Re: Results of IETF-conflict review for draft-williams-exp-tcp-host-id-opt-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 27, 2016 at 2:10 AM, Harald Alvestrand <harald@xxxxxxxxxxxxx> wrote:
This one surprised me a bit.

Asking for blockage of an ind-sub is a fairly unusual thing.
I kind of expected to find in the IESG review would explain the nature
of the conflict, but the totality of the review is:

"The IESG has concluded that this document violates IETF procedures about
pervasive monitoring (RFC 7258) and should therefore not be published
without IETF review and IESG approval. This work is related to IETF work
done in the INTAREA WG."
 

The procedures I could find described in RFC 7258 are these:

   Those developing IETF specifications need to be able to describe how
   they have considered PM, and, if the attack is relevant to the work
   to be published, be able to justify related design decisions.  This
   does not mean a new "pervasive monitoring considerations" section is
   needed in IETF documentation.  It means that, if asked, there needs
   to be a good answer to the question "Is pervasive monitoring relevant
   to this work and if so, how has it been considered?"

   In particular, architectural decisions, including which existing
   technology is reused, may significantly impact the vulnerability of a
   protocol to PM.  Those developing IETF specifications therefore need
   to consider mitigating PM when making architectural decisions.
   Getting adequate, early review of architectural decisions including
   whether appropriate mitigation of PM can be made is important.
   Revisiting these architectural decisions late in the process is very
   costly.

The draft in question does have a "Pervasive Monitoring Considerations",
so the issue has certainly been considered by the authors. One may agree
or disagree with their conclusions, but one can't argue that they didn't
consider it.


​I think you missed "able to justify related design decisions" in the
text you pasted above.  The document does consider pervasive monitoring,
but the related design decisions (which make user tracking substantially
easier) are not justified in the draft.  Further, the draft appears to hint
that it has IETF approval when it clearly does not; here's the text from the
abstract:

   Recent proposals discussed in the IETF have identified benefits to
   more distinctly identifying the hosts that are hidden behind a shared
   address/prefix sharing device or application-layer proxy.  Analysis
   indicates that the use of a TCP option for this purpose can be
   successfully applied to some use cases. 
​The proposals have identified benefits according to the authors,
but the IETF declined to adopt them because there were far bigger
downsides.  This abstract gives the opposite impression, which is not
exactly kosher.

 
Armchair lawyers will also note that the procedure refers to "IETF
specifications". An independent-submission RFC is *not* an IETF
specification.


​Yes, and we have historically said that publishing things in
the ISE stream when they counter IETF specifications can
only be done when the IESG deems there to be no conflict
with IETF specifications.  This clearly does conflict with the
thrust of efforts in the IETF (e.g. tcpinc). ​


Note: I'm not arguing that this particular idea is bad or good.

I'm saying that the IESG's justification for recommending it not be
published needs to be more explicit about what the problem is, and why
requesting an IESG note to be added saying "this is a Bad Idea" isn't a
better IESG response.


​I can certainly support a request to the IESG to be more clear on
its reasoning, but I also strongly support their decision in this case.
While this experimental code point is in use, encouraging its further
deployment and accepting this document's analysis of the tradeoff
with pervasive monitoring concerns is contrary to ongoing work
in the IETF.  A "do not publish" seems to me entirely warranted here.

Wearing no hats,

Ted​

 
Harald


Den 26. jan. 2016 00:13, skrev The IESG:
> The IESG has completed a review of draft-williams-exp-tcp-host-id-opt-07
> consistent with RFC5742.
>
>
> The IESG recommends that 'Experimental Option for TCP Host
> Identification' <draft-williams-exp-tcp-host-id-opt-07.txt> NOT be
> published as an Experimental RFC.
>
>
> The IESG has concluded that this document violates IETF procedures about
> pervasive monitoring (RFC 7258) and should therefore not be published
> without IETF review and IESG approval. This work is related to IETF work
> done in the INTAREA WG.
>
> The IESG would also like the Independent Submissions Editor to review the
> comments in the datatracker related to this document and determine
> whether or not they merit incorporation into the document. Comments may
> exist in both the ballot and the history log.
>
> The IESG review is documented at:
> https://datatracker.ietf.org/doc/conflict-review-williams-exp-tcp-host-id-opt/
>
> A URL of the reviewed Internet Draft is:
> https://datatracker.ietf.org/doc/draft-williams-exp-tcp-host-id-opt/
>
> The process for such documents is described at
> https://www.rfc-editor.org/indsubs.html
>
> Thank you,
>
> The IESG Secretary
>
>
>



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]