Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Colin Perkins <csp@csperkins.org> Wed, 01 July 2020 10:11 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B42F3A0D71 for <tsvwg@ietfa.amsl.com>; Wed, 1 Jul 2020 03:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXAonjy6mT-c for <tsvwg@ietfa.amsl.com>; Wed, 1 Jul 2020 03:11:50 -0700 (PDT)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5BB23A0D6D for <tsvwg@ietf.org>; Wed, 1 Jul 2020 03:11:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=jBw25TPppfv1pZh5+wZyqcfgf4mR3uoCSgFHbIeSqRU=; b=ZLUMV8DYDPAu4IOqCAAUOHgZ2O XShG8fIMxM4wgmloCVpBwbgRIF0mC1NDhxTQgSdiztIIgSBst99Uge9oTcx6Ksv/vl/6pqp3UArek sStwoqfOs3Mf2CnK6Lt94W7aWHcwY/nVG2FKVnzLqhbpGa9Keu48Acz6pI23jUPBHXk6z8bbRtRbp 4OTVAYhRgZ5FRF0IOKCWiBKeYXz+uVVv6tQppCfKYl7iGQRECMzFouRL+CeKos4mgL+kwbyLvYgUO nroZw8eQ5gzNzBGJd4oNjVqqfTuonnjLYus2QQKjLmwTE10E2JZb4ZewtKzzpofV8/EuLjTes2kzE MlTsxDTQ==;
Received: from [81.187.2.149] (port=48409 helo=[192.168.0.80]) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1jqZiV-0005UP-0C; Wed, 01 Jul 2020 11:11:47 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <74555802-326d-4730-9f54-50a043704a4d@www.fastmail.com>
Date: Wed, 1 Jul 2020 11:11:45 +0100
Cc: "Black, David" <David.Black@dell.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <48842800-6092-4715-8FF2-1500CF5D98E0@csperkins.org>
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com> <74555802-326d-4730-9f54-50a043704a4d@www.fastmail.com>
To: Christopher Wood <caw@heapingbits.net>
X-Mailer: Apple Mail (2.3445.104.14)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/YR2LFg2o2Lz4o-kL8LVNqtO5cR0>
Subject: Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 10:11:53 -0000

> On 30 Jun 2020, at 02:35, Christopher Wood <caw@heapingbits.net> wrote:
> On Mon, Jun 8, 2020, at 6:41 PM, Black, David wrote:
>> This 3rd WGLC is limited to the following two topics:
>> 
>> 1. Whether or not to proceed with a request for RFC publication
>> of the draft. The decision on whether or not to proceed will be based on rough consensus of the WG, see RFC 7282.
> 
> As currently written, I'm still not sure this document is ready for publication. While many of the items in my secdir review [1] were addressed, I think the document is still somewhat misaligned with the IETF's overall view on this document. 
> 
> For example, Section 6 (on intentionally exposing information) and some of Section 7 (the impact of header encryption) seem out of phase with our general mission to "encrypt all the things.”

“Encrypt all the things” is clear, but lacks nuance. Encrypt everything you don’t explicitly want to be visible to the network, I’d agree with. Understand what information is being shared between endpoints and network, and why.

> Minimally, I would expect to see some discussion of endpoint privacy here, and reasons for why an endpoint might not want to expose certain signals to the network.

That’s a reasonable ask. If you can suggest text, that would be useful.

> Section 6.3 seems to outright encourage endpoints to expose cleartext information in the name of performance. Certainly this can't be a necessary condition for performance given studies on QUIC [2] (it's not always better than TCP+TLS, though). 

We must have phrased this badly, because that’s not the intent of that section. Can you say more about where you see performance coming in there?

> In general, while I appreciate that the Conclusion narrows in on User Privacy, I would expect it to be more prominent in this document, especially one that ultimately seeks IETF consensus. As a document "about design and deployment considerations for transport protocols," I think we ought to focus more on deployment considerations for who those transport protocols actually service: the end users. I happily offer up my service in producing such text should it be desired.

That would be helpful!

Thanks,
Colin



> Best,
> Chris
> 
> [1] https://datatracker.ietf.org/doc/review-ietf-tsvwg-transport-encrypt-01-secdir-early-wood-2018-12-27/
> [2] https://dl.acm.org/doi/10.1145/3131365.3131368
> 



-- 
Colin Perkins
https://csperkins.org/