Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt
Tom Herbert <tom@herbertland.com> Mon, 26 November 2018 16:28 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F13F9130F16 for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 08:28:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bq-P_iyLmVl9 for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 08:28:19 -0800 (PST)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CA33127B92 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 08:28:18 -0800 (PST)
Received: by mail-qt1-x832.google.com with SMTP id k12so18189229qtf.7 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 08:28:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=z0kunRA/e/gT556Wbx2rripDAURxo4BVGRi5ikHxn4A=; b=Swhg4ueWz77nBzUjSgTtvMEBtFwt8GPQy6RW74/3ZIeaB2A0cTK5Q+v3KZHURwapuu NwGHayA89BUld65c5SZ7kkXBdDhnbqaznDbLZbUT/fzO6Y384Bs9Ih1nWv97My+V4Su4 WDaecYYR0oXsc2R8nu0VDLpa18++IaB8WJWvSFv6ZDKTak8iA5zPEJy6n44zRYlT4fMT d3T0WjS7y8t71TlD9Lbi9tINBgbRxBlvoAcr4N656Fy9JurCyhRXyVt3pmBK+QLEvPed Q2fKHLZez/igdjiTanv3Wz3YkGdUTZWSr80EtgU+gE1MXtiX6eqeAIVe51Ksx8A3BLXp xlDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=z0kunRA/e/gT556Wbx2rripDAURxo4BVGRi5ikHxn4A=; b=Dyj18ZXZ0dMZSaLQtEVaflq3QjAXh93vOG0Rsu4jLAfrg9dD0zQ+fubvUzhf6HgUNH q5XJV2QQSQ/rh1RxQFJEcZ7m/JKtoAINLpJEufRTKTeQ1XTx4SvnTQ7U/Gp6dV6xGTYf TQBv4eb2pn3qG/ifseaeq6Baqrgp6Rl7U1yORmKBdXEoC4FVnX1bvSTkrRzyZieJdW2g lotOLBqboD5DUmQigAq9X8TuoeDOFeMvBbtrN5/QTWb8oVUdw3F9qO5O7CP8frGfdlfb LA7SNuhx+cndi2I2BwqsnNvk/1TTIVoZdIPzegkV1ROjGiagTdOYSqEtohLX7LL0ZWWo ss7g==
X-Gm-Message-State: AGRZ1gKDngiwxmMvp1HzLRsbgW+blLneP6TgPi1kuocyIb/F3LBHjvyX PoDQYWRC8cJIWYKlhoCmnrhQCj0PoU5dkpdovNVMp+Wyayo=
X-Google-Smtp-Source: AFSGD/Uj4uyoKpT/Y7xquB/zzRkBWKGf+2WmLeGdw2Ljfanl9qLM8aMqvR7mSHflQkae+0majzDxUzydHOjCgnybPM8=
X-Received: by 2002:aed:3c0c:: with SMTP id t12mr27269784qte.226.1543249697698; Mon, 26 Nov 2018 08:28:17 -0800 (PST)
MIME-Version: 1.0
References: <154317513224.24417.11759766475159940183@ietfa.amsl.com>
In-Reply-To: <154317513224.24417.11759766475159940183@ietfa.amsl.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 26 Nov 2018 08:28:07 -0800
Message-ID: <CALx6S347A2qX-7sap0TJg9Q93XZZidEsDC9gaWBBF=GSCVA_zA@mail.gmail.com>
To: tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/XRjJXRfljJI9moseTBJy-JW_l9M>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 16:28:21 -0000
Hi, here's a few comments on the latest draft. >From the introduction: "These benefits have been widely discussed [RFC7258], [RFC7624], and them. There are also, however, some costs, in that the wide use of this document strongly supports the increased use of encryption in transport encryption requires changes to network operations, and transport protocols." I am not exactly sure what this means, but if this saying that the document strongly supports increased use of transport header encryption can transport header encryption be a RECOMMENDED requirement. >From the draft: "To achieve stable Internet operations the IETF transport community has to date relied heavily on measurement and insights of the network operations community to understand the trade-offs, and to inform selection of appropriate mechanisms, to ensure a safe, reliable, and robust Internet (e.g., [RFC1273],[RFC2914])." The two referenced RFCs are hardly recent (1991, 2000). Is there something more recent that describes how the transport community is "heavily" relying on transport layer measurements from the networking community? I'd point out that we've made substantial changes to TCP like ICWD=10, TFO, and BBR without needing input about the transport layer from network operators. Host endpoints have the necessary statistics and measurements to develop and validate such features. It seems the only time we needed to specifically consider the network was when packets for new transport layer features are blocked (like in the case of TFO when SYN packets with data were being dropped). >From the draft: "transport designers have often ignored the implications of whether the protocol designers have often ignored the implications of whether the information in transport header fields can or will be used by in- information in transport header fields can or will be used by in- network devices" Actually, I believe the the opposite is true. Host developers and protocol designers are very much aware of the implications of intermediate devices consuming transport layer information. This is not because we're trying to help the network mechanisms, it's because we need to work around protocol ossification caused by non-conformant devices in order to maximize the chances of packet delivery. Tom On Sun, Nov 25, 2018 at 11:46 AM <internet-drafts@ietf.org> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Transport Area Working Group WG of the IETF. > > Title : The Impact of Transport Header Confidentiality on Network Operation and Evolution of the Internet > Authors : Godred Fairhurst > Colin Perkins > Filename : draft-ietf-tsvwg-transport-encrypt-03.txt > Pages : 41 > Date : 2018-11-25 > > Abstract: > This document describes implications of applying end-to-end > encryption at the transport layer. It identifies in-network uses of > transport layer header information. It then reviews the implications > of developing end-to-end transport protocols that use authentication > to protect the integrity of transport information or encryption to > provide confidentiality of the transport protocol header and expected > implications of transport protocol design and network operation. > Since transport measurement and analysis of the impact of network > characteristics have been important to the design of current > transport protocols, it also considers the impact on transport and > application evolution. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tsvwg-transport-encrypt-03 > https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-transport-encrypt-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-transport-encrypt-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >
- [tsvwg] I-D Action: draft-ietf-tsvwg-transport-en… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Kyle Rose
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert