IETF Logo Mail Archive

Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13

Tom Herbert <tom@herbertland.com> Tue, 24 March 2020 17:50 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC93B3A0DC7 for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 10:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TrpYvRCX5Xmb for <tsvwg@ietfa.amsl.com>; Tue, 24 Mar 2020 10:50:38 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 366573A0DAF for <tsvwg@ietf.org>; Tue, 24 Mar 2020 10:50:38 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id b18so21759570edu.3 for <tsvwg@ietf.org>; Tue, 24 Mar 2020 10:50:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0XkkRL0EiDlUKhTxrAzt3XqRdLLJ0XsJYrYZqotRn+w=; b=sSI3OQ4DLb9jvZmWDWLpL33QZR1jCQvrpR9ScJ7T0mwE7ASRZLTz2nMRNhAYoVbk2n C2a5wJHny4JmYF0uY4uVwOyYhIjSofMF4az1TPtWclmnm8pBWhdieMofe0ApTLhhmuid AcWYgK8ZBEqgS1pS6wmMPaAt8z1OQmfUoNYgW4/8CxwCf6dj5HXlogn/C3TnqSIdnpBu AFlROf2gv3/kyljbJlR9nL1T4dHltCTBJCabxjHXiJXF7j7gcB9wkc68wTDx1kjay8Lj AkiiYkcfNuCFp20ks0tHnGL62Nr1Yq43EzfvKP0FoYqA5O9lPI08lgdcuh6voBKmgkhO mM7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0XkkRL0EiDlUKhTxrAzt3XqRdLLJ0XsJYrYZqotRn+w=; b=nTXDR77srzxQbLI4jj/e0Yy92hPJLY0o2mYs83+tTifV/jyQME9Q4qEkXpbXziNuGI kLaaJfx9cnqXsjp6ULd9opLW6+ji9H6Vl0O/LDR9STdIp8Wm254So8L0OoRxZhXSE7/S Yo749tjrTt4fPwIJf1+/mJBatcWWwiyz+unycsCBi+liyq54hFkX9miKJtUh/Xr1FdJh WOArjrlmZ/pcX0VQksB0SShM4WMkxBTJW4hqD7N8Nq8kEqerFg30RR0/fzTbdaLh+wYN KK3NgqyVtikRD2pjnc7iCuZFDJsmCJM0DiP49IfulvXaY9yYJKH8dT5EK40EcDq2GzL6 q2yg==
X-Gm-Message-State: ANhLgQ3Jln21Sr0YJKI/Ko6tlYjIY4raU7muV2Zklpv0ZQA6LlpqPQ6b pDvVpPYcYrb2BK6tZmU5BCEuqCKQlOJ8TeP07pXHMg==
X-Google-Smtp-Source: ADFU+vuyzVTNPuIspGE4CS4PQG33Rol0VGvdDgmLBO1X7dzjZ9FESn1XfJzV/Fl6ptz7Pg6p2chcc5O3UennXz+X9zk=
X-Received: by 2002:a50:d5c8:: with SMTP id g8mr28583267edj.370.1585072235935; Tue, 24 Mar 2020 10:50:35 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S349SE2Ho0V2bJPSE7dh3+2f5Wiw1AofMke0RY4FwF=ebw@mail.gmail.com> <679FAA73-401E-499D-87CB-10F973E05DD6@strayalpha.com> <MN2PR19MB40455E00DB52880A38EB494C83F00@MN2PR19MB4045.namprd19.prod.outlook.com> <4FA8060E-C661-42FB-BCA1-43F32E5FA1F5@strayalpha.com> <MN2PR19MB40458C69C9C91C70AD889D3A83F10@MN2PR19MB4045.namprd19.prod.outlook.com> <CALx6S35J8K0bAmPp72svv+BuOKc1ZdrK_odfcJsPujmQz-iyyA@mail.gmail.com> <MN2PR19MB4045877E00DB58216A58A45883F10@MN2PR19MB4045.namprd19.prod.outlook.com> <CALx6S36eY1mv-US5sajO62wXGqPr=So3RJCedOT9rZU74Q2ZdQ@mail.gmail.com> <571ab190-858f-47f3-1ef4-883d3d1287b1@erg.abdn.ac.uk>
In-Reply-To: <571ab190-858f-47f3-1ef4-883d3d1287b1@erg.abdn.ac.uk>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 24 Mar 2020 10:50:24 -0700
Message-ID: <CALx6S36JRzKhbPENubJ2=U0XzodoUPmj-uYj1TCSp5HG1k+NXQ@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: "Black, David" <David.Black@dell.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/zK49WV871qW6HKHqM8RiXtUs7AM>
Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 17:50:41 -0000

