Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14

Tom Herbert <tom@herbertland.com> Sat, 04 April 2020 00:04 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FB263A1332 for <tsvwg@ietfa.amsl.com>; Fri, 3 Apr 2020 17:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xb-YrRvQ-miL for <tsvwg@ietfa.amsl.com>; Fri, 3 Apr 2020 17:04:07 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A17C3A0DB0 for <tsvwg@ietf.org>; Fri, 3 Apr 2020 17:04:07 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id w26so11371157edu.7 for <tsvwg@ietf.org>; Fri, 03 Apr 2020 17:04:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sc1TvffgkL/JiQTt4hF8uIakSkQ+OdO7e9WLLW+bPOA=; b=ERJFfoAwN0eRhI9PEhK5NN8EVmY6GcmAFgt20sNWtWSR3QP9j1WQPq9Gh1QLyglfek YLEmzphS4bksgCgshfzHOJ3pahTP7La4jrYISxlgci9xTcNt7u+LncDSXX8H822bSUsJ b3F3NDTZXQ1lSt44efFMOcpIWXX99jtv2YzK7sOxAa69zeoQEYUnEe3F1+yypzP4cHXa ZfmG+e1CPOd1QUvLipGA5lhzrpxl64/5VW+097BxDukVtohXjGDUPWuY1kbHK3puejjU 0OSH86MpHPscwawCpKXWEoQqFsMyCpzcMwrLRdOkhN02skwtACmy4lPSwZgz4tsgRkHI Eb1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sc1TvffgkL/JiQTt4hF8uIakSkQ+OdO7e9WLLW+bPOA=; b=rTMAYxk2aeDWYsLYV2w5Mm7VhgnZUDs4g0NalexJhExHeQA3aab03cUX7mn2j4fFJw DWxMgN6jUsWkL86/6Hk7WjtbW533RymsVxseyJlWojUlo10zmG3iB+SW0IXXhK9+enPp CjqJ47JWSNBoFpWZ++Ys1LbybLReHT3isNSn2/bU4og6+ZxMrhwXiewN8skGuUrU4O46 HxL6/EadLq1Za1UFdbT4U9hmq2Q6sLKN70iqBUqtIFAzb5aaFpeo+yw74nX/5bm1wWwV ZnDDz1Hp+sP8c7PlTVo7sKNODJqvfcHB7PnwWlxTb9i9xLRjVqLsVCfNkt9gQjjm9x4Y AuCw==
X-Gm-Message-State: AGi0PuYuPpFFTOm0Rlmh+4ZYnP3RoYvoMQJCo6b50DwBe+jmvy9XGEMr T0TWfbcc3eNnXW3NWIwmHzCJ/GRX6xqDiVQrdsPMiA==
X-Google-Smtp-Source: APiQypLneXJyEL8F2mWLZRzI1Ft0JqTJ+vHnLsE/XuhDP4DfdmhtVyM3IqQb2aJYwI5sd4BTBYHJMy4p6DdI3hZIIR4=
X-Received: by 2002:a50:d5c8:: with SMTP id g8mr10456014edj.370.1585958645667; Fri, 03 Apr 2020 17:04:05 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S345Ta5LjSkZ+XmNmH8dxKnM++VRCej2iGxfdUqDc+M-Jw@mail.gmail.com> <MN2PR19MB4045652C80DB5348A5A3505F83C70@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB4045652C80DB5348A5A3505F83C70@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 3 Apr 2020 17:03:54 -0700
Message-ID: <CALx6S36yzDTLaxUhWibZjmK5Cxu2zfzxiawFRCbVn9aPF4rs1A@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hAu_5sbvJz4B4F0M9qseo1ySaHU>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2020 00:04:11 -0000

On Fri, Apr 3, 2020 at 1:06 PM Black, David <David.Black@dell.com> wrote:
>
> Hi Tom,
> [writing as draft shepherd]
>
> [1]
> > I don't understand this statement from the draft:
> >
> > "The value of this information would be enhanced if the exposed
> > information could be verified to match the internal state of the
> > transport by observing the transport behaviour."
> >
> > I assume this means that the network nodes would need to understand
> > the internal state of transport protocols. How would this work?
>
> Oops, that's not a good assumption - in 20/20 hindsight, the quoted
> text should focus on protocol behavior rather than internal state.
>
> Suggested revised text:
>
>    The usefulness of this information would be enhanced if the exposed
>    information could be verified to match the protocol's actual behavior,
>    e.g., by observing whether the network traffic sent by the protocol
>    is consistent with the exposed information in that traffic.
>
But then that would be akin to making inferences encrypted data, and
preventing such inferences in the network is precisely one of the
reasons the transport header is being encrypted by the end hosts.

