IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

Tom Herbert <tom@herbertland.com> Tue, 24 March 2020 03:22 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288C83A0FC0 for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 20:22:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JblBdj1CacL for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 20:22:11 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3ED3A0FB4 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 20:22:11 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id i24so19134237eds.1 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 20:22:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=IxwpwJF1DBNANY+mmb7m5xyd+TFvW+7OmSy/o8CYxr4=; b=vkqJn6omjduxJFI8m5pzQgP4ykHXpAVSZ5BbFRH7faDGk1Iv2RnRPFxqyn2CGPdGuA LqjD1E5sV0htIR1kGlLTyv9+E2FLySoLlM0VEG7/GmDmQmTwzJc7IDovIkoLKZYmwjla NT6HbehnHEh5Yr5F5dIgmQlfKENOjZJfys66aONncBr9zJWcfHc44Yuy/g7o6m3OxP5H SfOgXf/ZAp86gJWmoKBFwUBtsogQYdKTjBLQ3ssb8iw8HjaVioGRd7UsSKomLZ4B0mmA FlmDH9tOGkTtZIpTsckQQMp4ILPYuKik9BY0fwUEM9PIrteT6woUC7+6sIIQ2aeG75Sz Gvhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=IxwpwJF1DBNANY+mmb7m5xyd+TFvW+7OmSy/o8CYxr4=; b=ij+TuvVlz7Pv8KoSISyAlMpYiie5OSosF2mQOhEN8TlGTglLQam+fx7YY/tAzU+JLw R4RVcKBDll4I8lzbsybfFaPJtut9pIOHkglIlACz9XbH85tmEYLlOSTN9DXQoKJERjnf hkobTZpYc8nBUMehjqNCAsw7TnvDY8Mf1pKx9XgHuDRM16Tz9H8eIrG9Zhx0IMGOLEqw RDSYcPnP88lifpTJIsnZFBryS4hxAt7jJ6Tj3Fmp2NNIwb5qXr2KpW9AHMN9BF3wLDx+ 3e2yD1RHi9v/7D8mqKqhPD6e3cpSXkDCK9tIzHAENnWMRttb8eZTHSdF82rCd/R3NRXu dCQQ==
X-Gm-Message-State: ANhLgQ3y8KK5pl2EuXepr9h4rD/21gYrcjGJE4KTklgTW4Zng2wTfm5k ePSTRo1C1q63rUKMWqcReO4fDAIM1JRB46noz3Xzzw==
X-Google-Smtp-Source: ADFU+vsfJm3Qmk3vz35BVFlPGGX8po8NMDa5IUD088JzP5ighdYsWxHoOMIN2t9ElKBFGZTIc68sJU/rjISqB7GLP1s=
X-Received: by 2002:aa7:d381:: with SMTP id x1mr23938510edq.212.1585020129792; Mon, 23 Mar 2020 20:22:09 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com> <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 23 Mar 2020 20:21:58 -0700
Message-ID: <CALx6S35J8K0bAmPp72svv+BuOKc1ZdrK_odfcJsPujmQz-iyyA@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: Joseph Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/stO1v5AdisPiXyixZryNfE_rP8Y>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 03:22:13 -0000

On Mon, Mar 23, 2020 at 6:48 PM Black, David <David.Black@dell.com> wrote:
>
> > That sounds like it’s leaning towards extortion - the kind we have now, in which
>
> > “if you don’t let us see your ports and we don’t like them, we’ll block you”.
>
> That sounds like a networking version of turning Spinal Tap’s amps up to 11 ...
>
>
>
> > I’d lean the other way - that the network really shouldn’t be doing anything based on information
>
> > gleaned from transports - explicitly given or not - because it only serves to create mutual escalation of misinformation.
>
> ... and that looks like other end of the spectrum.
>
>
>
> What I had in mind was something more balanced about benefits to exposing some information to the network that motivate endpoints and endpoint implementers to do so ... where motivate is not intended to imply extortion-like threats, and the benefits aren’t necessarily the network doing something immediate based on the exposed information (there are several examples in Section 2.3 of the draft).
>
>
>
> To be concrete, here’s one possible text change, based on taking out the words that seems to be the focus of this discussion:
>
>
>
> OLD
>
>    o  On the one hand, protocols do not necessarily have an incentive to
>
>       expose the actual information that is used by the protocol itself
>
>       and could therefore manipulate the exposed transport header
>
>       information to gain an advantage from the network.  The incentive
>
>       to reflect actual transport header information has to be
>
>       considered when proposing a method.
>
> NEW
>
>    o  On the one hand, protocols do not necessarily have an incentive to
>
>       expose information that is used by the protocol.  The incentive
>
>       to expose transport header information has to be considered when
>
>       proposing a method to do so.
>
David,

That's changing the meaning of the text. The original text was making
a point that if transport layer information is exposed there needs to
be an incentive for the host to set the information honestly and
correctly. This is true, not just for transport layer information but
for everything the host tells the network. An obvious example is TOS
in IPv4-- left to their own devices everyone would just request the
highest level of service of traffic for all packets. So we need some
tangible incentive for user to be honest and correct. For instance,
TOS might have worked if the user were explicitly charged for the
higher level of service, but that would imply a contract between the
network and the host is established and a whole bunch of mechanisms
that require far more than just anonymously volunteering some
arbitrary amount of transport layer information.

Tom

>
>
> Which leaves room to argue that there is no incentive, or there is insufficient incentive, or the risks outweigh the benefits, etc.
>
>
>
> Thanks, --David
>
>
>
> From: Joseph Touch <touch@strayalpha.com>
> Sent: Monday, March 23, 2020 7:08 PM
> To: Black, David
> Cc: Tom Herbert; tsvwg
> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
>
>
>
> [EXTERNAL EMAIL]
>
>
>
> On Mar 23, 2020, at 3:19 PM, Black, David <David.Black@dell.com> wrote:
>
>
>
> [writing as draft shepherd]
>
>
>
> Point taken – would it be reasonable to rework that paragraph to observe that there should be incentives for endpoints to expose transport information, e.g., otherwise implementers may simply not bother?
>
>
>
> That sounds like it’s leaning towards extortion - the kind we have now, in which “if you don’t let us see your ports and we don’t like them, we’ll block you”.
>
>
>
> I’d lean the other way - that the network really shouldn’t be doing anything based on information gleaned from transports - explicitly given or not - because it only serves to create mutual escalation of misinformation.
>
>
>
> Joe
>
>
>
>
>
> Thanks, --David
>
>
>
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> Sent: Monday, March 23, 2020 11:20 AM
> To: Tom Herbert
> Cc: tsvwg
> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
>
>
>
> [EXTERNAL EMAIL]
>
>
>
>
>
>
> On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
>
>
>
> Fundamentally, transport layer is end-to-end information. There is no
> contract between end hosts and the network that hosts have to be
> honest or correct in setting information in the transport layer-- the
> only contract is between the endpoints.
>
>
>
> +1
>
>
>
> Another point worth mentioning:
>
>
>
> - if endpoints can lie or mislead about transport info to get their way, they can, will, and IMO *SHOULD*.
>
>
>
> That goes for using port 53 for nearly anything anyone wants to. Transport info isn’t there to make things nice for network operators - that’s what the network layer is for.
>
>
>
> Oh, yeah, I know - network operators don’t want “heavy” stuff in *their* headers because it slows them down when they don’t want it. Too bad, IMO. If they want the info, they need to deal with the pain.
>
>
>
> Joe
>
>

v2.23.0 | Report a Bug | By Email