Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Spencer Dawkins at IETF <> Thu, 02 July 2020 12:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6229D3A0C29; Thu, 2 Jul 2020 05:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CCbfud6EmkvF; Thu, 2 Jul 2020 05:16:09 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 618DF3A0C28; Thu, 2 Jul 2020 05:16:09 -0700 (PDT)
Received: by with SMTP id h19so31679987ljg.13; Thu, 02 Jul 2020 05:16:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u0vqklFnCMLbgkrJ173zpzJKz7Unquy26bQqdgr/N/E=; b=iwEKmpPBlruYV9MPo53JYSS0NXHxleeCmC/5BmUjCqWq5KkSEQNaUp45sbAptp7JUc ScaaUMVTmxLFBWehDkEq3W/Dg/oBg0uF+EaT0+Zh8d1vYoYn1ud5uKq3XNyk5l8cKwzv DNWQC4XmOHzd8jh1m63y9vhtaC/BErY/vdQBe4MD9U2YI6vqi6zAgE3sM99rhVr/uYuO 48YbiCuiB4rvgpEpU3Rs1NZ7v3d3ak8wJah/3v8w4hIrNDr6XbLnuhmONIouSx92huGp IFx8ptK/g6l9nQuKFxCVST1IT4Hz7p7k1n46D0hB+JYiy86hCkc7pFU1zujQMu72eAUb fq9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u0vqklFnCMLbgkrJ173zpzJKz7Unquy26bQqdgr/N/E=; b=GYeEPedS883XGxpjj2WlY15bBFdiL1yiY9oAND3Ok5LrThmNlv0G77oKbUDk57Bmw0 NAltT2UeMAa9SOfJTmI7bch1pXqqO1n8PCiJ00uTFZhLJ25FXY3+iLphmsYStGdqPNpJ rJoNMwj0pJXo+NpLeSjItthJaFdpHnEDFwqXfcGVnTJSL0bM3AdeLjPCracq5jhDLgsm XdyVGM5dbx+49iALJrkVPxMn59cW4sWS1vGteqCvaZ0+hv5lU6SRuRIysEKz55aPJMRg o6gvN0E3ngy4GloonFmfioJq3uqSzywlXjw9z+xV4hvMMEz0Pk02fra835j7/0astwRh ZB7A==
X-Gm-Message-State: AOAM5329JynF6P31b9HqWF3gGoZ466jz+Qw/0nIC++Wt5sAQTb7n1IKx xFFcv2SGJp7F7jLWYnZLVriq/0MkdPV0e7Q358E=
X-Google-Smtp-Source: ABdhPJx79evoceBuPC9I3gpybvyb1RqgZU+nO+MxwymVTO2x68hOcUtSycHDl0/5i5WdaM6leUo7DvsBq1BuRyeUalE=
X-Received: by 2002:a2e:9b42:: with SMTP id o2mr15669853ljj.102.1593692167568; Thu, 02 Jul 2020 05:16:07 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Spencer Dawkins at IETF <>
Date: Thu, 2 Jul 2020 07:15:40 -0500
Message-ID: <>
To: tom petch <>
Cc: Colin Perkins <>, Eric Rescorla <>, int-area <>, "" <>, IETF SAAG <>
Content-Type: multipart/alternative; boundary="00000000000087814805a9745f95"
Archived-At: <>
Subject: Re: [tsvwg] [Int-area] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jul 2020 12:16:13 -0000

Top-posting to note that this "WGLC" is now being copied to INT-AREA and
SAAG, people are making statements about value to operators (but no
operator-area entity is being copied), and people are making statements
about whether this could be published in the IETF stream, with the IETF
consensus boilerplate.

All of these are fine conversations during *IETF* Last Call, and it seems
like we're about halfway to including the rest of the IETF in the WGLC
anyway, but is this a sign that the discussion has moved beyond WGLC, so
the venue for the discussion should move, too?

And this isn't remotely my call. I just had to ask.


Spencer, not ranting

On Thu, Jul 2, 2020 at 6:00 AM tom petch <> wrote:

