Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

"Black, David" <David.Black@dell.com> Tue, 24 March 2020 01:48 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61A083A0EC1 for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 18:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=dRLfjz/+; dkim=pass (1024-bit key) header.d=dell.onmicrosoft.com header.b=h30lpqU8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L395h-0F0GAT for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 18:48:32 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E4603A0EC0 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 18:48:32 -0700 (PDT)
Received: from pps.filterd (m0170390.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02O1gCJ1029957; Mon, 23 Mar 2020 21:48:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=smtpout1; bh=ZbGNO3RZQy5/fpfHrP2dkgmK9UdDA2pyjAu4PPRkyZU=; b=dRLfjz/+dH3eApKzYiYbcK3RnyPv5Y9ZV+LDD2WZnV85X7+cjbIG7zmZv8ZZcA5jPQtE QV5Dm5sgQbhhkVKFATSeleL2nBaC47Y3GLyM2U3HuZ8wCdPteswJj2cIaIx4De002YcR mv9+kLPTcm8pZATvgb3IyxUtGJ66D/nRWPLzeCxpNDd4u+frxpTIRANFSRWIucXmkuP5 Ts1eF06Gnx4cCfUYiHDk84clILDo0VC+6MNYyt6KFeqOn25cueCb9tkD+A2+n7ciZXAf zdZGDD/dgw56bm86Lmvv29yNnfsAZxrxhyZZNlooab57xhcJtNBOwU0DjBaEEKFHOKoa Sg==
Received: from mx0b-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0a-00154904.pphosted.com with ESMTP id 2ywe03c39m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Mar 2020 21:48:31 -0400
Received: from pps.filterd (m0090350.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02O1f4B0070102; Mon, 23 Mar 2020 21:48:30 -0400
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2107.outbound.protection.outlook.com [104.47.55.107]) by mx0b-00154901.pphosted.com with ESMTP id 2ywekk00u4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Mar 2020 21:48:30 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cv6grBzPA1OepNSHFsfbT7nHgcv6sFHpeTmDQgjTDS6lx+AfukKzsANbjtrfb7bCIWbCqdaIeV/y+yXIUUwGXpPH8CUIp+sPahXs+tPUBYiKpCotFdFXpIf/edCw/riQubfFv4nh+qoDFlLzT/40O+j5cHgJb4pDV/eOBKV4UjUEP/LO2JQtTMxBNxOEjr0vn1U7b00il//0lil8oBRp1UMPrsLrKSTgg85tSBiZUJGDdxn95sSVhfZhFkqhP9+vqPslC5bMCyNoyBIdOP2vx7ieaA4Yqd6uwL/4PPxmosbThwuTtXT7PYO15Q8fu1Oj1jXo0awuq1DvndkqznxaHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZbGNO3RZQy5/fpfHrP2dkgmK9UdDA2pyjAu4PPRkyZU=; b=J9VS7SkhLIY8xdzoeriM5rRMWSxn7MOkA8jHhRthvbzd4VkfHoZ1+XIi6MbBcdFeGgOy58HE0IEEtNog2DFJKc6HMsVheA8+5nz7TaYBHmdXw0ryDDCej0V9u0VFqEYzF49dC26bQ4OuhvYoeFf3p4DRyaAjwjDNVW4qezYxcqwkePeuhawbZ+OgWqcP+HsC4vDZCWyrECnEARRhFSy5C369wqxsbxoNxEryHBEbpkFboVKi2cgAP3hEWZ16nJhw0uza0yDoxI3/WuoV4Mz8TgEfUotixFVzmmCcQ9FjAb9vjxsRi83p+DxsUpSYxCpAL6x30rK8c8NP5kIrmhwN6Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Dell.onmicrosoft.com; s=selector1-Dell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZbGNO3RZQy5/fpfHrP2dkgmK9UdDA2pyjAu4PPRkyZU=; b=h30lpqU8vVYMYKQnQfiG025zCHZqgKmT4oucvrJy0l3fjPoAQ+dVdJF2reX4RHOQhmdp9NqUgG5v0CqtzHTzDOPcicFedC+FZoZzc/wuyDOU/8Ef1nSoyBJnU0Sc51ZRy2I37evYnxTo7RoDDDr7vIxg87U55j5RwQbOo8mbxlI=
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3917.namprd19.prod.outlook.com (2603:10b6:208:1e3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.19; Tue, 24 Mar 2020 01:48:28 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd%3]) with mapi id 15.20.2835.021; Tue, 24 Mar 2020 01:48:28 +0000
From: "Black, David" <David.Black@dell.com>
To: Joseph Touch <touch@strayalpha.com>
CC: Tom Herbert <tom@herbertland.com>, tsvwg <tsvwg@ietf.org>
Thread-Topic: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
Thread-Index: AQHWASPz6uPUhpSteUae+2Go+AJQaqhWSsgAgAB0P2CAAA5cgIAAJSPQ
Date: Tue, 24 Mar 2020 01:48:28 +0000
Message-ID: <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com>
In-Reply-To: <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2020-03-24T01:20:45.7208927Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public
x-originating-ip: [72.74.71.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fa3e08c4-a428-4bd1-aa0d-08d7cf95735b
x-ms-traffictypediagnostic: MN2PR19MB3917:
x-microsoft-antispam-prvs: <MN2PR19MB39178A6C08C295A39C482C5383F10@MN2PR19MB3917.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03524FBD26
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(396003)(376002)(136003)(81156014)(6506007)(316002)(54906003)(53546011)(7696005)(66446008)(9686003)(786003)(55016002)(6916009)(478600001)(4326008)(5660300002)(66946007)(66476007)(52536014)(8936002)(81166006)(76116006)(86362001)(64756008)(8676002)(71200400001)(2906002)(186003)(66556008)(33656002)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR19MB3917; H:MN2PR19MB4045.namprd19.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords;
received-spf: None (protection.outlook.com: dell.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ABCwk6G+5FYt3SLONNZ7iyJs8VVr4OE/NHVe4T0LWjQdjzLid/Zy5rUKBs6n0l4NejLtK7vaix4g8Gov5av69V/Ckb3krlEFDVtJuOxAOQ/O41WpZLF+P0GOn35+a+bPjAsrZvSLmwbHy71m9ZlMwG+r+Qnu6pm59ZmWaCPpzYxltG1eREvP5xbT8GtIOS8PFpGapv/MIdxtyYG8xCNJH8Hle7D7EqQO/Ym73comJjuAyRY3VuAQB5x9k3FFeh7foTT37/yQuOFRN5Q5JY49dOz46fcrn7t0OirgSXDNPS6tTY4EKpqhRgBTwWZgi5ty4bcnzLNcPKVaDNE5LfoEghZdmxHPv6Wb1ZGimSH5VQ8QuEen7Oxe19NibpNlBYC0Xd1qVh8H4iR8es5trhMyvmZl9Z7nRfn8Pp/IpXwM6G5E9oZAjoT/unlgxC63agM7
x-ms-exchange-antispam-messagedata: UWT9xt4EnL7F6EmQlpikSJs7/m/qrnyf3JeiQ+YIocnofm3pSCpJXhvB8ZOHkcrea5cvlJUa46cyKLw5u05OcybhGjBhX3RqvtKtK/KWlzO2uFpHjrD0KV55fIJyHvLn+dcn5DmuDZhO5bsjJwQ/4g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB40458C69C9C91C70AD889D3A83F10MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fa3e08c4-a428-4bd1-aa0d-08d7cf95735b
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2020 01:48:28.7334 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IC3iGGIuCAAwnvqYgM+ooGTPxj5/UHYWzmAJav+pNbHj1JNIhj5ru8b1Z+undh6Nx0/nuc6JfTjL6G+J28Qn2A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3917
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-23_10:2020-03-23, 2020-03-23 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 bulkscore=0 priorityscore=1501 phishscore=0 suspectscore=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003240005
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 malwarescore=0 bulkscore=0 spamscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 clxscore=1015 adultscore=0 suspectscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003240005
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Ue-YGEuYNJ5d8rMakM1xwyg3N4s>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 01:48:38 -0000

