IETF Logo Mail Archive

Re: [tsvwg] [Int-area] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Tom Herbert <tom@herbertland.com> Thu, 18 June 2020 17:43 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A92E3A0DF6 for <tsvwg@ietfa.amsl.com>; Thu, 18 Jun 2020 10:43:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p98_BaK-_tYx for <tsvwg@ietfa.amsl.com>; Thu, 18 Jun 2020 10:43:37 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04FA23A0DFB for <tsvwg@ietf.org>; Thu, 18 Jun 2020 10:43:36 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id mb16so7327594ejb.4 for <tsvwg@ietf.org>; Thu, 18 Jun 2020 10:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=IG65TX0fNlrAkLVFAKK4SVujE1R+X2+XvNzCrdNOaf0=; b=TiDjvupo1zNmoUUWQDAZqRnAYeZ3dp//aN1d4R6EtNvDeO4d2zKJQw+OecGu2rp2ND 49frCZqlV5c+BjVBqxU2sJxteHcNJzzx99mbZTrVOj6d+rZZul+q8T5XVPXBEB47NPSd aXtuHMiObb8Vzbbg5puMxfsbkQWW0mzXFVCwMotWqPA97WtXXbKYrF+B7Sq2PCZ07vSe mcaJSayi+7StX9ychlLKdKm68Q6HjB/ufPl7A/sekS32MTa6KAFzEFO7lSz9TgliBpJw HLOdvGsX2ODjTVvT6gVZIDdmcU8Q2Oa1AOlV5/JHxLc1Mw/DwCE4MWRqsoDe/vqHlxMN +PhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=IG65TX0fNlrAkLVFAKK4SVujE1R+X2+XvNzCrdNOaf0=; b=Qa+9jbTc1SHxE9PBKAQyR3YfT2hXBgQaVnHALxNn2nYmASzo/xrs0IeGywETU/3gLw 4Mkz0goJog9bbLkZi6KM8jo5rwi+Nh/qHs1uYvtiH1jVjKjw7Xb6ck5+n+8fndpfkehU pbrlBP+iZHgfiVI/oQfdT9WfI4Y3r1R1PeVqPGX4U257JGGa1ChP5kto+5qUEWJ8ni5b cjPiB6oRiRsG21wzffztJyZFhe18xr/ZJzkE1CBwuMVDQTXVARhCsDjbCK2BncN8zhGy d+YwL/uaLGABqDRAM+bmI4Fn+m+2jlqlzw/SO1URHOT+jYJzcmBHJMXPI4iM78X29tqz whtw==
X-Gm-Message-State: AOAM532JnfkeI3ftl8srjMSlgl7TlkYa8sMFiB+dK+gck7GL/8rzzNxT BkAdWIawI7eSKEnFv00xfMxFYfeNuVIQ+20ZpBRcmw==
X-Google-Smtp-Source: ABdhPJwgJ87Ktc4wt38g0rAMVCSVGoHhkJoATm4ycMhgqKmIr7rRvlD8S/U7mpbfPS2fKGEibWDPEz1+3x0QSgv9FrY=
X-Received: by 2002:a17:906:3e15:: with SMTP id k21mr5234669eji.525.1592502215204; Thu, 18 Jun 2020 10:43:35 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB40450EE357BEECD723AB06F183820@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 18 Jun 2020 10:43:23 -0700
Message-ID: <CALx6S37U63LOgaJF0eAHHw91s6pg6WpXxMtLRZ9HSHoO64Kg+A@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>, int-area <int-area@ietf.org>, IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/kmoAcYl3hgs2TTOOZPhci_HOl3E>
Subject: Re: [tsvwg] [Int-area] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 17:43:46 -0000

I am neutral on this draft. While the authors certainly have done a
good job at improving the draft over time and it is a lot more
balanced between the arguments to encrypt or not encrypt transport,
there really isn't much in terms of actionable guidance for protocol
developers. It seems the best that can be said is that transport
protocol designers should consider the issues. The pertinent statement
from the draft:

"The decision about which transport headers fields are made observable
offers trade-offs around header confidentiality versus header
observability (including non-encrypted, but authenticated, header
fields) for network operations and management, and the implications
for ossification and user privacy [Measurement].  Different parties
will view the relative importance of these differently."