> From: Int-area <> on behalf of Colin Perkins <
> Sent: 01 July 2020 10:57
> On 30 Jun 2020, at 01:59, Eric Rescorla <<>>
> wrote:
> > This 3rd WGLC is limited to the following two topics:
> >     Whether or not to proceed with a request for RFC publication
> > of the draft.   The decision on whether or not to proceed will
> > be based on rough consensus of the WG, see RFC 7282.
> Publish.
> Operators need help in understanding the impact of emerging technology on
> their ability to operate a network.  This may not be easy to understand but
> it does at least provide something to stick out and alert them.
> Tom Petch
> > During the 2nd WGLC, Eric Rescorla and David Schinazi expressed
> > strong views that this draft should not be published –  those
> > concerns have not been resolved and are carried forward to
> > this WGLC.  This email message was an attempt to summarize
> > those concerns:
> >
> >
> >
> > Further explanation from both Eric Rescorla and David Schinazi
> > is welcome and encouraged to ensure that their concerns are
> > clearly understood.
> Well, I'll try again, but I'm not sure that I can do better than
> I have before.
> For reasons that are laid out in RFC 7258, the trend in protocol
> design in IETF is towards encrypting more and more.
> I agree, but also note that RFC 7258 is clear that some network monitoring
> can be beneficial and that “an appropriate balance” has to be found between
> mitigating pervasive monitoring and supporting network management. This
> draft is intended to highlight issues to be considered by transport
> protocol designers, to help them find that balance.
> And, to be clear, if transport protocol designers consider the issues and
> decide that all the metadata in their transport protocol must be encrypted,
> that’s fine. We're not pushing for a particular outcome; rather that the
> issues be considered and discussed when making a decision on what to
> encrypt.
> The last two
> transport protocols that were designed and widely deployed (SCTP over
> DTLS and QUIC) both encrypt the vast majority of the protocol
> metadata. This document advertises itself as "considerations"
> for design of such protocols:
>    The transport protocols developed for the Internet are used across a
>    wide range of paths across network segments with many different
>    regulatory, commercial, and engineering considerations.  This
>    document considers some of the costs and changes to network
>    management and research that are implied by widespread use of
>    transport protocols that encrypt their transport header information.
>    It reviews the implications of developing transport protocols that
>    use end-to-end encryption to provide confidentiality of their
>    transport layer headers, and considers the effect of such changes on
>    transport protocol design, transport protocol evolution, and network
>    operations.  It also considers some anticipated implications on
>    application evolution.  This provides considerations relating to the
>    design of transport protocols and features where the transport
>    protocol encrypts some or all of their header information.
> However, as I said above, the new transport protocols that are
> actually being designed already feature metadata encryption and as far
> as I can tell, there is no prospective protocol new transport protocol
> design project for which these issues might be live.
> The issues highlighted in the draft were certainly considered in the
> design of QUIC, especially in the discussions around the spin bit and
> operational aspects. I cannot envisage that they won’t also be considered
> in the design of future transports.
> In that context,
> it's hard not to read this document with its long litany of practices
> which are impacted by metadata encryption as a critique of the
> decisions by SCTP/DTLS and QUIC to encrypt most of the metadata.
> I tend to regard critiques of protocol design as a good thing, but then we
> maybe have a different interpretations of that term. Certainly there are
> implications of the decision to encrypt transport metadata. There are
> benefits to it, but also costs. It’s important to understand both, to make
> an informed judgement on what to encrypt.
> This impression is reinforced by the description of the actual
> practices themselves, which focuses almost entirely on practices
> which appear to be benignly motivated (e.g., performance monitoring,
> troubleshooting, etc.) However, we also know that metadata is widely
> used for practices in which the network operator is adversarial
> to the user, for instance:
> - Blocking traffic based on TCP port, IP address, SNI, etc.
> - Performance-based traffic class discrimination
> - Monitoring the user's behavior via indicia like the ones above
>   or via traffic analysis (see [0])
> Yes, I understand that the authors explicitly disclaim judgement on
> these practices, and the document does briefly touch on the general
> idea, though the "concerns...have been voiced" tends to minimize those
> concerns [1] but the selection of practices to focus on is extremely
> telling. Focusing on the downsides of encryption for (at least
> arguably well-meaning) network players while mostly ignoring the large
> class of non-benign behaviors which encryption is intended to protect
> against has the effect of overemphasizing the costs of encryption to
> those players and minimizing the benefits to the endpoints whom it is
> intended to protect.
> Different communities have different interpretations on what’s the neutral
> point of view phrasing here, but I'm comfortable with further highlighting
> malicious uses of transport metadata in the draft. We’d tried to mostly do
> this by reference, since such things have been widely discussed in the
> past, but perhaps that’s not sufficient.
> To be maximally clear: I don't object to this document existing
> and I don't think that the opinions implicit in it are ones that
> should not be expressed. I merely don't think that it should be
> published as an IETF Consensus document.
> -Ekr
> [0]
> [1]    Another motivation stems from increased concerns about privacy and
>       surveillance.  Users value the ability to protect their identity
>       and location, and defend against analysis of the traffic.
>       Revelations about the use of pervasive surveillance [RFC7624]
>       have, to some extent, eroded trust in the service offered by
>       network operators and have led to an increased use of encryption
>       to avoid unwanted eavesdropping on communications.  Concerns have
>       also been voiced about the addition of information to packets by
>       third parties to provide analytics, customisation, advertising,
>       cross-site tracking of users, to bill the customer, or to
>       selectively allow or block content.  Whatever the reasons, the
>       IETF is designing protocols that include transport header
>       encryption (e.g., QUIC [I-D.ietf-quic-transport]) to supplement
>       the already widespread payload encryption, and to further limit
>       exposure of transport metadata to the network.
> --
> Colin Perkins