Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

Tom Herbert <tom@herbertland.com> Wed, 25 March 2020 14:26 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F4A3A095D for <tsvwg@ietfa.amsl.com>; Wed, 25 Mar 2020 07:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pY_nlS8db59I for <tsvwg@ietfa.amsl.com>; Wed, 25 Mar 2020 07:26:22 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 630403A0936 for <tsvwg@ietf.org>; Wed, 25 Mar 2020 07:26:01 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id b18so2577868edu.3 for <tsvwg@ietf.org>; Wed, 25 Mar 2020 07:26:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MGf73OKvWkFXGFq08Lkv6lY7SqgXFmevIQWP64CeOAA=; b=a//Y6m6JYtjB2RFPB3jPb0rMdL/zQyl+LnJEn9dR9A8e+Zcg7Rk58DedSKUkaZldcz NjjPlW3mdOIJFerGBSiQH2GZyEJ/ve8VGO8nJ2iQY2o3iSWS3hs1+jnER2wqTx+v17Tk ZA1IELbQ+Bd3ik1mkW3HBuwx6apPtJAHZQU7H/nbjVVi+xRerH1lqeeqmy+V79nbb9wc QIJLoRskA5k4+O6+oiyGayw5cmASnktDXtRxvEyff24e+cuFohUJqR8d6usHxhYK9QbS /73Si6oee037/GaGI3uQgG0L18RXYHli5Oyvz+WgNt7oUMjWoaGsnyBUB47LLmfXz/gO D+Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MGf73OKvWkFXGFq08Lkv6lY7SqgXFmevIQWP64CeOAA=; b=dmF8eYwEpu6YEZJyaDmhbFBscQKSA/zRrUwY1jkwKzWKXueqDfhfsv/HfW+vvYTtpV bVpTOFftVBHEk0vwuPTL9syMlu8K5NeX6Dks0zVAr15p4KtD5Dh415xOyQnr5kDJBhjj cXirIiE/RXajDtzZcHCtUOLFQKxI6+EKUSsBk9kLVNGOSwG+4nKUiG0WA7fvEhDcweMB Yw3jB87vsNp1lt4BPFznPf6giElj7CQspWNeqsCKSJXu3CLZRBFv4sgTSQR7ko1qTC81 cKSYpsvjvOf8R6/g6DRb31wcL8UiF00SwPmgqskyYRhNJlOmdFzNgG/ZyqQPT4QQhrQp EO7w==
X-Gm-Message-State: ANhLgQ0CMGaeSHz4uyvb82RqbvunaopMgDg8WLRn+MMrxh1MEj6Kal44 2Du7porjAy0Oc2OV9COK/uXTfZkRs1JglGZ32oEDGA==
X-Google-Smtp-Source: ADFU+vuRbOn8l9nCeG2kPixWZqCZmCoqJQsYnUp1AVMpiIabtxOx9x+IgdkVjIzc1Nu6DAVS1I8Hm8WX04o/J8aMU7U=
X-Received: by 2002:aa7:d602:: with SMTP id c2mr3297974edr.118.1585146351022; Wed, 25 Mar 2020 07:25:51 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <LEXPR01MB05108C754317E0CB677D5AE39CF10@LEXPR01MB0510.DEUPRD01.PROD.OUTLOOK.DE> <CALx6S371UeXnRmKnev6+kyhf5wqe9gsCZ0TseM7P5HDGaaTqFA@mail.gmail.com> <LEXPR01MB051083F5EB49BD12654016459CCE0@LEXPR01MB0510.DEUPRD01.PROD.OUTLOOK.DE>
In-Reply-To: <LEXPR01MB051083F5EB49BD12654016459CCE0@LEXPR01MB0510.DEUPRD01.PROD.OUTLOOK.DE>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 25 Mar 2020 07:25:39 -0700
Message-ID: <CALx6S349yVZCjgOQXz=bYrCCvWvh_7bE7eF=ztYXhtbOQr2Bmg@mail.gmail.com>
To: Ruediger.Geib@telekom.de
Cc: "Black, David" <David.Black@dell.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/WwP4LLhIY7heIpry8KDmGyP95qQ>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2020 14:26:31 -0000

On Tue, Mar 24, 2020 at 11:14 PM <Ruediger.Geib@telekom.de> wrote:
>
> Hi Tom,
>
> You write: There's no mention of how analysis or policing can be done for QUIC or any other transport protocol or cases where TCP resides in some encrypted tunnel.
>
> I think, bandwidth limitation by policing will not disappear due to encryption or due to new transport protocols. My take of the underlying issue "dimensioning of network buffers, burst-tolerance and AQM for optimized transport performance" was, that it motivates work like draft-ietf-tsvwg-transport-encrypt.

