IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt

Tom Herbert <tom@herbertland.com> Mon, 26 November 2018 19:35 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4530212F1AB for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 11:35:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mdhma66H4QBh for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24405130DE0 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id n21so18986735qtl.6 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jzQxJI+c9MuqQ7Uaf3kvClYa1VLpuw4W04cKVOVGF+s=; b=CBR/MSJyAMqgTuD+FkOD3z1PJxr0IIGnTA8DYmanYb7zBSu7fekxbE64Gx7g/zQyqA Bs5eYpfVo7JSYOLOEBu1kTMM1ZdRa1YJqhFmuCWodAU7wTjqPT5Bc9bPRcrizFPmYDnZ izT45wtXqJm/qPjzFFxfsMRHgnRH7SdOBKZ+ksGJ8DHyEe+W0fxtHqgnUty1HLWPY8x+ /OTeAIiMzolRxl/wZAoAqvx+66B2e6MKwQtu3lGeWwebDQDCkmkfs51zIsaPcp/yWICX QrGcvBv919xpj+eQbKa+OPUzKU5T7EpYF6p3uUPDOh2QPKOuzAAmes81jAidmsMwFC+f +M1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jzQxJI+c9MuqQ7Uaf3kvClYa1VLpuw4W04cKVOVGF+s=; b=XLHI9SrwGDnmWysHFFphZEiwtLWtDr3mT/WJktnnblPeIhMYQ6mt6blT5DkYsL+44J kcDwoSqkj0kQE5s5LtEGNGOiVliCZUjt+Q1OLxg/6Y9ABgL8tUkJm4/2/XdXpp80c061 WiBptfTzklf+b9QPKAF5cPZYPKTp0W3gagQU7EupqoWn8lUNhGjDta/pp6xkPvBDMMdQ VN6qviKKk4XVzi4vYOwG0IdvUhoMh1wfvhfX+l1yFZeoB/Ec1NAwAKBGR7/YFtfHSjPH ywu56TMHvasTMhrLP3Wijc3J1HlSgxDFgohK0NWOZM3ccN495UdR7WxyEI3TquufxxXS 7/aQ==
X-Gm-Message-State: AA+aEWaXHT44NftN3nTSYbpocz1K04w3f46c7npZJyQDk29Yt51w6aMg MBE9S+Oylk9p5rkW7y57Gl+R5oZJg10wKE8n6yGWt9s2
X-Google-Smtp-Source: AFSGD/UAkKb4ZX0+/4Pe4H5YSle0BI9xfHuq2hh3sexIB4gAmSJf9Lt2EBmR+tOS0Er9p/fEr7PIVrrra4d6dtJy69c=
X-Received: by 2002:a0c:b407:: with SMTP id u7mr26739732qve.179.1543260904986; Mon, 26 Nov 2018 11:35:04 -0800 (PST)
MIME-Version: 1.0
References: <154317513224.24417.11759766475159940183@ietfa.amsl.com> <CALx6S347A2qX-7sap0TJg9Q93XZZidEsDC9gaWBBF=GSCVA_zA@mail.gmail.com> <5BFC2E2A.1090104@erg.abdn.ac.uk>
In-Reply-To: <5BFC2E2A.1090104@erg.abdn.ac.uk>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 26 Nov 2018 11:34:54 -0800
Message-ID: <CALx6S37PdWSPAQQsDzvjMqfc9RvpctRFrUN9eNDWmD+W5Lyp4w@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ZJK3w4NWqX6MU1UIU3nBydHy890>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 19:35:09 -0000

