IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

"Black, David" <David.Black@dell.com> Tue, 24 March 2020 16:17 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 404DC3A09AB for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 09:17:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=NxyXLAg0; dkim=pass (1024-bit key) header.d=dell.onmicrosoft.com header.b=BzWU+6SP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id my5kW41UobFQ for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 09:17:27 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49C723A0917 for <tsvwg@ietf.org>; Tue, 24 Mar 2020 09:17:27 -0700 (PDT)
Received: from pps.filterd (m0170391.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02OGHQiC012287; Tue, 24 Mar 2020 12:17:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=KzMlkfFpbATwqoFPQb5NoMUYudxynYhGNbQXH0pUXrA=; b=NxyXLAg0OlYbsAqnsg9KhhqhL9B9KzfQC+//FqM+yr/18Qxs3mxO/vBhQDaJ/hcoDTHY eJ5ryc+c0iHD6FlUh9eGRvrItj9jcy/niX3uLONyS2lECXWykNg2JY8z5U5l8rKr1Vof iwNhs0JlRREva+nWXgzlqhmtTzOfV0yq4EgwIkD4cvisiOz9dTFcPXTGD2+Vei0lTHfh 8cPP6ZUkPLVPnrpgUM8b5OZGfWBUhmMSxNzeAvzPCBVvxNj0nFEae83BWn9ADzARhd2u l8lxU0IFX7iHUXBQ2gVcEWN/KaDdkcCHqVzd5P3CWLVDj/jAo6IL8z+cuWKcYUxULU5g ag==
Received: from mx0a-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 2ywe2wynxr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Mar 2020 12:17:25 -0400
Received: from pps.filterd (m0089484.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02OG9dS0134735; Tue, 24 Mar 2020 12:17:24 -0400
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2177.outbound.protection.outlook.com [104.47.55.177]) by mx0b-00154901.pphosted.com with ESMTP id 2ywfc8a70s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Mar 2020 12:17:24 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F0MQvHWlwVe/086k0LwIldOumGluvedprimrJDLhh0cppxJhIsTEpFYLt0yrwhVTx2LV8BrkCRRVCy5uT2qsubiLCIVTVELR0AaL8gjDxNwk1xk/8EB9LhYGkzY0fTa1gnIUijKV3v4w2tY4TzcuFj/8aiuWkI7wJbFOwy5Gdd5icbPAIO9Q1vb+s73elbrQUWAdNAugGvsU8hBintleLr9JcQWZxcM/ds0vFDB2Nt4baeMgVJkVMkxTOLLV1/fmYlUVQ3lxJyD3RVQvcq/ptEwfiPQ6HM9zG3tCyxxUro/pL9GexnxR3BlSjKyc9eXqlXRjpVODMr9sXwdy7ucdgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KzMlkfFpbATwqoFPQb5NoMUYudxynYhGNbQXH0pUXrA=; b=VVL0uD5B90UJcHNdzDtEhAfTeHBQpa4AMpCAKcqNykNvioSiKKfbV6VF0a/sJoxq3idwVpDF14XAjpweB4WqTIQWX8IvzUC0133cy7LSj7vfXxUGwWag1FzPAxplPpgtLBlJa3x4C9wTv9XmeZ399ckbZFSvOtLbLY8AiqocLLL7GloREdJgu7kSIdVxZ5bIrBj7e5sd2c7slBaX5NvAFxVUC9e2A+EplZVvCilNCYzmlVNvdtUYNQF0wzA1PNvyD+6eLJg8kKymSNHkDjxvNqFo0UDDK1uJ44Ou2M1P6prO/I6qB/oUVX3zTbpSK0lHjXtbZv0hyDLSBz1fcpK7rA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Dell.onmicrosoft.com; s=selector1-Dell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KzMlkfFpbATwqoFPQb5NoMUYudxynYhGNbQXH0pUXrA=; b=BzWU+6SPusifFzhDI++noSwlVlp9g8NonDnaPqiW5iSp/UDtvrAiOUBsdWy1QkM2tbC0laVcOV1YklQs6Dt8sdrjO5Lark4OVyKbw7ibCNDY7l9hPEPJWIyQf3NEtLWPKF6xoPPMp7fTjsqSC970jdwb+xFBtDapP4a1uCWrxQE=
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB2975.namprd19.prod.outlook.com (2603:10b6:208:105::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Tue, 24 Mar 2020 16:17:23 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::8d12:8a24:ccb2:b2bd%3]) with mapi id 15.20.2835.021; Tue, 24 Mar 2020 16:17:23 +0000
From: "Black, David" <David.Black@dell.com>
To: Tom Herbert <tom@herbertland.com>
CC: tsvwg <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