Ruediger,

Yes, but the transport layer information used by some network
mechanisms is disappearing with the use encryption or new transport
protocols. The draft establishes that. It seems like either these
mechanisms will need to be adapted to not rely on transport layer
information in a packet, or we need to define a generic method to put
the necessary information in plaintext somewhere in the packet that
can be consumed by intermediate nodes and the information exposure is
controlled by end nodes (which is the point of exposing the necessary
transport layer information in network layer).

Tom

>
> Regards,
>
> Ruediger
>
> -----Ursprüngliche Nachricht-----
> Von: Tom Herbert <tom@herbertland.com>
> Gesendet: Dienstag, 24. März 2020 16:09
> An: Geib, Rüdiger <Ruediger.Geib@telekom.de>
> Cc: Black, David <David.Black@dell.com>om>; tsvwg <tsvwg@ietf.org>
> Betreff: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
>
> On Tue, Mar 24, 2020 at 1:07 AM <Ruediger.Geib@telekom.de> wrote:
> >
> > David,
> >
> >
> >
> > don’t know, where this is heading to. Two observations, shared earlier on this list:
> >
> >
> >
> > I’ve distributed a link to a publication where Google gives advice to operators how to optimize access policer configuration. This optimization requires transport layer performance information.
>
> Hi Ruediger,
>
> If you're referring to "An Internet-Wide Analysis of Traffic Policing", I will point out that all of the analysis and recommendations seem to be for TCP only. There's no mention of how analysis or policing can be done for QUIC or any other transport porotocol or cases where TCP resides in some encrypted tunnel.
>
> Tom
>
> > One result of encryption that I’m aware of are measurement applications residing in dedicated and consumer terminals, reporting results back to central servers. Reporting transport performance is one aspect.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Ruediger
> >
> >
> >
> > Von: tsvwg <tsvwg-bounces@ietf.org> Im Auftrag von Black, David
> > Gesendet: Montag, 23. März 2020 23:20
> > An: Joseph Touch <touch@strayalpha.com>om>; Tom Herbert
> > <tom@herbertland.com>
> > Cc: tsvwg <tsvwg@ietf.org>
> > Betreff: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> >
> > [writing as draft shepherd]
> >
> >
> >
> > Point taken – would it be reasonable to rework that paragraph to observe that there should be incentives for endpoints to expose transport information, e.g., otherwise implementers may simply not bother?
> >
> >
> >
> > Thanks, --David
> >
> >
> >
> > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> > Sent: Monday, March 23, 2020 11:20 AM
> > To: Tom Herbert
> > Cc: tsvwg
> > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> >
> > [EXTERNAL EMAIL]
> >
> >
> >
> >
> >
> > On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
> >
> >
> >
> > Fundamentally, transport layer is end-to-end information. There is no
> > contract between end hosts and the network that hosts have to be
> > honest or correct in setting information in the transport layer-- the
> > only contract is between the endpoints.
> >
> >
> >
> > +1
> >
> >
> >
> > Another point worth mentioning:
> >
> >
> >
> > - if endpoints can lie or mislead about transport info to get their way, they can, will, and IMO *SHOULD*.
> >
> >
> >
> > That goes for using port 53 for nearly anything anyone wants to. Transport info isn’t there to make things nice for network operators - that’s what the network layer is for.
> >
> >
> >
> > Oh, yeah, I know - network operators don’t want “heavy” stuff in *their* headers because it slows them down when they don’t want it. Too bad, IMO. If they want the info, they need to deal with the pain.
> >
> >
> >
> > Joe