On Mon, Nov 26, 2018 at 9:32 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote:
>
> On 26/11/2018, 16:28, Tom Herbert wrote:
> > Hi, here's a few comments on the latest draft.
> >
> > > From the introduction:
> >
> > "These benefits have been widely discussed [RFC7258], [RFC7624], and
> > them. There are also, however, some costs, in that the wide use of
> > this document strongly supports the increased use of encryption in
> > transport encryption requires changes to network operations, and
> > transport protocols."
> >
> > I am not exactly sure what this means, but if this saying that the
> > document strongly supports increased use of transport header
> > encryption can transport header encryption be a RECOMMENDED
> > requirement.
> The document doesn't use RFC2119 language, and the goal is not to
> make best current practice recommendations - its infromation to capture
> what we know.
> > > From the draft:
> >
> > "To achieve stable Internet operations the IETF transport community
> > has to date relied heavily on measurement and insights of the network
> > operations community to understand the trade-offs, and to inform
> > selection of appropriate mechanisms, to ensure a safe, reliable, and
> > robust Internet (e.g., [RFC1273],[RFC2914])."
> >
> > The two referenced RFCs are hardly recent (1991, 2000). Is there
> > something more recent that describes how the transport community is
> > "heavily" relying on transport layer measurements from the networking
> > community?
> > I'd point out that we've made substantial changes to TCP
> > like ICWD=10, TFO, and BBR without needing input about the transport
> > layer from network operators. Host endpoints have the necessary
> > statistics and measurements to develop and validate such features. It
> > seems the only time we needed to specifically consider the network was
> > when packets for new transport layer features are blocked (like in the
> > case of TFO when SYN packets with data were being dropped).
> Excellent point about BBR and TFO - there were indeed many many
> presentations and many papers about  the protocol developments used by
> TFO. BBR is evolving. Recently BBR within TCP has been subject to quite
> a bit of analysis by people other than the authors. Hopefully there will
> also be analysis of how this interacts with AQM, etc. It's a bit hard to
> get third-party analysis of the use within QUIC. There's been some
> analysis of how BBR interacts with policiers and other-in network
> management (but I'm not sure how up to date this is). Is it safe for use
> in the general Internet? - I'll punt that question to ICCRG, where
> doubtless there will be more analysis to come.
> > > From the draft:
> >
> > "transport designers have often ignored the implications of whether
> > the protocol designers have often ignored the implications of whether
> > the information in transport header fields can or will be used by in-
> > information in transport header fields can or will be used by in-
> > network devices"
> >
> > Actually, I believe the the opposite is true. Host developers and
> > protocol designers are very much aware of the implications of
> > intermediate devices consuming transport layer information. This is
> > not because we're trying to help the network mechanisms, it's because
> > we need to work around protocol ossification caused by non-conformant
> > devices in order to maximize the chances of packet delivery.
>
> The chances of a strandard TCP segment being delivered are still often
> higher than that of a new protocol using UDP. There are types of network
> where you will find performance is quite different - and can be better
> for TCP (see this IETF's proceedings), and places such as from within an
> enterprise (or some other controlled environment) where you may still be
> unable to use UDP without some form of proxy. This may be why QUIC is
> often seen as falling back to TCP.
>
> To me, none of this is important to understanding why currently some
> network operators have and continue to use information from transport
> headers to help operate their service.

Gorry,

Understanding that is relevant only if a list of requirements can be
derived as to what transport layer information needs to be exposed to
the network and what the correct mechanism is to expose such
information.

Tom

>
> Gorry
> > Tom
> >
> > On Sun, Nov 25, 2018 at 11:46 AM<internet-drafts@ietf.org>  wrote:
> >>
> >> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> >> This draft is a work item of the Transport Area Working Group WG of the IETF.
> >>
> >>          Title           : The Impact of Transport Header Confidentiality on Network Operation and Evolution of the Internet
> >>          Authors         : Godred Fairhurst
> >>                            Colin Perkins
> >>          Filename        : draft-ietf-tsvwg-transport-encrypt-03.txt
> >>          Pages           : 41
> >>          Date            : 2018-11-25
> >>
> >> Abstract:
> >>     This document describes implications of applying end-to-end
> >>     encryption at the transport layer.  It identifies in-network uses of
> >>     transport layer header information.  It then reviews the implications
> >>     of developing end-to-end transport protocols that use authentication
> >>     to protect the integrity of transport information or encryption to
> >>     provide confidentiality of the transport protocol header and expected
> >>     implications of transport protocol design and network operation.
> >>     Since transport measurement and analysis of the impact of network
> >>     characteristics have been important to the design of current
> >>     transport protocols, it also considers the impact on transport and
> >>     application evolution.
> >>
> >>
> >> The IETF datatracker status page for this draft is:
> >> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/
> >>
> >> There are also htmlized versions available at:
> >> https://tools.ietf.org/html/draft-ietf-tsvwg-transport-encrypt-03
> >> https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-transport-encrypt-03
> >>
> >> A diff from the previous version is available at:
> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-transport-encrypt-03
> >>
> >>
> >> Please note that it may take a couple of minutes from the time of submission
> >> until the htmlized version and diff are available at tools.ietf.org.
> >>
> >> Internet-Drafts are also available by anonymous FTP at:
> >> ftp://ftp.ietf.org/internet-drafts/
> >>
>

v2.23.0 | Report a Bug | By Email