Re: [tsvwg] draft-ietf-tsvwg-transport-encrypt-13.txt - concern summaries

David Schinazi <dschinazi.ietf@gmail.com> Mon, 23 March 2020 16:09 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7776E3A09CA for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 09:09:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mIIr6E_uYuQj for <tsvwg@ietfa.amsl.com>; Mon, 23 Mar 2020 09:09:35 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F26053A09C9 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 09:09:29 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id c5so5220339lfp.5 for <tsvwg@ietf.org>; Mon, 23 Mar 2020 09:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U3ja8GOx7Yux2g27WmGULsTB9t9HTx7uyxru35B2kEg=; b=QX1TA2BqXOoc9ZXv8C13dGmEcmZT/tSBocdGzyrQziJ0K+4MEdrw6sOF8q2Ax0nPNR z4iVrRg1dGKTdkv9MhWS0X/auVd4/3F/kkYSZUPs5dzY7xicP39HNTIybCrknKx25Y2d 7CA+5MkxwlPQ9VXb/sLn9c8yK8JwDF726hBH3Qvjfl2jjmZVCT7tem+AlGjAKU5UhyeX r32p7MEMR32N1n0nNhBG87vvZGfBxjXvJ7+7j9ucVSouTm0OSd8bYXTRs87mXfH1uMwL Ju+t+SsYOoAuYhu64kyLRhgj5I5HxqqSl+OFwGhd3vyYZwSW+YvwSGHoauldX1T1H9NM M6gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U3ja8GOx7Yux2g27WmGULsTB9t9HTx7uyxru35B2kEg=; b=f5ZlQXV5lRaakAVAvmWvUR5x2C+9ISBQRHe0pM/T0wfcD+J5uK5mErJktDn50NNcpV /OgpKe7x0j8fWV2HoL7vMUbD9/Qp4WaEMkjp/zosMBAVBbFWepjKOTlW8snH9CiBqX8m whcwiE2yb4C67OBg0HUKNShQM3nu++vDaXSFdk5QxoxVsrL3a6nWweuga5D1vdU4MD6F sOZFIZVrkrgg0v55H8sLyFHDzEpa5fAn+Hw2slQjdD5Cg+rvDbWdX3ODzdVC46ZzETE7 GOUUAJto1OXazD8tYtgqnaCl7lrWLTSMMKRGSamc+mE2hKS9fb4y0suiBQs0Ky3UMLBv X6mg==
X-Gm-Message-State: ANhLgQ3MQwSWCf1PKARXjJFa1ok3uENPeYU3qNX+HLhCZyxCk/6wS+5P afF0C8VbqSUatPSHeih8CnAQ32KelKXVA/1ThDzyQA==
X-Google-Smtp-Source: =?utf-8?q?ADFU+vuKKGfLfQKmWrw5UOVNHU4tCd/vQf2JMJX2YIMJ?= =?utf-8?q?XDBcyIMpF0v41426+M7Y0T1QtCwvr/fa3eYCeLC19ufO5ck=3D?=
X-Received: by 2002:a05:6512:247:: with SMTP id b7mr13582058lfo.21.1584979760926; Mon, 23 Mar 2020 09:09:20 -0700 (PDT)
MIME-Version: 1.0
References: =?utf-8?q?=3CMN2PR19MB4045B2134AF023AAF484A8A983F00=40MN2PR19MB4?= =?utf-8?q?045=2Enamprd19=2Eprod=2Eoutlook=2Ecom=3E?=
In-Reply-To: =?utf-8?q?=3CMN2PR19MB4045B2134AF023AAF484A8A983F00=40MN2PR19MB?= =?utf-8?q?4045=2Enamprd19=2Eprod=2Eoutlook=2Ecom=3E?=
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Mon, 23 Mar 2020 09:09:09 -0700
Message-ID: <CAPDSy+4+B6p8e0Hctnhf1zcnUCPdv68OdQzK1cdcOSfNdj-1TQ@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, tsvwg IETF list <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a052c305a187db89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/uqEBlJF-T3IiFzECZk-6GE3_-tA>
Subject: Re: [tsvwg] draft-ietf-tsvwg-transport-encrypt-13.txt - concern summaries
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2020 16:09:41 -0000

Hi David (B),

Yes, this summarizes my concerns.