> That sounds like it’s leaning towards extortion - the kind we have now, in which
> “if you don’t let us see your ports and we don’t like them, we’ll block you”.
That sounds like a networking version of turning Spinal Tap’s amps up to 11 ...

> I’d lean the other way - that the network really shouldn’t be doing anything based on information
> gleaned from transports - explicitly given or not - because it only serves to create mutual escalation of misinformation.
... and that looks like other end of the spectrum.

What I had in mind was something more balanced about benefits to exposing some information to the network that motivate endpoints and endpoint implementers to do so ... where motivate is not intended to imply extortion-like threats, and the benefits aren’t necessarily the network doing something immediate based on the exposed information (there are several examples in Section 2.3 of the draft).

To be concrete, here’s one possible text change, based on taking out the words that seems to be the focus of this discussion:

OLD
   o  On the one hand, protocols do not necessarily have an incentive to
      expose the actual information that is used by the protocol itself
      and could therefore manipulate the exposed transport header
      information to gain an advantage from the network.  The incentive
      to reflect actual transport header information has to be
      considered when proposing a method.
NEW

   o  On the one hand, protocols do not necessarily have an incentive to

      expose information that is used by the protocol.  The incentive

      to expose transport header information has to be considered when

      proposing a method to do so.

Which leaves room to argue that there is no incentive, or there is insufficient incentive, or the risks outweigh the benefits, etc.

Thanks, --David

From: Joseph Touch <touch@strayalpha.com>
Sent: Monday, March 23, 2020 7:08 PM
To: Black, David
Cc: Tom Herbert; tsvwg
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13


[EXTERNAL EMAIL]

On Mar 23, 2020, at 3:19 PM, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:

[writing as draft shepherd]

Point taken – would it be reasonable to rework that paragraph to observe that there should be incentives for endpoints to expose transport information, e.g., otherwise implementers may simply not bother?

That sounds like it’s leaning towards extortion - the kind we have now, in which “if you don’t let us see your ports and we don’t like them, we’ll block you”.

I’d lean the other way - that the network really shouldn’t be doing anything based on information gleaned from transports - explicitly given or not - because it only serves to create mutual escalation of misinformation.

Joe



Thanks, --David

From: tsvwg <tsvwg-bounces@ietf.org<mailto:tsvwg-bounces@ietf.org>> On Behalf Of Joseph Touch
Sent: Monday, March 23, 2020 11:20 AM
To: Tom Herbert
Cc: tsvwg
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

[EXTERNAL EMAIL]




On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>> wrote:

Fundamentally, transport layer is end-to-end information. There is no
contract between end hosts and the network that hosts have to be
honest or correct in setting information in the transport layer-- the
only contract is between the endpoints.

+1

Another point worth mentioning:

- if endpoints can lie or mislead about transport info to get their way, they can, will, and IMO *SHOULD*.

That goes for using port 53 for nearly anything anyone wants to. Transport info isn’t there to make things nice for network operators - that’s what the network layer is for.

Oh, yeah, I know - network operators don’t want “heavy” stuff in *their* headers because it slows them down when they don’t want it. Too bad, IMO. If they want the info, they need to deal with the pain.

Joe