sNyl+rMObLzeLFY76QxnfAJ8pPKwFEM4QtisPNkg5iFdj61TFKdTHrJjWsO1JTChnQaAl1qDhWQ1JI62Xbsjvby/fUq3ZwQp3ZPmChfAU1tjmne12Oh4VpwWMhjnA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b820a438-6b70-4e02-7e78-08d7d8302262
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2020 00:35:54.1571 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1T3+Mwa9EEz6WLIUsutx7ZXLdWP8CHJGh52o0Y4ABwrsBxxbkrfBPdwKttp/J506WLQYkA+7Fobsyzh3+XbV8w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3101
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-03_19:2020-04-03, 2020-04-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 spamscore=0 malwarescore=0 mlxscore=0 bulkscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004040002
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 impostorscore=0 malwarescore=0 bulkscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1015 spamscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004040002
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hPuAaVLFBRbMTP0Ef5LcrBfzVhw>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2020 00:36:05 -0000

Tom,

Ok, 1 issue settled, 1 more to go ...

[1]
> > Suggested revised text:
> >
> >    The usefulness of this information would be enhanced if the exposed
> >    information could be verified to match the protocol's actual behavior,
> >    e.g., by observing whether the network traffic sent by the protocol
> >    is consistent with the exposed information in that traffic.
> >
> But then that would be akin to making inferences encrypted data, and
> preventing such inferences in the network is precisely one of the
> reasons the transport header is being encrypted by the end hosts.

I think that response is overdone for several reasons:

1.  A decision to expose some transport header information is a decision to allow this sort of inference from observations (sorry, there's no free lunch available here).

2.  What is being inferred is protocol functional behavior, not the specific contents of the encrypted headers that the protocol is using as part of producing that behavior, so characterizing this as somehow reversing part of the encryption is a stretch.

3.  Beyond that, if one is determined to prevent all inference of protocol functional behavior, not exposing any transport protocol information does not suffice to frustrate all traffic analysis (e.g., set a few CE marks on packets inbound to a protocol receiver that supports ECN, sit back and watch what happens).  There's been extensive security work on traffic analysis countermeasures which is (IMHO) not germane to this draft.

[2] 
> > Add this paragraph:
> >
> >    Network-layer optional headers explicitly indicate the information
> >    that is exposed, whereas more effort may be required for a network
> >    device to determine whether a packet contains a partially encrypted
> >    transport header.  A particular concern is UDP-encapsulated protocols
> >    because the UDP ports do not definitively indicate which protocol has
> >    been encapsulated, even though some protocols are the predominant
> >    usage of specific UDP destination ports (e.g., a packet sent to UDP
> >    port 4500 is highly likely to contain UDP-encapsulated IKE [RFC3948]
> >    or IKEv2 [RFC7296]).
> >
> > Would that work?
> >
> That's good, but I think there should be a reference to RFC7605 also.

Ok, I think the factual statement suffices, but I won't object to a reference to RFC7605.

