[tsvwg] Review of draft-ietf-tsvwg-transport-encrypt-01
Kyle Rose <krose@krose.org> Sat, 17 November 2018 23:07 UTC
Return-Path: <krose@krose.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28BA5130F15 for <tsvwg@ietfa.amsl.com>; Sat, 17 Nov 2018 15:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRaEmVxKiLq8 for <tsvwg@ietfa.amsl.com>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
Received: from mail-yw1-xc29.google.com (mail-yw1-xc29.google.com [IPv6:2607:f8b0:4864:20::c29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36A07130EC2 for <tsvwg@ietf.org>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
Received: by mail-yw1-xc29.google.com with SMTP id v8-v6so11582720ywh.6 for <tsvwg@ietf.org>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=5CYLnrpUmwGNjdVXgDHvFK2tSVeWFZMn7KwqgHrc4+E=; b=O1mFxDp7A6RMkTz6ykrZ7Dx0BoGjaoATCmW28+vazcpvhVRTgvqrrk/vQB9Ak0rwoY jQD10SlOLAZ3iWRxRBx1jJKGQTc4EzzbKLXbZMHF5g1doQfpq7H9vha0wrDeyn+rWM9+ ZUErLe8pz+ZPZcF5blcfGcRdUZvy3pr9f6vuM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5CYLnrpUmwGNjdVXgDHvFK2tSVeWFZMn7KwqgHrc4+E=; b=mUNsu7UnxppTHURdQHID+hDmZjAWLaWJPpBQaYPFCFwfVmFCWZl6ZkzmvqGttdYYN8 1+TPGpoZbY786VY8pVOv7QsKowbEHvzLIbA1cND77rfElC9771hMrE8tVpL8Pb7qtUV3 pLLpb1FIO4WSC9wENe/1e/LNoOxoWLHyjLemlYbSIJnCdEmXfDUTPbeCphF6JNSK5mUN AJzldMkvVrAPqSI/QrGzVgs33G6g6F+3/DSUR/GkwDKbo7dPv0yR736kOWN/8Lvbj3uU mcHPSVsJOEjbUa67Es8sm/IK6NFD2KOHK4QovJCBT/SnAjMZcZ6mN7u6xL+SbYIMhLQ8 kQdw==
X-Gm-Message-State: AGRZ1gLnQlm0y03N4YSpqNN3WJOeyfEQ/8SpBWSlrAgzu08XuTC1tN88 MRkp1KU1EJiqHi4DkVrj1TvtumoCHXeNmzwaUIg/+qhaLW7NVA==
X-Google-Smtp-Source: AJdET5dyg6m05JR5fnbaP2FtT5/YdYGSbNTEqwMzC7viYSlGqAJdWY65MGXDqLF2+j7l7tIxaonn+3LBYeJ17VzsP7o=
X-Received: by 2002:a81:ec12:: with SMTP id j18mr1119579ywm.17.1542496020089; Sat, 17 Nov 2018 15:07:00 -0800 (PST)
MIME-Version: 1.0
From: Kyle Rose <krose@krose.org>
Date: Sat, 17 Nov 2018 18:06:49 -0500
Message-ID: <CAJU8_nVWA9bnjApFpemdn+C0t5boVxSDde5QmospYP6V8ROcFg@mail.gmail.com>
To: "Gorry (erg)" <gorry@erg.abdn.ac.uk>, Colin Perkins <csp@csperkins.org>, tsvwg@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005867e7057ae4576d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/rxMGTRY-CYSWnGy6Y6MYhFbfoqk>
Subject: [tsvwg] Review of draft-ietf-tsvwg-transport-encrypt-01
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2018 23:07:12 -0000
The one overall comment I have is that the document talks about the potential impacts of transport encryption to network operations, but does not attempt to systematically distinguish the impact across different levels of opaqueness. With the IP header in the clear (something that is likely to remain true for the foreseeable future!), for bidirectional (i.e., unspoofable) flows there exists at least information about the source and destination that enables some kind of disincentive (i.e., blame) for unmanageable behavior. I'll repeat the same comment I had for Kathleen and Al when reviewing the draft for RFC 8404, which is that I really would like an analysis (based on the current state of the art, I guess) of what visibility is lost to on-path observers when a particular piece of transport metadata is hidden, and to what degree. Engineers are clever and will figure out ways to tease out more information from limited data, so I'm not looking for impossibility proofs, but maybe an attempt at tiering the potential levels of analysis and what metadata is required to make each feasible based on our current understanding. Probably a different document. Specific comments: In section 2, you have: "The increasing public concerns about the interference with Internet traffic have led to a rapidly expanding deployment of encryption to protect end-user privacy, in protocols like QUIC [I-D.ietf-quic-transport], but also expected to form a basis of future protocol designs." These two clauses don't seem to fit each other. I wonder if one changed without the other. I might say something like: "The increasing public concerns about the interference with