Thread-Index: AQHWASPz6uPUhpSteUae+2Go+AJQaqhWSsgAgAB0P2CAAA5cgIAAJSPQgAAh8gCAANhocA==
Date: Tue, 24 Mar 2020 16:17:23 +0000
Message-ID: <MN2PR19MB4045877E00DB58216A58A45883F10@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com> <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com> <CALx6S35J8K0bAmPp72svv+BuOKc1ZdrK_odfcJsPujmQz-iyyA@mail.gmail.com>
In-Reply-To: <CALx6S35J8K0bAmPp72svv+BuOKc1ZdrK_odfcJsPujmQz-iyyA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Enabled=True; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Owner=david.black@emc.com; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_SetDate=2020-03-24T16:17:21.9072831Z; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Name=Customer Communication; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Application=Microsoft Azure Information Protection; MSIP_Label_a17f17c0-b23c-493d-99ab-b037779ecd33_Extended_MSFT_Method=Manual; aiplabel=Customer Communication
x-originating-ip: [72.74.71.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4cc8339f-f635-46f0-3e3b-08d7d00ed600
x-ms-traffictypediagnostic: MN2PR19MB2975:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB297506AB69455800F746A2F083F10@MN2PR19MB2975.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 03524FBD26
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(366004)(346002)(376002)(39860400002)(6916009)(53546011)(54906003)(6506007)(33656002)(2906002)(71200400001)(7696005)(66946007)(8936002)(786003)(478600001)(86362001)(5660300002)(9686003)(8676002)(186003)(316002)(55016002)(81166006)(66556008)(66446008)(76116006)(107886003)(66476007)(26005)(81156014)(52536014)(64756008)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR19MB2975; H:MN2PR19MB4045.namprd19.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords;
received-spf: None (protection.outlook.com: dell.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BENlMHIqkXbdp+ibO3U7QrITHRgPklj3kxwCS6+9Xqu2IrGQOvdGPukIiQ/e79QSITDMDiMqJMRgvZgWAc7sURw9PTTcopbGtiXJkQkUBv72/CMhjY5W5LeYHR//RJeB6OaRctVQL17TcWl3qlUXERGQsk7gnfSchHyo7WVM0vUf93BLy9Qll5guHJeuf9IzD4PBW6X/P0yPKBqJ5/rMj9/zFdu/xQuXKhbHKZsQWp2K5MsOpMj3C8EH6pULin7mSd3rIYeMnjEsHNJQHreuj6+oxddJdrYMGlewA15In7xjziVRoOKYFyy3k1o6pG+LfdvLFTmbQIdceYV/moA1wJSUITWrcWm9kJ+ZW0sq9uncE4si/xTjhucu+XHNB3W+S+T5i7u2mVbLD2V3EXl0fqejyOE7Ah1qnhlhqZkn7Zk6XZh2O0omRbbEJuF/5EvI
x-ms-exchange-antispam-messagedata: /HB5v+4GclVz8sDmrca7NJWCGel3yXyRsTv7IgOpbkR3+377NRjCdaod6CjErEARYgMntU0a35jN5bbMaxWYXdBlekJFBzvo95uUrCAkruAB2MTuHutWsRm2Gb2rKam6AoEc75l/OoEGxLcm/ZaDAg==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4cc8339f-f635-46f0-3e3b-08d7d00ed600
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2020 16:17:23.3409 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /TeLS0ZfUi6FDCr3rY10VJ07mgd5aQlvKgL8T3MKULdXQARu7EYUKiKIgRkxpja/gki472LWZzlnDOGSEZe98Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB2975
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-24_05:2020-03-23, 2020-03-24 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 spamscore=0 clxscore=1015 impostorscore=0 adultscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003240087
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 spamscore=0 priorityscore=1501 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003240087
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/_rfNiPTXATQyEQV4oCW-9Wdn08I>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 16:17:30 -0000

