Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt
Tom Herbert <tom@herbertland.com> Mon, 26 November 2018 19:35 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4530212F1AB for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 11:35:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mdhma66H4QBh for <tsvwg@ietfa.amsl.com>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24405130DE0 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id n21so18986735qtl.6 for <tsvwg@ietf.org>; Mon, 26 Nov 2018 11:35:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jzQxJI+c9MuqQ7Uaf3kvClYa1VLpuw4W04cKVOVGF+s=; b=CBR/MSJyAMqgTuD+FkOD3z1PJxr0IIGnTA8DYmanYb7zBSu7fekxbE64Gx7g/zQyqA Bs5eYpfVo7JSYOLOEBu1kTMM1ZdRa1YJqhFmuCWodAU7wTjqPT5Bc9bPRcrizFPmYDnZ izT45wtXqJm/qPjzFFxfsMRHgnRH7SdOBKZ+ksGJ8DHyEe+W0fxtHqgnUty1HLWPY8x+ /OTeAIiMzolRxl/wZAoAqvx+66B2e6MKwQtu3lGeWwebDQDCkmkfs51zIsaPcp/yWICX QrGcvBv919xpj+eQbKa+OPUzKU5T7EpYF6p3uUPDOh2QPKOuzAAmes81jAidmsMwFC+f +M1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jzQxJI+c9MuqQ7Uaf3kvClYa1VLpuw4W04cKVOVGF+s=; b=XLHI9SrwGDnmWysHFFphZEiwtLWtDr3mT/WJktnnblPeIhMYQ6mt6blT5DkYsL+44J kcDwoSqkj0kQE5s5LtEGNGOiVliCZUjt+Q1OLxg/6Y9ABgL8tUkJm4/2/XdXpp80c061 WiBptfTzklf+b9QPKAF5cPZYPKTp0W3gagQU7EupqoWn8lUNhGjDta/pp6xkPvBDMMdQ VN6qviKKk4XVzi4vYOwG0IdvUhoMh1wfvhfX+l1yFZeoB/Ec1NAwAKBGR7/YFtfHSjPH ywu56TMHvasTMhrLP3Wijc3J1HlSgxDFgohK0NWOZM3ccN495UdR7WxyEI3TquufxxXS 7/aQ==
X-Gm-Message-State: AA+aEWaXHT44NftN3nTSYbpocz1K04w3f46c7npZJyQDk29Yt51w6aMg MBE9S+Oylk9p5rkW7y57Gl+R5oZJg10wKE8n6yGWt9s2
X-Google-Smtp-Source: AFSGD/UAkKb4ZX0+/4Pe4H5YSle0BI9xfHuq2hh3sexIB4gAmSJf9Lt2EBmR+tOS0Er9p/fEr7PIVrrra4d6dtJy69c=
X-Received: by 2002:a0c:b407:: with SMTP id u7mr26739732qve.179.1543260904986; Mon, 26 Nov 2018 11:35:04 -0800 (PST)
MIME-Version: 1.0
References: <154317513224.24417.11759766475159940183@ietfa.amsl.com> <CALx6S347A2qX-7sap0TJg9Q93XZZidEsDC9gaWBBF=GSCVA_zA@mail.gmail.com> <5BFC2E2A.1090104@erg.abdn.ac.uk>
In-Reply-To: <5BFC2E2A.1090104@erg.abdn.ac.uk>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 26 Nov 2018 11:34:54 -0800
Message-ID: <CALx6S37PdWSPAQQsDzvjMqfc9RvpctRFrUN9eNDWmD+W5Lyp4w@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ZJK3w4NWqX6MU1UIU3nBydHy890>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-03.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 19:35:09 -0000
On Mon, Nov 26, 2018 at 9:32 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote: > > On 26/11/2018, 16:28, Tom Herbert wrote: > > Hi, here's a few comments on the latest draft. > > > > > From the introduction: > > > > "These benefits have been widely discussed [RFC7258], [RFC7624], and > > them. There are also, however, some costs, in that the wide use of > > this document strongly supports the increased use of encryption in > > transport encryption requires changes to network operations, and > > transport protocols." > > > > I am not exactly sure what this means, but if this saying that the > > document strongly supports increased use of transport header > > encryption can transport header encryption be a RECOMMENDED > > requirement. > The document doesn't use RFC2119 language, and the goal is not to > make best current practice recommendations - its infromation to capture > what we know. > > > From the draft: > > > > "To achieve stable Internet operations the IETF transport community > > has to date relied heavily on measurement and insights of the network > > operations community to understand the trade-offs, and to inform > > selection of appropriate mechanisms, to ensure a safe, reliable, and > > robust Internet (e.g., [RFC1273],[RFC2914])." > > > > The two referenced RFCs are hardly recent (1991, 2000). Is there > > something more recent that describes how the transport community is > > "heavily" relying on transport layer measurements from the networking > > community? > > I'd point out that we've made substantial changes to TCP > > like ICWD=10, TFO, and BBR without needing input about the transport > > layer from network operators. Host endpoints have the necessary > > statistics and measurements to develop and validate such features. It > > seems the only time we needed to specifically consider the network was > > when packets for new transport layer features are blocked (like in the > > case of TFO when SYN packets with data were being dropped). > Excellent point about BBR and TFO - there were indeed many many > presentations and many papers about the protocol developments used by > TFO. BBR is evolving. Recently BBR within TCP has been subject to quite > a bit of analysis by people other than the authors. Hopefully there will > also be analysis of how this interacts with AQM, etc. It's a bit hard to > get third-party analysis of the use within QUIC. There's been some > analysis of how BBR interacts with policiers and other-in network > management (but I'm not sure how up to date this is). Is it safe for use > in the general Internet? - I'll punt that question to ICCRG, where > doubtless there will be more analysis to come. > > > From the draft: > > > > "transport designers have often ignored the implications of whether > > the protocol designers have often ignored the implications of whether > > the information in transport header fields can or will be used by in- > > information in transport header fields can or will be used by in- > > network devices" > > > > Actually, I believe the the opposite is true. Host developers and > > protocol designers are very much aware of the implications of > > intermediate devices consuming transport layer information. This is > > not because we're trying to help the network mechanisms, it's because > > we need to work around protocol ossification caused by non-conformant > > devices in order to maximize the chances of packet delivery. > > The chances of a strandard TCP segment being delivered are still often > higher than that of a new protocol using UDP. There are types of network > where you will find performance is quite different - and can be better > for TCP (see this IETF's proceedings), and places such as from within an > enterprise (or some other controlled environment) where you may still be > unable to use UDP without some form of proxy. This may be why QUIC is > often seen as falling back to TCP. > > To me, none of this is important to understanding why currently some > network operators have and continue to use information from transport > headers to help operate their service. Gorry, Understanding that is relevant only if a list of requirements can be derived as to what transport layer information needs to be exposed to the network and what the correct mechanism is to expose such information. Tom > > Gorry > > Tom > > > > On Sun, Nov 25, 2018 at 11:46 AM<internet-drafts@ietf.org> wrote: > >> > >> A New Internet-Draft is available from the on-line Internet-Drafts directories. > >> This draft is a work item of the Transport Area Working Group WG of the IETF. > >> > >> Title : The Impact of Transport Header Confidentiality on Network Operation and Evolution of the Internet > >> Authors : Godred Fairhurst > >> Colin Perkins > >> Filename : draft-ietf-tsvwg-transport-encrypt-03.txt > >> Pages : 41 > >> Date : 2018-11-25 > >> > >> Abstract: > >> This document describes implications of applying end-to-end > >> encryption at the transport layer. It identifies in-network uses of > >> transport layer header information. It then reviews the implications > >> of developing end-to-end transport protocols that use authentication > >> to protect the integrity of transport information or encryption to > >> provide confidentiality of the transport protocol header and expected > >> implications of transport protocol design and network operation. > >> Since transport measurement and analysis of the impact of network > >> characteristics have been important to the design of current > >> transport protocols, it also considers the impact on transport and > >> application evolution. > >> > >> > >> The IETF datatracker status page for this draft is: > >> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/ > >> > >> There are also htmlized versions available at: > >> https://tools.ietf.org/html/draft-ietf-tsvwg-transport-encrypt-03 > >> https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-transport-encrypt-03 > >> > >> A diff from the previous version is available at: > >> https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-transport-encrypt-03 > >> > >> > >> Please note that it may take a couple of minutes from the time of submission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> >
- [tsvwg] I-D Action: draft-ietf-tsvwg-transport-en… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Gorry Fairhurst
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Kyle Rose
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transpor… Tom Herbert