Internet traffic have led to a rapidly expanding deployment of encryption to protect end-user privacy, e.g., in QUIC [I-D.ietf-quic-transport]. It is anticipated that future protocol designs will follow suit." Also in section 2, you say "It therefore prevents mechanisms being built that directly rely on the information or seeks to imply semantics of an exposed header field." I think you want to s/imply/infer/. This text is also repeated verbatim in section 8. A little further down in section 2, you have: "A level of ossification of the transport header can offer trade-offs around authentication, and confidentiality of transport protocol headers and has the potential to explicitly support for other uses of this header information." I can't parse this, nor can I figure out what you're trying to say in the first clause. In section 3.1.2, you say "This has been used to locate a source of latency, e.g., by observing cases where the ratio of median to minimum RTT is large for a part of a path." Is there an informational reference for this technique? I'm personally curious. Regarding congestion control, section 3.2.4 states: "However, when anomalies are detected, tools can interpret the transport protocol header information to help understand the impact of specific transport protocols (or protocol mechanisms) on the other traffic that shares a network." One important point, maybe only implied here, is that the ability to easily pinpoint and blame a particular entity for the use of unfair congestion control is key to the combination of politeness and (something like) mutually assured destruction that maintains fairness among flows. Nothing I've seen proposed in actual work (i.e., encrypted transports on top of IP) renders this impossible because the real source of a bidirectional negotiated flow is always evident. The end of section 3.3 states: "Although many network operators utilise transport information as a part of their operational practice, the network will not break because transport headers are encrypted, and this may require alternative tools may need to be developed and deployed." I'm not sure what this means. Section 4, under "Authenticating the Transport Protocol Header", states: "An integrity check can not prevent in-network modification, but can avoid a receiving accepting changes and avoid impact on the transport protocol operation." It can also not prevent ossification around expected values. This is the principle behind GREASE: expose certain useful metadata, but make ossification fail often enough that it is noticed early. In a certain sense, it falls between cleartext and encryption in that it is unpredictable enough not to be relied upon, but is still passively observable. From one perspective, there's a spectrum: unprotected -> authenticated -> GREASEd -> encrypted. Speaking for myself, there exists a lot of metadata for which I don't care about exposure, but I do care about modification and ossification. GREASE is currently the best of both worlds (operator and user) for this information. I think this spectrum could be used more comprehensively throughout the document. Section 7 has a somewhat offhand remark that might suggest a course of action: "There are benefits in exposing consistent information to the network that avoids traffic being mis-classified and then receiving a default treatment by the network." Many folks might be nonPLUSsed by the idea that a standard mechanism for path-exposed metadata could be a good idea, but instead of playing defense, operators might consider proposing and deploying (and hopefully standardizing?) a mechanism for opt-in QoS. No pressure, no enforcement, but tailored service for compliant transports that are willing to reveal certain metadata. Probably heresy. Kyle
- [tsvwg] Review of draft-ietf-tsvwg-transport-encr… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Gorry Fairhurst
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Gorry Fairhurst
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF