Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06

Tom Herbert <tom@herbertland.com> Tue, 18 June 2019 14:41 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C38C1200CC for <tsvwg@ietfa.amsl.com>; Tue, 18 Jun 2019 07:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16SP4u27llm3 for <tsvwg@ietfa.amsl.com>; Tue, 18 Jun 2019 07:41:20 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 736B612010C for <tsvwg@ietf.org>; Tue, 18 Jun 2019 07:41:19 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id a14so22058524edv.12 for <tsvwg@ietf.org>; Tue, 18 Jun 2019 07:41:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Qx2vnlPVYzZ6p/5QB37ZdW8eFrYO71qNjsbOYaBuwJo=; b=DmXY+FZcLv3Nt2hk8nrapE2dBbaP7A1alW3wEOLPp7dKqosym1XqJcgC7HEeJ5BqZY 2TgmcR+1TcLPi8TOdPIqqTW7DZYGQVn2HqhHipe3LxRxbQsCgswntxDkdKmBne3GDwME 6wtjn+Hzursx32bxSLKItVsxLxPseyASi+u/+7FPtRq7WT5jre52prptIWzCKBH7UtwC LKbpIKJh772kKQlTmwo5MEgriTwZ4jMQqNKPcsAjWDy++sjKxs0x7guutWJQ1hSeKKMO tARSGKyMab/9L9nLChmC1ZTMmdCtnxFHx7qCPiwuB+OWYScAsejZPLXbxolpYySz2L6l gfTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Qx2vnlPVYzZ6p/5QB37ZdW8eFrYO71qNjsbOYaBuwJo=; b=h/cY4mhABBjcEexKx7qEITJYd/czmHW8EKh3ldvjeibfau/XZVmWjoKeNOLAXmGcU8 ivm/worOBFjiHm9l68++oxu3KijDWsUlya/xo9IR8gOKgDc8NP8/fRXh0pXc8u/sChXO /Ja5mQe86tdluvYlP1zBEAp94ki5T0kJxiH8ZxsPllMN03+L8WOyxan53MVSP0wT/gNo tYKyV0ZhbW3/x6dw1BYt1tUgE5a3KSZFc7lk/roYmWZ+9GJglFylHedWk2XoDztvNwNw OviaqJqCek+1gHExZ27QMU63oTA/0yYcVPyV/97fE4qXBMM8LzA8oOK+MuCEHMVVt2lo fCXg==
X-Gm-Message-State: APjAAAWSrAziQK5X08nTiu9Uf2z2yfdDSU1+Eg5xrSOLo+r39JKwoKb6 DShQX0jKRMtzS110VstgqNYK/mFKD4c+9y9UxfJa3Q==
X-Google-Smtp-Source: APXvYqx4s/4SIhj0r42lyqnxtXLyoBXOVsiOg3NzKBZlLDUVnCW4yEplNbtR+WpA17xaRYsObh8GIcHPDb2dNsr7A40=
X-Received: by 2002:aa7:dad6:: with SMTP id x22mr50825597eds.122.1560868877751; Tue, 18 Jun 2019 07:41:17 -0700 (PDT)
MIME-Version: 1.0
References: <E0BAA0EC-4D2D-4578-A2A1-45B3DA831911@arm.com>
In-Reply-To: <E0BAA0EC-4D2D-4578-A2A1-45B3DA831911@arm.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 18 Jun 2019 07:41:06 -0700
Message-ID: <CALx6S37xjXTW=e7fGbXW6raU9LbM0hvGzd9m6J8SogsTO0fOAQ@mail.gmail.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>
Cc: "draft-ietf-tsvwg-transport-encrypt@ietf.org" <draft-ietf-tsvwg-transport-encrypt@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ffed71058b9a1af5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/nabnzbJazFL2Nc9a9o2WLl7SeqA>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 14:41:23 -0000

On Mon, Jun 17, 2019 at 8:54 AM Thomas Fossati <Thomas.Fossati@arm.com>;
wrote:

> Hi Gorry, Colin,
>
> I have read your fine draft and gathered a few comments for your
> consideration.
>
> I think the intro material (Sections 1 and 2) could be slimmed down
> substantially:
> - There's a bit of repetition (sometimes literally, e.g.: 2nd and 3rd
>   para of the intro section carry the same exact information);
> - Content-wise, with regards to setting the context, there seems to be
>   good overlap with a few already published RFCs - for example both
>   Path signals [RFC8558] and Wire image [RFC8546] could be used to
>   factor out a bunch of text here?  Just a suggestion.
>
> The rest is really good material with the right balance of breadth and
> depth (IMHO).
>
> However, one of the raison d'etre of the document, as I interpret it, is
> to describe which tools & techniques are available to network operators
> that can survive transports that mux and prioritise inside an encrypted
> envelope.
>
> And while the document does a very good job identifying what *doesn't*
> work anymore, the "every time a transport field is encrypted, a passive
> measurement tool gets his wings" story, while factually accurate, only
> tells one half of the tale.
>
> In that respect, I think the draft should also consider any emerging
> techniques & tools.  In particular, ML solutions (especially RNN and
> reinforcement learning architectures) look like one very plausible way
> this is going to evolve.
>
> Which is not to say these methods are in all cases mature enough for
> production.  On the contrary, I think currently very few of them would
> be ready for prime time.  But this is one line of work that has shown,
> in published research at least, encouraging levels of precision &
> accuracy (even with encrypted traffic), while dealing with all the
> typical scenarios a network operator faces.  (I've seen ML applied to
> fault detection and localisation, QoE/QoS measurements in both real-time
> comms and adaptive video, anomalies / misuse / intrusion detection, the
> whole lot.)
>
> The thing is that if ML or like approaches are not good enough or not
> mature enough, the risk that MiTM and forced fall-back to TCP become a
> practical and effective tool in the hands of network operators increases
> substantially, which would be pretty unfortunate.  (And yes, we could
> have handled the transition more graciously, cf. SPUD/PLUS, but we
> decided not to, so here we are.)  In this respect, I think it's critical
> to create a shared understanding of what the challenges are and what
> concrete actions can be taken to accelerate / incentivise the
> development and adoption of ML in this venerable field.  To this end,
> it'd be great if the document provided (even succinctly) a critical look
> on ML that highlights the potential and actual successes, its
> limitations (both in general, and specifically WRT encrypted transports)
> as well as the current gaps.
>
> For example, one thing that becomes quickly apparent once you start
> surveying the existing literature is that comparing different
> ML-for-network-traffic experiments is quite problematic.  The lack of
> uniform evaluation metrics as well as standardised labelled datasets
> (which is only aggravated by ML's sensitivity on training and validation
> data) looks like a gap that urgently needs filling and one where the
> IETF is ideally placed to help reducing the observed fragmentation.
>

Thomas,

ML requires massive amounts of data to be most effect effective, but strong
security mandates that we only expose the minimal amount of data we need
to. So this is the tussle. If someone were to say we need uniform metrics
exposed in transport protocols in the Internet, then the first question to
be asked is "what information about transport protocols is _required_ to be
exposed to the network?" Architecturally and from a position of security,
the answer to this question in the Internet is none. A better question to
ask might be what information would be useful and optional to expose and
how can we limit the exposure to only trusted parties (for instance, I
might trust my local network more than I trust the Internet, so I may be
willing to expose data to the local network if there are sufficient
mechanisms to scope it). That implies the need for a mechanism whereby
hosts can signal the network with ancilary scoped information attached to
packets. IMO the mechanism for this should be Hop-by-Hop options.

Tom



> OK, I'll stop here - I wanted this to be short and snappy but I got
> carried away somehow.  Hopefully my points are still visible above the
> noise line.
>
> Thanks again for the great job gathering 20+ years of collective
> knowledge and experience.
>
> Cheers, t
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>