[tsvwg] Review of draft-ietf-tsvwg-transport-encrypt-01
Kyle Rose <krose@krose.org> Sat, 17 November 2018 23:07 UTC
Return-Path: <krose@krose.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28BA5130F15 for <tsvwg@ietfa.amsl.com>; Sat, 17 Nov 2018 15:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRaEmVxKiLq8 for <tsvwg@ietfa.amsl.com>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
Received: from mail-yw1-xc29.google.com (mail-yw1-xc29.google.com [IPv6:2607:f8b0:4864:20::c29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36A07130EC2 for <tsvwg@ietf.org>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
Received: by mail-yw1-xc29.google.com with SMTP id v8-v6so11582720ywh.6 for <tsvwg@ietf.org>; Sat, 17 Nov 2018 15:07:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=5CYLnrpUmwGNjdVXgDHvFK2tSVeWFZMn7KwqgHrc4+E=; b=O1mFxDp7A6RMkTz6ykrZ7Dx0BoGjaoATCmW28+vazcpvhVRTgvqrrk/vQB9Ak0rwoY jQD10SlOLAZ3iWRxRBx1jJKGQTc4EzzbKLXbZMHF5g1doQfpq7H9vha0wrDeyn+rWM9+ ZUErLe8pz+ZPZcF5blcfGcRdUZvy3pr9f6vuM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5CYLnrpUmwGNjdVXgDHvFK2tSVeWFZMn7KwqgHrc4+E=; b=mUNsu7UnxppTHURdQHID+hDmZjAWLaWJPpBQaYPFCFwfVmFCWZl6ZkzmvqGttdYYN8 1+TPGpoZbY786VY8pVOv7QsKowbEHvzLIbA1cND77rfElC9771hMrE8tVpL8Pb7qtUV3 pLLpb1FIO4WSC9wENe/1e/LNoOxoWLHyjLemlYbSIJnCdEmXfDUTPbeCphF6JNSK5mUN AJzldMkvVrAPqSI/QrGzVgs33G6g6F+3/DSUR/GkwDKbo7dPv0yR736kOWN/8Lvbj3uU mcHPSVsJOEjbUa67Es8sm/IK6NFD2KOHK4QovJCBT/SnAjMZcZ6mN7u6xL+SbYIMhLQ8 kQdw==
X-Gm-Message-State: AGRZ1gLnQlm0y03N4YSpqNN3WJOeyfEQ/8SpBWSlrAgzu08XuTC1tN88 MRkp1KU1EJiqHi4DkVrj1TvtumoCHXeNmzwaUIg/+qhaLW7NVA==
X-Google-Smtp-Source: AJdET5dyg6m05JR5fnbaP2FtT5/YdYGSbNTEqwMzC7viYSlGqAJdWY65MGXDqLF2+j7l7tIxaonn+3LBYeJ17VzsP7o=
X-Received: by 2002:a81:ec12:: with SMTP id j18mr1119579ywm.17.1542496020089; Sat, 17 Nov 2018 15:07:00 -0800 (PST)
MIME-Version: 1.0
From: Kyle Rose <krose@krose.org>
Date: Sat, 17 Nov 2018 18:06:49 -0500
Message-ID: <CAJU8_nVWA9bnjApFpemdn+C0t5boVxSDde5QmospYP6V8ROcFg@mail.gmail.com>
To: "Gorry (erg)" <gorry@erg.abdn.ac.uk>, Colin Perkins <csp@csperkins.org>, tsvwg@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005867e7057ae4576d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/rxMGTRY-CYSWnGy6Y6MYhFbfoqk>
Subject: [tsvwg] Review of draft-ietf-tsvwg-transport-encrypt-01
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2018 23:07:12 -0000
The one overall comment I have is that the document talks about the
potential impacts of transport encryption to network operations, but does
not attempt to systematically distinguish the impact across different
levels of opaqueness. With the IP header in the clear (something that is
likely to remain true for the foreseeable future!), for bidirectional
(i.e., unspoofable) flows there exists at least information about the
source and destination that enables some kind of disincentive (i.e., blame)
for unmanageable behavior.