Dell Customer Communication - Confidential

Tom,

In 20/20 hindsight, I've clearly not fully understood your original comment.

Could you propose specific text changes that would address it?

Thanks, --David

> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Monday, March 23, 2020 11:22 PM
> To: Black, David
> Cc: Joseph Touch; tsvwg
> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> 
> 
> [EXTERNAL EMAIL]
> 
> On Mon, Mar 23, 2020 at 6:48 PM Black, David <David.Black@dell.com>
> wrote:
> >
> > > That sounds like it’s leaning towards extortion - the kind we have now, in
> which
> >
> > > “if you don’t let us see your ports and we don’t like them, we’ll block you”.
> >
> > That sounds like a networking version of turning Spinal Tap’s amps up to 11 ...
> >
> >
> >
> > > I’d lean the other way - that the network really shouldn’t be doing anything
> based on information
> >
> > > gleaned from transports - explicitly given or not - because it only serves to
> create mutual escalation of misinformation.
> >
> > ... and that looks like other end of the spectrum.
> >
> >
> >
> > What I had in mind was something more balanced about benefits to exposing
> some information to the network that motivate endpoints and endpoint
> implementers to do so ... where motivate is not intended to imply extortion-like
> threats, and the benefits aren’t necessarily the network doing something
> immediate based on the exposed information (there are several examples in
> Section 2.3 of the draft).
> >
> >
> >
> > To be concrete, here’s one possible text change, based on taking out the
> words that seems to be the focus of this discussion:
> >
> >
> >
> > OLD
> >
> >    o  On the one hand, protocols do not necessarily have an incentive to
> >
> >       expose the actual information that is used by the protocol itself
> >
> >       and could therefore manipulate the exposed transport header
> >
> >       information to gain an advantage from the network.  The incentive
> >
> >       to reflect actual transport header information has to be
> >
> >       considered when proposing a method.
> >
> > NEW
> >
> >    o  On the one hand, protocols do not necessarily have an incentive to
> >
> >       expose information that is used by the protocol.  The incentive
> >
> >       to expose transport header information has to be considered when
> >
> >       proposing a method to do so.
> >
> David,
> 
> That's changing the meaning of the text. The original text was making
> a point that if transport layer information is exposed there needs to
> be an incentive for the host to set the information honestly and
> correctly. This is true, not just for transport layer information but
> for everything the host tells the network. An obvious example is TOS
> in IPv4-- left to their own devices everyone would just request the
> highest level of service of traffic for all packets. So we need some
> tangible incentive for user to be honest and correct. For instance,
> TOS might have worked if the user were explicitly charged for the
> higher level of service, but that would imply a contract between the
> network and the host is established and a whole bunch of mechanisms
> that require far more than just anonymously volunteering some
> arbitrary amount of transport layer information.
> 
> Tom
> 
> >
> >
> > Which leaves room to argue that there is no incentive, or there is insufficient
> incentive, or the risks outweigh the benefits, etc.
> >
> >
> >
> > Thanks, --David
> >
> >
> >
> > From: Joseph Touch <touch@strayalpha.com>
> > Sent: Monday, March 23, 2020 7:08 PM
> > To: Black, David
> > Cc: Tom Herbert; tsvwg
> > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> >
> > [EXTERNAL EMAIL]
> >
> >
> >
> > On Mar 23, 2020, at 3:19 PM, Black, David <David.Black@dell.com> wrote:
> >
> >
> >
> > [writing as draft shepherd]
> >
> >
> >
> > Point taken – would it be reasonable to rework that paragraph to observe
> that there should be incentives for endpoints to expose transport information,
> e.g., otherwise implementers may simply not bother?
> >
> >
> >
> > That sounds like it’s leaning towards extortion - the kind we have now, in
> which “if you don’t let us see your ports and we don’t like them, we’ll block
> you”.
> >
> >
> >
> > I’d lean the other way - that the network really shouldn’t be doing anything
> based on information gleaned from transports - explicitly given or not -
> because it only serves to create mutual escalation of misinformation.
> >
> >
> >
> > Joe
> >
> >
> >
> >
> >
> > Thanks, --David
> >
> >
> >
> > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> > Sent: Monday, March 23, 2020 11:20 AM
> > To: Tom Herbert
> > Cc: tsvwg
> > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> >
> > [EXTERNAL EMAIL]
> >
> >
> >
> >
> >
> >
> > On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
> >
> >
> >
> > Fundamentally, transport layer is end-to-end information. There is no
> > contract between end hosts and the network that hosts have to be
> > honest or correct in setting information in the transport layer-- the
> > only contract is between the endpoints.
> >
> >
> >
> > +1
> >
> >
> >
> > Another point worth mentioning:
> >
> >
> >
> > - if endpoints can lie or mislead about transport info to get their way, they
> can, will, and IMO *SHOULD*.
> >
> >
> >
> > That goes for using port 53 for nearly anything anyone wants to. Transport
> info isn’t there to make things nice for network operators - that’s what the
> network layer is for.
> >
> >
> >
> > Oh, yeah, I know - network operators don’t want “heavy” stuff in *their*
> headers because it slows them down when they don’t want it. Too bad, IMO. If
> they want the info, they need to deal with the pain.
> >
> >
> >
> > Joe
> >
> >

v2.23.0 | Report a Bug | By Email