This is true, and the last sentence is telling. Users are one of those
parties, and in fact probably the most important party at the end of
the day. If a tradeoff is made that exposes some information to the
network with the knowledge that the exposure provides more benefits
than potential harm to a user then that might be an acceptable
tradeoff. However such a tradeoff could only be correctly made at
runtime based on assessment of the risks and benefits for the
particular circumstances. This really can't be a design decision
burned into the transport protocol. For instance, I, as a user, might
be willing to expose a lot of information about my packets to my local
carrier if I have a contractual agreement that describes security and
privacy provided and exactly what benefits I get from the provider for
volunteering the information. However if I'm connected to some public
random WIFI, I really want the absolute minimum level of information
exposed. Generally, we don't know a priori what transport information
a particular network might "need", nor that there aren't malicious
parties in the path intent on abusing exposed information. So,
fundamentally, transport information exposure is discretionary and
should be controlled by the user and the only reasonable security
default is that no information is exposed (I think this could be
normative requirements if the draft offers any). There is also the
possibility that the transport protocol developer may expose fields
that are considered innocuous to make visible. This is risky since
there is precedent that information considered safe turned out to
reveal sensitive information (case in point is analysis of TCP options
which can reveal the OS and version which can be useful information
for a DOS attack).

Tom

On Mon, Jun 8, 2020 at 6:42 PM Black, David <David.Black@dell.com> wrote:
>
> This email announces a limited-scope 3rd TSVWG Working Group Last Call (WGLC) on:
>
>
>
>     Considerations around Transport Header Confidentiality, Network
>
>      Operations, and the Evolution of Internet Transport Protocols
>
>                  draft-ietf-tsvwg-transport-encrypt-15
>
> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/
>
>
>
> This draft is intended to become an Informational RFC.  This WGLC has
>
> been cc:’d to the SAAG and INT-AREA lists courtesy of the breadth of
>
> interest in this draft, but WGLC discussion will take place on the TSVWG
>
> list (tsvwg@ietf.org) – please don’t remove that list address if/when
>
> replying with WGLC comments.
>
>
>
> This 3rd WGLC will run through the end of the day on Monday, June 29,
>
> 2 weeks before the draft submission cutoff for IETF 108.
>
>
>
> This 3rd WGLC is limited to the following two topics:
>
>
>
> Whether or not to proceed with a request for RFC publication
>
> of the draft.   The decision on whether or not to proceed will
>
> be based on rough consensus of the WG, see RFC 7282.
> During the 2nd WGLC, Eric Rescorla and David Schinazi expressed
> strong views that this draft should not be published –  those
> concerns have not been resolved and are carried forward to
>
> this WGLC.  This email message was an attempt to summarize
>
> those concerns:
>
> https://mailarchive.ietf.org/arch/msg/tsvwg/i4qyY1HRqKwm0Jme9UtEb6DyhXU/
>
> Further explanation from both Eric Rescorla and David Schinazi
>
> is welcome and encouraged to ensure that their concerns are
>
> clearly understood.
>
>
>
> Review of changes made since the -12 version of the draft that
> was the subject of the second WGLC (e.g., whether or not they
> suffice to resolve concerns raised during that WGLC, other
> than overall objections to publishing this draft as an RFC):
>
> https://www.ietf.org/rfcdiff?url1=draft-ietf-tsvwg-transport-encrypt-12&url2=draft-ietf-tsvwg-transport-encrypt-15
>
>
>
> Comments should be sent to the tsvwg@ietf.org list, although purely
>
> editorial comments may be sent directly to the authors.  Please cc: the
>
> WG chairs at tsvwg-chairs@ietf.org  if you would like the chairs to
>
> track such editorial comments as part of the WGLC process.
>
>
>
> No IPR disclosures have been submitted directly on this draft.
>
>
>
> Thanks,
>
> David and Wes (TSVWG Co-Chairs – Gorry is recused as a draft author)
>
>
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email