Re: [tsvwg] transport-encrypt-14 review, pt 1
Martin Duke <martin.h.duke@gmail.com> Fri, 10 April 2020 15:09 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8477C3A07AD; Fri, 10 Apr 2020 08:09:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZHHczf2JF1N; Fri, 10 Apr 2020 08:09:38 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56BC53A07A2; Fri, 10 Apr 2020 08:09:38 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id i75so2040569ild.13; Fri, 10 Apr 2020 08:09:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RuEVIv9aCKyE64vu5RHgXQoS6FVQnU8Uxft+gBnVeNI=; b=L4FEc6tzx2mYyCCKNDVGYWCLE42QeX4mFXRFEdtfHn3IKBFmCJjbvc9G13NIM4my/p oBQoDTJubhkCyPPXRluq1JkrUih0FPlSwhE8PAaUvXXuu9b+9As2GY99bVrlnALEQJCR WGDfD+CuMlfOIOi0Qxl4mISodFxmflC4LYMPWGkekYRTbgTjVYAR41jfatouKjKgnam8 Fii+5BVM2oTysl8h0HZlopWJWVjkckIi2S6iA0o3VggM8TsTamzmZ+8zCbZx4ojZRvll 4AVsgMm0yFp0ibjnC+eCM8ye5CbWaNy2o9DezJ08096/NrF3F2lWjJAoWfFGcGGHiner dAJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RuEVIv9aCKyE64vu5RHgXQoS6FVQnU8Uxft+gBnVeNI=; b=RJp6WH6m8kLxX/RrK33IG/ZpYf5xkHvuh4TJd6y92owgShsDmRv5Am3A1xQ+9LQOa0 +g2DMclJuW5IaN5EMIjsgRbLLHc+fzhafthpyNAMClmll7BXrvZTaS/UlhUu6A/nfxRf 3X2zobGkIuNljOQIIs/fZMBbrpXVNlh3JAsToepxsPwAldDSxFmtpoV5c34HazIVBeMw I6k8wAjD0bi/Ea0t3/mp3VmkPKOqCHgJzst95NWMuFU3CSIj3Mik7MdJTWUbE977Fw33 3Et/S4UNmhB4bBNwhvoTmJxyQa0ohjn43DGszjv9ulzblLl4+rg6qULqRKUwh36U9Ois FFlA==
X-Gm-Message-State: AGi0PuYd9dIKhsZcaI58W6XWv0YzMeyhmMSVXlD+rTfLPedZgxOGMETC f0UJb/GKzBq7qHbEcqz4MPXi6mYLXfSM4u9SdDmOoyqT
X-Google-Smtp-Source: APiQypK9ZBksVwjcs42SvliG+SMz1R9t6qpc03oq838jC7hxJwepWLRjMrHn2aKmiTEsb56esnx/yyoj/oZfZ0NaSjk=
X-Received: by 2002:a92:8402:: with SMTP id l2mr4862557ild.99.1586531377674; Fri, 10 Apr 2020 08:09:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxTbVSX1voJjzyt3YdapPuv7+K4EpU35SWYC3Y0rmo7Tww@mail.gmail.com> <5922D0CB-81B7-467D-862F-28872476B3B8@strayalpha.com> <eb4d9121-142f-d6b5-72fc-ae4b7a8cf13f@erg.abdn.ac.uk> <CALx6S35txqVEBHrMb8-G0=eV37fbVLj4k-6VMYjAFC_PkZrLmQ@mail.gmail.com> <CAM4esxTBjGyA4OJWeWVgv8nkCJM0GshE7yczRX-B4HLFMGshOg@mail.gmail.com> <715dd647-34b9-48c4-ec52-ed03bc489adb@erg.abdn.ac.uk>
In-Reply-To: <715dd647-34b9-48c4-ec52-ed03bc489adb@erg.abdn.ac.uk>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Fri, 10 Apr 2020 08:09:27 -0700
Message-ID: <CAM4esxQtpGKZnmM3z1UOb3bLBBbSb=f8CYj-FJEb9zkoPUT3bQ@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: Tom Herbert <tom@herbertland.com>, Joseph Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-transport-encrypt.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003100ba05a2f11fe8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ihXJf2p2za6BcN4WvPXXPi9i4ns>
Subject: Re: [tsvwg] transport-encrypt-14 review, pt 1
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2020 15:09:41 -0000
Fair enough. I am willing to accept the judgment of the WG on this. On Fri, Apr 10, 2020 at 8:08 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote: > > On 10/04/2020 16:03, Martin Duke wrote: > > Very well everyone, > > I'm conscious of coming in at a very late stage in the consensus -- if > we've already defined header modification as out of scope, then very well > (although it would be good to state that the Introduction, assuming I > didn't miss it there). That certainly negates my comments PEPs and > injection attacks as subjects, although that seems like an important part > of this landscape. > > To Gorry: > > That seems rather a simple view! Traffic conditioning and monitoring is > still something that can operate at the flow level and by address, even > on IPsec flows for instance - just with less accuracy, and likely > requiring more heuristics and with more and different "failure" modes > e.g. that impact sequences of packets rather than deterministically drop > packets with specific headers. > > By "almost impossible" I was exactly suggesting this kind of approach, > which I am fairly convinced will lead to tears. But people are going to do > what they're going to do, I guess. > > Martin > > Yes, and my own judgment (personal of course) is also that going too far > down this particular direction could well end in tears. > > Gorry > > On Fri, Apr 10, 2020 at 7:51 AM Tom Herbert <tom@herbertland.com> wrote: > >> On Fri, Apr 10, 2020 at 12:45 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> >> wrote: >> > >> > >> > On 09/04/2020 21:20, Joseph Touch wrote: >> > >> > >> > >> > On Apr 9, 2020, at 12:44 PM, Martin Duke <martin.h.duke@gmail.com> >> wrote: >> > >> > - Conversely, middlebox interference with headers does enable >> performance enhancing proxies for extraordinary link types like satellite. >> > >> > >> > Those are only “extraordinary” only in the “been around for 50 years in >> the Arpanet/Internet”. That understanding goes back as far as RFC 346 and >> IEN 8. >> > >> > Additionally, ground nets often experience similar BW delay products, >> which can be the dominant driver. >> > >> > There are known ways to help TCP over such links that don’t involve >> these sort of steps, documented as far back as RFC 2488, some of which are >> now being incorporated (faster window growth and recovery, ala Hybla). >> > >> > I.e., just because a mechanism CAN rely on these headers doesn’t mean >> that’s the only - or even safe - way to do so. >> > >> > Joe >> > >> > I'm with Joe there are MANY ways that devices sitting in the network >> *do* presently change TCP headers. This is not at all restricted to >> specific technologies such as Satellite. TCP ACK filtering/decimation/etc >> is commonly used on a variety of paths to reduce return link traffic in >> WiFi, Docsis, LTE, etc. PEPs have split TCP in many ways where delay and/or >> loss is important, devices that track or change rwnd are out there, as are >> other devices that have modified other things for better or worese. However >> we already have RFC3135, RFC3449, a variety of header compression specs, >> and more recently RFC8404. All of which delve into these topics. >> > >> > In an earlier thread, I motivated restoring the focus on methods that >> observe headers and do not "manipulate" these. It's true that when the WG >> decided to add the "ossification" examples at the start iof the document, >> that these were nearly all related to changing headers, but still I think >> the focus of the remainder should be on methods that do not change headers >> - That also is the set of methods that could be compatible with end-to-end >> authentication. >> > >> >> Gorry, >> >> I think the draft is trying to walk a fine line. The draft provides >> several examples of presumably benevolent instances of passive >> observation, however doesn't acknowledge there are deployed use cases >> of modification. There are people that would probably agree that maybe >> observation is okay but modification is detrimental. There are also >> those that might say any use of transport information by intermediate >> nodes is bad and leads to ossification, so both observation and >> modification should be prevented. A third camp might say we've been >> modifying TCP fields and our users are seeing great benefits so it's >> okay. I don't think there is consensus on which of these viewpoints is >> correct, however I believe that the goal of the draft is trying to >> establish a balanced position without judgement, so not mentioning a >> known use case that would definitely be affected by transport layer >> encryption seems like an omission. >> >> I'd also point out that if a transport protocol developer makes a >> conscious decision to not encrypt some data in the transport layer for >> the benefit of observation at intermediate nodes, it's just as easy >> for them to also purposely not authenticate data so that intermediate >> nodes could modify it (again this is independent of any judgement as >> to whether intermediate nodes observing or modifying end-to-end data >> is a good thing). >> >> Tom >> >> > Gorry >> >
- [tsvwg] transport-encrypt-14 review, pt 1 Martin Duke
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Joseph Touch
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Gorry Fairhurst
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Gorry Fairhurst
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Spencer Dawkins at IETF
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Tom Herbert
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Martin Duke
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Gorry Fairhurst
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Martin Duke
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Gorry Fairhurst
- Re: [tsvwg] transport-encrypt-14 review, pt 1 Tom Herbert