On Tue, Mar 24, 2020 at 9:43 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote:
>
>
> On 24/03/2020 16:31, Tom Herbert wrote:
> > On Tue, Mar 24, 2020 at 9:17 AM Black, David <David.Black@dell.com> wrote:
> >> Dell Customer Communication - Confidential
> >>
> >> Tom,
> >>
> >> In 20/20 hindsight, I've clearly not fully understood your original comment.
> >>
> >> Could you propose specific text changes that would address it?
> >>
> > David,
> >
> > My original comment was that the following text in the draft is not
> > relevant for the reasons I mentioned. The change I suggest would be to
> > simply remove the paragraph:
> >
> > "o On the one hand, protocols do not necessarily have an incentive to
> > expose the actual information that is used by the protocol itself and
> > could therefore manipulate the exposed transport header information to
> > gain an advantage from the network. The incentive to reflect actual
> > transport header information has to be considered when proposing a
> > method."
>
> Why do you think this is not a view held by some people?
>
Gorry,

I'm only giving my opinion.

> This is a point that has been included in the draft for some
> considerable time, and consideration of incentives to lie has been a
> recurrent theme in understanding deployment stories. The present text

It was not previously mentioned in the context of extension headers.
This is a general consideration for any unauthenticated plaintext data
in a packet that an intermediate node chooses to consume. As Joe said,
in the absence of any requirement or contract, it's the prerogative of
the host to manipulate packet contents as it sees fit to gain an
advantage (where sometimes the "advantage" is just that packets get
delivered and not dropped).

> simply notes this point, and then says it should be "considered".  The
> story of why TOS was extremely difficult to deploy outside of controlled
> environments is a nice example of this.
>
> This is part of a two-part construction. I see this point as balanced in
> the second part (which I assume you would agree with), and I chose this
> re-ordering so that the second point was mentioned last

I provided text with three tangible benefits of exposing transport
layer information in Hop-by-Hop options, namely: 1) Hop-by-Hop options
work with any transport protocol, 2) Hop-by-Hop options are explicit
so that the end host or application control their content, 3)
Hop-by-Hop options are the only protocol conformant method to expose
arbitrary information to the network. I don't see that the latest
draft includes these, especially points #1 and #3. Why did you choose
to omit these in the latest draft?