I'll repeat the same comment I had for Kathleen and Al when reviewing the
draft for RFC 8404, which is that I really would like an analysis (based on
the current state of the art, I guess) of what visibility is lost to
on-path observers when a particular piece of transport metadata is hidden,
and to what degree. Engineers are clever and will figure out ways to tease
out more information from limited data, so I'm not looking for
impossibility proofs, but maybe an attempt at tiering the potential levels
of analysis and what metadata is required to make each feasible based on
our current understanding. Probably a different document.
Specific comments:
In section 2, you have:
"The increasing public concerns
about the interference with Internet traffic have led to a rapidly
expanding deployment of encryption to protect end-user privacy, in
protocols like QUIC [I-D.ietf-quic-transport], but also expected to
form a basis of future protocol designs."
These two clauses don't seem to fit each other. I wonder if one changed
without the other. I might say something like:
"The increasing public concerns
about the interference with Internet traffic have led to a rapidly
expanding deployment of encryption to protect end-user privacy, e.g., in
QUIC [I-D.ietf-quic-transport]. It is anticipated that future protocol
designs
will follow suit."
Also in section 2, you say "It therefore prevents mechanisms being built
that directly rely on the information or seeks to imply semantics of an
exposed header field." I think you want to s/imply/infer/. This text is
also repeated verbatim in section 8.
A little further down in section 2, you have:
"A level of ossification of the transport header can offer trade-offs
around authentication, and confidentiality of transport protocol
headers and has the potential to explicitly support for other uses of
this header information."
I can't parse this, nor can I figure out what you're trying to say in the
first clause.
In section 3.1.2, you say "This has been used to locate a source of
latency, e.g., by observing cases where the ratio of median to minimum RTT
is large for a part of a path." Is there an informational reference for
this technique? I'm personally curious.
Regarding congestion control, section 3.2.4 states:
"However, when anomalies are detected, tools can interpret the
transport protocol header information to help understand the
impact of specific transport protocols (or protocol mechanisms) on
the other traffic that shares a network."
One important point, maybe only implied here, is that the ability to easily
pinpoint and blame a particular entity for the use of unfair congestion
control is key to the combination of politeness and (something like)
mutually assured destruction that maintains fairness among flows. Nothing
I've seen proposed in actual work (i.e., encrypted transports on top of IP)
renders this impossible because the real source of a bidirectional
negotiated flow is always evident.
The end of section 3.3 states:
"Although many network operators utilise
transport information as a part of their operational practice, the
network will not break because transport headers are encrypted, and
this may require alternative tools may need to be developed and
deployed."
I'm not sure what this means.
Section 4, under "Authenticating the Transport Protocol Header", states:
"An integrity check can not prevent in-network modification, but can
avoid a receiving accepting changes and avoid impact on the
transport protocol operation."
It can also not prevent ossification around expected values. This is the
principle behind GREASE: expose certain useful metadata, but make
ossification fail often enough that it is noticed early. In a certain
sense, it falls between cleartext and encryption in that it is
unpredictable enough not to be relied upon, but is still passively
observable. From one perspective, there's a spectrum: unprotected ->
authenticated -> GREASEd -> encrypted.
Speaking for myself, there exists a lot of metadata for which I don't care
about exposure, but I do care about modification and ossification. GREASE
is currently the best of both worlds (operator and user) for this
information. I think this spectrum could be used more comprehensively
throughout the document.
Section 7 has a somewhat offhand remark that might suggest a course of
action:
"There are benefits in
exposing consistent information to the network that avoids traffic
being mis-classified and then receiving a default treatment by the
network."
Many folks might be nonPLUSsed by the idea that a standard mechanism for
path-exposed metadata could be a good idea, but instead of playing defense,
operators might consider proposing and deploying (and hopefully
standardizing?) a mechanism for opt-in QoS. No pressure, no enforcement,
but tailored service for compliant transports that are willing to reveal
certain metadata. Probably heresy.
Kyle
- [tsvwg] Review of draft-ietf-tsvwg-transport-encr… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Gorry Fairhurst
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Kyle Rose
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Gorry Fairhurst
- Re: [tsvwg] Review of draft-ietf-tsvwg-transport-… Spencer Dawkins at IETF