IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

Tom Herbert <tom@herbertland.com> Tue, 24 March 2020 16:31 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A533A0C35 for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 09:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQK2rVRdhk4d for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 09:31:34 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7EAE3A0C0D for <tsvwg@ietf.org>; Tue, 24 Mar 2020 09:31:20 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id cf14so12218625edb.13 for <tsvwg@ietf.org>; Tue, 24 Mar 2020 09:31:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QDxKH6SPPJ7MZYfDvP75BAEBlMILPBEBbPsmq4wQJ6w=; b=tek6OOkbXVo1JBSgvtVwGE3rc+in3hY4zvERPs3GQEEr9i9NJayy8DzLzE0NxFIjbs 0sYq4ieZrFZyDi1UZK8rQnTvyAjVqLbS5Q862B26Vk+J1YGZrUFauAeG3TYQsLJSmbLE CRXWXVIQfr4yMckpaHpFOeeMB10wHht7k/D5EFaFjBegt6ciOugHR1oiQQZVcNwX0Q3R cIXekDABNGqqfgfAhD06wPvcec6QxYHwRgPxQFWU4a8TlupQrad/oOSaXmOcqs7nrwOw DMF9HcYZiR3ksdEALPJ/y7QfVmsoEaLc6q4iOPiGts52+qQnrTN/RLy8tf+ZXI8ynoBS MHaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QDxKH6SPPJ7MZYfDvP75BAEBlMILPBEBbPsmq4wQJ6w=; b=X6hRKb7Ff0OuuBazG4woSGaD5ZgVn8YHIT1+vMG9C7viaBpPNaW9U4PGfdUilZDEks jmGYxs/M6cXoPBJ7GU7N5VFpHGwn4wtSbJLA8WUCt/dG2abFMKBjEcWXCI5d63z1dgfy tOZKgq2xps0+YvyI2wNY3jaWDMlcM8ud7NHhnnRpLThjOTkF10+8yJUWKhTrPV+f6XaL 8m6hHr3HBMphtP5SXaFLiXmquiMeIKQlcrx3xc40CX5MBveivnPXSzuzsxLIS/V8MiXr ruw3oL4j/23MkOiRn7/mPEMzrBzcqgok6+yuSpxne+b3+jTK+UC5CzqRZ+CqrPE86gJ9 K/ig==
X-Gm-Message-State: ANhLgQ25yuIjIz07CADuOoks/jt3SGIt4IwIhxUr/yg0/R90EMt96tBK +NLFvOfxhM0bpHoS50P4DoXeNN7tIwRnPKBwOR49ULvm9LQ=
X-Google-Smtp-Source: ADFU+vs5kWr05/6dp6pmzVOg7JGAPOXsI/jJZk+nEEWQgs8597aM06lGdeKm4DYaSX+RbAd22Jj3buTFJlN29/i4Qtc=
X-Received: by 2002:a05:6402:1749:: with SMTP id v9mr8462398edx.39.1585067478792; Tue, 24 Mar 2020 09:31:18 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com> <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com> <CALx6S35J8K0bAmPp72svv+BuOKc1ZdrK_odfcJsPujmQz-iyyA@mail.gmail.com> <MN2PR19MB4045877E00DB58216A58A45883F10@MN2PR19MB4045.namprd19.prod.outlook.com>
In-Reply-To: <MN2PR19MB4045877E00DB58216A58A45883F10@MN2PR19MB4045.namprd19.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 24 Mar 2020 09:31:06 -0700
Message-ID: <CALx6S36eY1mv-US5sajO62wXGqPr=So3RJCedOT9rZU74Q2ZdQ@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/w2zXN3Aqb2jPQmv3ARvBHL3cgMg>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 16:31:38 -0000

On Tue, Mar 24, 2020 at 9:17 AM Black, David <David.Black@dell.com> wrote:
>
> Dell Customer Communication - Confidential
>
> Tom,
>
> In 20/20 hindsight, I've clearly not fully understood your original comment.
>
> Could you propose specific text changes that would address it?
>
David,

My original comment was that the following text in the draft is not
relevant for the reasons I mentioned. The change I suggest would be to
simply remove the paragraph:

"o On the one hand, protocols do not necessarily have an incentive to
expose the actual information that is used by the protocol itself and
could therefore manipulate the exposed transport header information to
gain an advantage from the network. The incentive to reflect actual
transport header information has to be considered when proposing a
method."

Tom


> Thanks, --David
>
> > -----Original Message-----
> > From: Tom Herbert <tom@herbertland.com>
> > Sent: Monday, March 23, 2020 11:22 PM
> > To: Black, David
> > Cc: Joseph Touch; tsvwg
> > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >
> >
> > [EXTERNAL EMAIL]
> >
> > On Mon, Mar 23, 2020 at 6:48 PM Black, David <David.Black@dell.com>
> > wrote:
> > >
> > > > That sounds like it’s leaning towards extortion - the kind we have now, in
> > which
> > >
> > > > “if you don’t let us see your ports and we don’t like them, we’ll block you”.
> > >
> > > That sounds like a networking version of turning Spinal Tap’s amps up to 11 ...
> > >
> > >
> > >
> > > > I’d lean the other way - that the network really shouldn’t be doing anything
> > based on information
> > >
> > > > gleaned from transports - explicitly given or not - because it only serves to
> > create mutual escalation of misinformation.
> > >
> > > ... and that looks like other end of the spectrum.
> > >
> > >
> > >
> > > What I had in mind was something more balanced about benefits to exposing
> > some information to the network that motivate endpoints and endpoint
> > implementers to do so ... where motivate is not intended to imply extortion-like
> > threats, and the benefits aren’t necessarily the network doing something
> > immediate based on the exposed information (there are several examples in
> > Section 2.3 of the draft).
> > >
> > >
> > >
> > > To be concrete, here’s one possible text change, based on taking out the
> > words that seems to be the focus of this discussion:
> > >
> > >
> > >
> > > OLD
> > >
> > >    o  On the one hand, protocols do not necessarily have an incentive to
> > >
> > >       expose the actual information that is used by the protocol itself
> > >
> > >       and could therefore manipulate the exposed transport header
> > >
> > >       information to gain an advantage from the network.  The incentive
> > >
> > >       to reflect actual transport header information has to be
> > >
> > >       considered when proposing a method.
> > >
> > > NEW
> > >
> > >    o  On the one hand, protocols do not necessarily have an incentive to
> > >
> > >       expose information that is used by the protocol.  The incentive
> > >
> > >       to expose transport header information has to be considered when
> > >
> > >       proposing a method to do so.
> > >
> > David,
> >
> > That's changing the meaning of the text. The original text was making
> > a point that if transport layer information is exposed there needs to
> > be an incentive for the host to set the information honestly and
> > correctly. This is true, not just for transport layer information but
> > for everything the host tells the network. An obvious example is TOS
> > in IPv4-- left to their own devices everyone would just request the
> > highest level of service of traffic for all packets. So we need some
> > tangible incentive for user to be honest and correct. For instance,
> > TOS might have worked if the user were explicitly charged for the
> > higher level of service, but that would imply a contract between the
> > network and the host is established and a whole bunch of mechanisms
> > that require far more than just anonymously volunteering some
> > arbitrary amount of transport layer information.
> >
> > Tom
> >
> > >
> > >
> > > Which leaves room to argue that there is no incentive, or there is insufficient
> > incentive, or the risks outweigh the benefits, etc.
> > >
> > >
> > >
> > > Thanks, --David
> > >
> > >
> > >
> > > From: Joseph Touch <touch@strayalpha.com>
> > > Sent: Monday, March 23, 2020 7:08 PM
> > > To: Black, David
> > > Cc: Tom Herbert; tsvwg
> > > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> > >
> > >
> > >
> > > [EXTERNAL EMAIL]
> > >
> > >
> > >
> > > On Mar 23, 2020, at 3:19 PM, Black, David <David.Black@dell.com> wrote:
> > >
> > >
> > >
> > > [writing as draft shepherd]
> > >
> > >
> > >
> > > Point taken – would it be reasonable to rework that paragraph to observe
> > that there should be incentives for endpoints to expose transport information,
> > e.g., otherwise implementers may simply not bother?
> > >
> > >
> > >
> > > That sounds like it’s leaning towards extortion - the kind we have now, in
> > which “if you don’t let us see your ports and we don’t like them, we’ll block
> > you”.
> > >
> > >
> > >
> > > I’d lean the other way - that the network really shouldn’t be doing anything
> > based on information gleaned from transports - explicitly given or not -
> > because it only serves to create mutual escalation of misinformation.
> > >
> > >
> > >
> > > Joe
> > >
> > >
> > >
> > >
> > >
> > > Thanks, --David
> > >
> > >
> > >
> > > From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> > > Sent: Monday, March 23, 2020 11:20 AM
> > > To: Tom Herbert
> > > Cc: tsvwg
> > > Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> > >
> > >
> > >
> > > [EXTERNAL EMAIL]
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
> > >
> > >
> > >
> > > Fundamentally, transport layer is end-to-end information. There is no
> > > contract between end hosts and the network that hosts have to be
> > > honest or correct in setting information in the transport layer-- the
> > > only contract is between the endpoints.
> > >
> > >
> > >
> > > +1
> > >
> > >
> > >
> > > Another point worth mentioning:
> > >
> > >
> > >
> > > - if endpoints can lie or mislead about transport info to get their way, they
> > can, will, and IMO *SHOULD*.
> > >
> > >
> > >
> > > That goes for using port 53 for nearly anything anyone wants to. Transport
> > info isn’t there to make things nice for network operators - that’s what the
> > network layer is for.
> > >
> > >
> > >
> > > Oh, yeah, I know - network operators don’t want “heavy” stuff in *their*
> > headers because it slows them down when they don’t want it. Too bad, IMO. If
> > they want the info, they need to deal with the pain.
> > >
> > >
> > >
> > > Joe
> > >
> > >

v2.23.0 | Report a Bug | By Email