Tom

>
> Gorry
>
> > Tom
> >
> >
> >> Thanks, --David
> >>
> >>> -----Original Message-----
> >>> From: Tom Herbert <tom@herbertland.com>
> >>> Sent: Monday, March 23, 2020 11:22 PM
> >>> To: Black, David
> >>> Cc: Joseph Touch; tsvwg
> >>> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >>>
> >>>
> >>> [EXTERNAL EMAIL]
> >>>
> >>> On Mon, Mar 23, 2020 at 6:48 PM Black, David <David.Black@dell.com>
> >>> wrote:
> >>>>> That sounds like it’s leaning towards extortion - the kind we have now, in
> >>> which
> >>>>> “if you don’t let us see your ports and we don’t like them, we’ll block you”.
> >>>> That sounds like a networking version of turning Spinal Tap’s amps up to 11 ...
> >>>>
> >>>>
> >>>>
> >>>>> I’d lean the other way - that the network really shouldn’t be doing anything
> >>> based on information
> >>>>> gleaned from transports - explicitly given or not - because it only serves to
> >>> create mutual escalation of misinformation.
> >>>> ... and that looks like other end of the spectrum.
> >>>>
> >>>>
> >>>>
> >>>> What I had in mind was something more balanced about benefits to exposing
> >>> some information to the network that motivate endpoints and endpoint
> >>> implementers to do so ... where motivate is not intended to imply extortion-like
> >>> threats, and the benefits aren’t necessarily the network doing something
> >>> immediate based on the exposed information (there are several examples in
> >>> Section 2.3 of the draft).
> >>>>
> >>>>
> >>>> To be concrete, here’s one possible text change, based on taking out the
> >>> words that seems to be the focus of this discussion:
> >>>>
> >>>>
> >>>> OLD
> >>>>
> >>>>     o  On the one hand, protocols do not necessarily have an incentive to
> >>>>
> >>>>        expose the actual information that is used by the protocol itself
> >>>>
> >>>>        and could therefore manipulate the exposed transport header
> >>>>
> >>>>        information to gain an advantage from the network.  The incentive
> >>>>
> >>>>        to reflect actual transport header information has to be
> >>>>
> >>>>        considered when proposing a method.
> >>>>
> >>>> NEW
> >>>>
> >>>>     o  On the one hand, protocols do not necessarily have an incentive to
> >>>>
> >>>>        expose information that is used by the protocol.  The incentive
> >>>>
> >>>>        to expose transport header information has to be considered when
> >>>>
> >>>>        proposing a method to do so.
> >>>>
> >>> David,
> >>>
> >>> That's changing the meaning of the text. The original text was making
> >>> a point that if transport layer information is exposed there needs to
> >>> be an incentive for the host to set the information honestly and
> >>> correctly. This is true, not just for transport layer information but
> >>> for everything the host tells the network. An obvious example is TOS
> >>> in IPv4-- left to their own devices everyone would just request the
> >>> highest level of service of traffic for all packets. So we need some
> >>> tangible incentive for user to be honest and correct. For instance,
> >>> TOS might have worked if the user were explicitly charged for the
> >>> higher level of service, but that would imply a contract between the
> >>> network and the host is established and a whole bunch of mechanisms
> >>> that require far more than just anonymously volunteering some
> >>> arbitrary amount of transport layer information.
> >>>
> >>> Tom
> >>>
> >>>>
> >>>> Which leaves room to argue that there is no incentive, or there is insufficient
> >>> incentive, or the risks outweigh the benefits, etc.
> >>>>
> >>>>
> >>>> Thanks, --David
> >>>>
> >>>>
> >>>>
> >>>> From: Joseph Touch <touch@strayalpha.com>
> >>>> Sent: Monday, March 23, 2020 7:08 PM
> >>>> To: Black, David
> >>>> Cc: Tom Herbert; tsvwg
> >>>> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >>>>
> >>>>
> >>>>
> >>>> [EXTERNAL EMAIL]
> >>>>
> >>>>
> >>>>
> >>>> On Mar 23, 2020, at 3:19 PM, Black, David <David.Black@dell.com> wrote:
> >>>>
> >>>>
> >>>>
> >>>> [writing as draft shepherd]
> >>>>
> >>>>
> >>>>
> >>>> Point taken – would it be reasonable to rework that paragraph to observe
> >>> that there should be incentives for endpoints to expose transport information,
> >>> e.g., otherwise implementers may simply not bother?
> >>>>
> >>>>
> >>>> That sounds like it’s leaning towards extortion - the kind we have now, in
> >>> which “if you don’t let us see your ports and we don’t like them, we’ll block
> >>> you”.
> >>>>
> >>>>
> >>>> I’d lean the other way - that the network really shouldn’t be doing anything
> >>> based on information gleaned from transports - explicitly given or not -
> >>> because it only serves to create mutual escalation of misinformation.
> >>>>
> >>>>
> >>>> Joe
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> Thanks, --David
> >>>>
> >>>>
> >>>>
> >>>> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Joseph Touch
> >>>> Sent: Monday, March 23, 2020 11:20 AM
> >>>> To: Tom Herbert
> >>>> Cc: tsvwg
> >>>> Subject: Re: [tsvwg] Comment on draft-ietf-tsvwg-transport-encrypt-13
> >>>>
> >>>>
> >>>>
> >>>> [EXTERNAL EMAIL]
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Mar 23, 2020, at 7:58 AM, Tom Herbert <tom@herbertland.com> wrote:
> >>>>
> >>>>
> >>>>
> >>>> Fundamentally, transport layer is end-to-end information. There is no
> >>>> contract between end hosts and the network that hosts have to be
> >>>> honest or correct in setting information in the transport layer-- the
> >>>> only contract is between the endpoints.
> >>>>
> >>>>
> >>>>
> >>>> +1
> >>>>
> >>>>
> >>>>
> >>>> Another point worth mentioning:
> >>>>
> >>>>
> >>>>
> >>>> - if endpoints can lie or mislead about transport info to get their way, they
> >>> can, will, and IMO *SHOULD*.
> >>>>
> >>>>
> >>>> That goes for using port 53 for nearly anything anyone wants to. Transport
> >>> info isn’t there to make things nice for network operators - that’s what the
> >>> network layer is for.
> >>>>
> >>>>
> >>>> Oh, yeah, I know - network operators don’t want “heavy” stuff in *their*
> >>> headers because it slows them down when they don’t want it. Too bad, IMO. If
> >>> they want the info, they need to deal with the pain.
> >>>>
> >>>>
> >>>> Joe
> >>>>
> >>>>

v2.23.0 | Report a Bug | By Email