Re: [tsvwg] New Version of draft-ietf-tsvwg-transport-encrypt (12)
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Mon, 16 March 2020 15:39 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3F23A0A62 for <tsvwg@ietfa.amsl.com>; Mon, 16 Mar 2020 08:39:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UjO8TT7Tgw0p for <tsvwg@ietfa.amsl.com>; Mon, 16 Mar 2020 08:39:39 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 28D1D3A0A48 for <tsvwg@ietf.org>; Mon, 16 Mar 2020 08:39:38 -0700 (PDT)
Received: from GF-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 2D1981B0009C; Mon, 16 Mar 2020 15:39:32 +0000 (GMT)
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Duke <martin.h.duke@gmail.com>, David Schinazi <dschinazi.ietf@gmail.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <158279435525.6196.11790581771168846041.idtracker@ietfa.amsl.com> <3c7f9e3c-d4f6-b002-5e16-6611d654c8eb@erg.abdn.ac.uk> <CAPDSy+5e0HYhBJdQm-ZhBcqmqwKGkpaKU8t_9R2_P=nAOs9s2w@mail.gmail.com> <CABcZeBOdDU0zQ+ZNQqu1vDWxQuLUzGqi9MMXPDUs-izZEgVQsg@mail.gmail.com> <CAM4esxTA9mheGALtp4zKKYVV7wNUfhp-0pdt3C62G=tkTQhaDQ@mail.gmail.com> <CABcZeBOPxLWfT3Un=+_DQoaP5Zf0_COJ=cBLsVwMZHGgu5BOHw@mail.gmail.com> <CAM4esxQMPEemk6db6hGTLdt4xetHRhV=9DD51sjd3ppn+SffEw@mail.gmail.com> <CABcZeBMR61e0CsdCg5y8PkQskm0tbR-+BKXWQghavGKBN6PyHA@mail.gmail.com> <abdc3cc8-5948-1b5d-516d-6d736b7ecda2@erg.abdn.ac.uk> <CABcZeBNVZp_H+02D_B-bg56_==W_9feZ_Z91Oc5R+6P4giftnA@mail.gmail.com> <c6b40d15-244b-5f63-8aed-e3eca3373638@erg.abdn.ac.uk> <CABcZeBOqEymmY3JjX-+MHSUuKrLtvqSxxJ4DfspTnS5+uLc3Dg@mail.gmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <5427a27f-fff0-6933-4070-cfdc45195e46@erg.abdn.ac.uk>
Date: Mon, 16 Mar 2020 15:39:32 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOqEymmY3JjX-+MHSUuKrLtvqSxxJ4DfspTnS5+uLc3Dg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------E9025EF19886B6980910F1BA"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/UyPg_LzYki1VvEcP7ZIrSHGZFJM>
Subject: Re: [tsvwg] New Version of draft-ietf-tsvwg-transport-encrypt (12)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 15:39:41 -0000
On 16/03/2020 15:33, Eric Rescorla wrote: > > > On Mon, Mar 16, 2020 at 7:51 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk > <mailto:gorry@erg.abdn.ac.uk>> wrote: > > > On 16/03/2020 13:06, Eric Rescorla wrote: >> >> >> On Mon, Mar 16, 2020 at 2:36 AM Gorry Fairhurst >> <gorry@erg.abdn.ac.uk <mailto:gorry@erg.abdn.ac.uk>> wrote: >> >> Ekr, >> >> On 15/03/2020 13:19, Eric Rescorla wrote: >>> Let me try to expand my point a bit. >>> >>> Longstanding practice is for entities in the middle of the >>> network to >>> use signals that were intended for the endpoint for their own >>> purposes. With QUIC (and a lesser extent SCTP/DTLS), those >>> signals >>> are being encrypted and thus unavailable to those non-endpoint >>> entities; this draft is mostly devoted to documenting the >>> negative >>> impact of that change on the operations of those entities. >>> >> I disagree that this is "documenting the negative impact of >> that change". >> >> The draft is about how this protocol information has and is >> being used. As long as I can remember, there has been devices >> that utilise some of this information, at the edge of an >> enterprise there is often at least one device with this role; >> within a managed network there are devices; etc. If the trend >> to use encrypted methods continues, some of these practices >> need to be re-assessed, and the functions more widely >> understood than in an era when nearly everything was thought >> to be TCP or "multimedia". >> >> >> I'm not sure what you're arguing here. What I said above is that >> this draft was "mostly devoted to documenting the negative >> impact of that change on the operations of those entities." >> In other words, it lists a bunch of things that people do now >> that will stop working. Do you not think that much of the >> material in this draft is of that form? >> >> -Ekr >> > So the conclusion, para 2 states: > > " This document has described some current practises, and the > implications for some stakeholders, when transport layer header > encryption is used. It does not judge whether these practises are > necessary, or endorse the use of any specific practise. > > > I don't really see how this addresses the question we are presently > discussing, which is where I said > > "this draft is mostly devoted to documenting the negative > impact of that change on the operations of those entities." > > It seems like you disagree with that characterization, but it's not > clear to me why, and this text certainly doesn't address that. > > > I agree many existing tools would stop working if IPsec formed the > majority of traffic, same for QUIC. I think when considering what > to do next, it can be useful to work from the current position and > understand the implications of changes that are being > proposed/used/whatever. > > > At least from my personal position, this document was providing > some input to that thinking. So, I do not understand your issue. > > Well, it's pretty far upthread, but see the second paragraph of my review: > > First, it's really not clear what purpose this document serves. While > superficially an analysis of the impact of transport layer encryption > as a guide to designers, in the context of the design and deployment > of QUIC and SCTP/DTLS, both of which encrypt most or all of the > transport header, it's hard not to read this document as an implicit > critique of those decisions. It's not like there's some other big > transport protocol design effort going on in IETF that would be > informed by these considerations. > > I'm not really sure how to state this more clearly. > > -Ekr > Well, thanks for trying. Either we don't understand one another, or we differ. Other people have commented in the same thread, and I concur with what Spencer said. Gorry Also: I will resolve that specific text issue you raised, because that was open to very wrong interpretation.
- [tsvwg] New Version of draft-ietf-tsvwg-transport… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… David Schinazi
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Spencer Dawkins at IETF
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Martin Duke
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Spencer Dawkins at IETF
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Joe Touch
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Colin Perkins
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Martin Duke
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Martin Duke
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Tom Herbert
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Eric Rescorla
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Tom Herbert
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Tom Herbert
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Gorry Fairhurst
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Tom Herbert
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Black, David
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Tom Herbert
- Re: [tsvwg] New Version of draft-ietf-tsvwg-trans… Black, David