David (S)

On Mon, Mar 23, 2020 at 6:12 AM Black, David <David.Black@dell.com> wrote:

> David (S) and Ekr,
>
>
>
> The prompt reviews are appreciated, thank you.  I first want to make sure
> that there’s a clear understanding of the concerns.
>
>
>
> Looking at the email that David Schinazi referenced, this appears to be a
> good summary of his concerns:
>
>
>
> As such, I'm now more confused than I was before reading the draft, as it
> doesn't help me answer the question of "when designing a new transport
> protocol, should I be encrypting my transport headers or not?".
>
>
>
> I personally oppose publication of the document as it stands, because I
> find it confusing and non-actionable. I would like to see this useful
> content in a BCP document once we have enough
>
> information to actually recommend something.
>
>
>
> I’m having more difficulty in finding a good summary of Ekr’s concerns.
> Going back to his comments on the -08 version during the first WGLC, I
> found this:
>
>
>
> Having an IETF Consensus RFC that is so heavily weighted on the side of
> "this is how encryption inconveniences us" and so light on "these are the
> attacks we are preventing" gives a misleading picture of the IETF
> community's view of the relative priority of these concerns.  ISTM that RFC
> 8558 -- though perhaps imperfect -- far more closely reflects that
> consensus.
>
>
>
> So, are those reasonable summaries of each of your concerns?  If not,
> please revise and send to the list, making effort avoid significant
> extensions (so that the results are still summaries).
>
>
>
> Thanks, --David (as draft shepherd)
>
>
>
> *From:* tsvwg <tsvwg-bounces@ietf.org> *On Behalf Of * David Schinazi
> *Sent:* Sunday, March 22, 2020 7:56 PM
> *To:* Eric Rescorla
> *Cc:* Gorry Fairhurst; tsvwg IETF list
> *Subject:* Re: [tsvwg] Rev 13 of :
> draft-ietf-tsvwg-transport-encrypt-13.txt
>
>
>
> [EXTERNAL EMAIL]
>
> I went through the diff from -12 and -13 and didn't see that addressing my
> concerns [1].
>
>
>
> I still personally oppose publication of the document as-is.
>
>
>
> [1]
> https://mailarchive.ietf.org/arch/msg/tsvwg/nnSr8_nrw7YepWFWA7tLc1k3Nv0/
>
>
>
> Thanks,
>
> David
>
>
>
> On Sat, Mar 21, 2020 at 6:40 AM Eric Rescorla <ekr@rtfm.com> wrote:
>
> I do not believe that this version of the document addresses my concerns.
> The overall tonal issues remain unchanged.
>
>
>
> -Ekr
>
>
>
>
>
> On Sat, Mar 21, 2020 at 5:18 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk>
> wrote:
>
> Thanks to all who provided comments on and off list, this document was
> improved by understanding the feedback. We worked with the document
> shepherd (David) to address the issues, and expect this revision is now in
> good shape to proceed.
>
> Gorry (as Co-Editor)
>
> Sent from my iPad
>
> > On 21 Mar 2020, at 10:07, internet-drafts@ietf.org wrote:
> >
> > 
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Transport Area Working Group WG of the
> IETF.
> >
> >        Title           : Considerations around Transport Header
> Confidentiality, Network Operations, and the Evolution of Internet
> Transport Protocols
> >        Authors         : Godred Fairhurst
> >                          Colin Perkins
> >    Filename        : draft-ietf-tsvwg-transport-encrypt-13.txt
> >    Pages           : 50
> >    Date            : 2020-03-21
> >
> > Abstract:
> >   To protect user data and privacy, Internet transport protocols have
> >   supported payload encryption and authentication for some time.  Such
> >   encryption and authentication is now also starting to be applied to
> >   the transport protocol headers.  This helps avoid transport protocol
> >   ossification by middleboxes, while also protecting metadata about the
> >   communication.  Current operational practice in some networks inspect
> >   transport header information within the network, but this is no
> >   longer possible when those transport headers are encrypted...  This
> >   document discusses the possible impact when network traffic uses a
> >   protocol with an encrypted transport header.  It suggests issues to
> >   consider when designing new transport protocols or features.  These
> >   considerations arise from concerns such as network operations,
> >   prevention of network ossification, enabling transport protocol
> >   evolution and respect for user privacy.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-transport-encrypt/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-tsvwg-transport-encrypt-13
> >
> https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-transport-encrypt-13
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
>
>