Thanks, --David

> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Friday, April 3, 2020 8:04 PM
> To: Black, David
> Cc: tsvwg
> Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
> 
> 
> [EXTERNAL EMAIL]
> 
> On Fri, Apr 3, 2020 at 1:06 PM Black, David <David.Black@dell.com> wrote:
> >
> > Hi Tom,
> > [writing as draft shepherd]
> >
> > [1]
> > > I don't understand this statement from the draft:
> > >
> > > "The value of this information would be enhanced if the exposed
> > > information could be verified to match the internal state of the
> > > transport by observing the transport behaviour."
> > >
> > > I assume this means that the network nodes would need to understand
> > > the internal state of transport protocols. How would this work?
> >
> > Oops, that's not a good assumption - in 20/20 hindsight, the quoted
> > text should focus on protocol behavior rather than internal state.
> >
> > Suggested revised text:
> >
> >    The usefulness of this information would be enhanced if the exposed
> >    information could be verified to match the protocol's actual behavior,
> >    e.g., by observing whether the network traffic sent by the protocol
> >    is consistent with the exposed information in that traffic.
> >
> But then that would be akin to making inferences encrypted data, and
> preventing such inferences in the network is precisely one of the
> reasons the transport header is being encrypted by the end hosts.
> 
> > Beyond that, one could (partially) infer protocol state from observed
> > traffic behavior, but I don't think it's important to say that.
> >
> > [2]
> > > >From the draft:
> > >
> > > "An endpoint/protocol could choose to expose transport header
> > > information to optimise the benefit it gets from the network
> > > [RFC8558]."
> > >
> > > There is also the possibility that the endpoints didn't expose
> > > transport layer information, but the network incorrectly thinks it
> > > did.  The network may simply misinterpret bits in packets as being
> > > transport layer information when in fact the data can be something
> > > completely different and unrelated. The canonical example of this is
> > > QUIC or any transport encapsulated in UDP payload.
> >
> > That's actually an observation about transport-layer vs. network-layer
> > information exposure that would be better addressed slightly earlier in
> > the draft where both of those layers are discussed.
> >
> > After the first paragraph in Section 6.1 (Exposing Transport Information
> > in Extension Headers) looks like a good place to make that observation.
> >
> > After this paragraph:
> >
> >    At the network-layer, packets can carry optional headers (similar to
> >    Section 5) that may be used to explicitly expose transport header
> >    information to the on-path devices operating at the network layer
> >    (Section 3.1.3).  For example, an endpoint that sends an IPv6 Hop-by-
> >    Hop option [RFC8200] can provide explicit transport layer information
> >    that can be observed and used by network devices on the path.
> >
> > Add this paragraph:
> >
> >    Network-layer optional headers explicitly indicate the information
> >    that is exposed, whereas more effort may be required for a network
> >    device to determine whether a packet contains a partially encrypted
> >    transport header.  A particular concern is UDP-encapsulated protocols
> >    because the UDP ports do not definitively indicate which protocol has
> >    been encapsulated, even though some protocols are the predominant
> >    usage of specific UDP destination ports (e.g., a packet sent to UDP
> >    port 4500 is highly likely to contain UDP-encapsulated IKE [RFC3948]
> >    or IKEv2 [RFC7296]).
> >
> > Would that work?
> >
> That's good, but I think there should be a reference to RFC7605 also.
> 
> Tom
> 
> > Thanks, --David
> >
> > > -----Original Message-----
> > > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Tom Herbert
> > > Sent: Friday, April 3, 2020 12:49 PM
> > > To: tsvwg
> > > Subject: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
> > >
> > >
> > > [EXTERNAL EMAIL]
> > >
> > > Hi, a few comments.
> > >
> > > I don't understand this statement from the draft:
> > >
> > > "The value of this information would be enhanced if the exposed
> > > information could be verified to match the internal state of the
> > > transport by observing the transport behaviour."
> > >
> > > I assume this means that the network nodes would need to understand
> > > the internal state of transport protocols. How would this work?
> > >
> > > If the idea is that the exposed information is somehow verified with
> > > the endpoints that securely provide the information then maybe I
> > > understand that. But, if the idea is that intermediate nodes need to
> > > autonomously deduce the internal state themselves, I think that is
> > > problematic. Aside from all the known problems that stateful network
> > > devices have caused, there seems to be a circular dependency here.
> > > AFAIK the only way to deduce the internal state of a transport
> > > connection in the network would be by inspecting the exposed transport
> > > information, but this statement seems to be saying the exposed
> > > information can't be trusted unless the internal state has been
> > > deduced. Am I missing something?
> > >
> > > >From the draft:
> > >
> > > "An endpoint/protocol could choose to expose transport header
> > > information to optimise the benefit it gets from the network
> > > [RFC8558]."
> > >
> > > There is also the possibility that the endpoints didn't expose
> > > transport layer information, but the network incorrectly thinks it
> > > did. The network may simply misinterpret bits in packets as being
> > > transport layer information when in fact the data can be something
> > > completely different and unrelated. The canonical example of this is
> > > QUIC or any transport encapsulated in UDP payload. Per, RFC7605,
> > > transport port numbers only have meaning at end points. So for example
> > > a network device may think a packet with UDP destination port 80 is
> > > QUIC, when in fact it is something completely different, hence the
> > > network device may misinterpret the payload as being QUIC. I suspect
> > > it's unlikely that this situation will benefit the user, and more
> > > likely the network would not treat such packets well. There's been
> > > some work on this problem, like magic numbers in SPUD or analysis to
> > > mitigate the effects of misinterpretation like done for QUIC spin bit,
> > > but I don't believe anyone has proposed a general solution (other than
> > > moving the necessary information into the network layer and have
> > > intermediate nodes stop doing DPI).  I believe this problem should be
> > > mentioned in the draft with a reference to RFC7605 .
> > >
> > > Tom
> >