> Beyond that, one could (partially) infer protocol state from observed
> traffic behavior, but I don't think it's important to say that.
>
> [2]
> > >From the draft:
> >
> > "An endpoint/protocol could choose to expose transport header
> > information to optimise the benefit it gets from the network
> > [RFC8558]."
> >
> > There is also the possibility that the endpoints didn't expose
> > transport layer information, but the network incorrectly thinks it
> > did.  The network may simply misinterpret bits in packets as being
> > transport layer information when in fact the data can be something
> > completely different and unrelated. The canonical example of this is
> > QUIC or any transport encapsulated in UDP payload.
>
> That's actually an observation about transport-layer vs. network-layer
> information exposure that would be better addressed slightly earlier in
> the draft where both of those layers are discussed.
>
> After the first paragraph in Section 6.1 (Exposing Transport Information
> in Extension Headers) looks like a good place to make that observation.
>
> After this paragraph:
>
>    At the network-layer, packets can carry optional headers (similar to
>    Section 5) that may be used to explicitly expose transport header
>    information to the on-path devices operating at the network layer
>    (Section 3.1.3).  For example, an endpoint that sends an IPv6 Hop-by-
>    Hop option [RFC8200] can provide explicit transport layer information
>    that can be observed and used by network devices on the path.
>
> Add this paragraph:
>
>    Network-layer optional headers explicitly indicate the information
>    that is exposed, whereas more effort may be required for a network
>    device to determine whether a packet contains a partially encrypted
>    transport header.  A particular concern is UDP-encapsulated protocols
>    because the UDP ports do not definitively indicate which protocol has
>    been encapsulated, even though some protocols are the predominant
>    usage of specific UDP destination ports (e.g., a packet sent to UDP
>    port 4500 is highly likely to contain UDP-encapsulated IKE [RFC3948]
>    or IKEv2 [RFC7296]).
>
> Would that work?
>
That's good, but I think there should be a reference to RFC7605 also.

Tom

> Thanks, --David
>
> > -----Original Message-----
> > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Tom Herbert
> > Sent: Friday, April 3, 2020 12:49 PM
> > To: tsvwg
> > Subject: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-14
> >
> >
> > [EXTERNAL EMAIL]
> >
> > Hi, a few comments.
> >
> > I don't understand this statement from the draft:
> >
> > "The value of this information would be enhanced if the exposed
> > information could be verified to match the internal state of the
> > transport by observing the transport behaviour."
> >
> > I assume this means that the network nodes would need to understand
> > the internal state of transport protocols. How would this work?
> >
> > If the idea is that the exposed information is somehow verified with
> > the endpoints that securely provide the information then maybe I
> > understand that. But, if the idea is that intermediate nodes need to
> > autonomously deduce the internal state themselves, I think that is
> > problematic. Aside from all the known problems that stateful network
> > devices have caused, there seems to be a circular dependency here.
> > AFAIK the only way to deduce the internal state of a transport
> > connection in the network would be by inspecting the exposed transport
> > information, but this statement seems to be saying the exposed
> > information can't be trusted unless the internal state has been
> > deduced. Am I missing something?
> >
> > >From the draft:
> >
> > "An endpoint/protocol could choose to expose transport header
> > information to optimise the benefit it gets from the network
> > [RFC8558]."
> >
> > There is also the possibility that the endpoints didn't expose
> > transport layer information, but the network incorrectly thinks it
> > did. The network may simply misinterpret bits in packets as being
> > transport layer information when in fact the data can be something
> > completely different and unrelated. The canonical example of this is
> > QUIC or any transport encapsulated in UDP payload. Per, RFC7605,
> > transport port numbers only have meaning at end points. So for example
> > a network device may think a packet with UDP destination port 80 is
> > QUIC, when in fact it is something completely different, hence the
> > network device may misinterpret the payload as being QUIC. I suspect
> > it's unlikely that this situation will benefit the user, and more
> > likely the network would not treat such packets well. There's been
> > some work on this problem, like magic numbers in SPUD or analysis to
> > mitigate the effects of misinterpretation like done for QUIC spin bit,
> > but I don't believe anyone has proposed a general solution (other than
> > moving the necessary information into the network layer and have
> > intermediate nodes stop doing DPI).  I believe this problem should be
> > mentioned in the draft with a reference to RFC7605 .
> >
> > Tom
>