Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim

Linda Dunbar <ldunbar@futurewei.com> Fri, 04 June 2021 17:42 UTC

Return-Path: <ldunbar@futurewei.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C383D3A1A9C; Fri, 4 Jun 2021 10:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lxJ0hctI3me0; Fri, 4 Jun 2021 10:42:17 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2133.outbound.protection.outlook.com [40.107.92.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13BF63A1AA1; Fri, 4 Jun 2021 10:42:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JwImDK4AjLvVBLwhN1hwMA+Eh6zwgLxyaEt+zq3vrXygcQplE7ACzSJ0AuHyxmVdpyInY9mn2BUYeaa5qM0KVUYsXbisLXPGESYM7bggjHl7gY4oZYwkSB8MrIkkpgqJ5eYjtqYD9E94cCM3QkWfTlix70vxSIGbwYknftIyHRQ5t4gWw8Mgc5fJV1t445xXyXCQDgmFs0OeQ+A6+YGzE5204kupmEy52d3Frwj9kb74BHHG2Wd7heMf0wQiVmvQbrDwbUcOy4/Q/cMuGSxTQ0io2GW3cKLlGSSwQvDwF6lLCNEc5uZDNaHqgq0Sd9A8l9e2xIYK+aPyDv1k8EYHBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Yok903IT6Ec3l+Rj8ot0e7L7em/TleJOFZ9AjzrCa90=; b=HZMS8A+OQRUWmj50f8qEVJTWCDMD235z/Bt6wL1iJSADgsm6+ztR84oolVMnKhnu03xzHAPkM97iyAesKWYJVpMgrXNYgs1L17iOXgVM/Y3MHTapdefSPp+56yoF1ZxicCVxX0NNBLzdGF7fNpA8MrTOstdwIQL2BjBqlT4ywoICnw4RQvr9UZVm0qslnUGCoXD0s/uklO+N4yy3vhZ4Wk+bAO5CYtPjD5N+R5peENi6a0+cpDVdYZnKIWN6YNCjbNEQoj+eNJZf/zA6X/edoFHZPFARIX7WgIXphAcC0nH14ZpnhCem0EfC6swE1CkP66eZNdIcJ+wWxcKrgyodWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Yok903IT6Ec3l+Rj8ot0e7L7em/TleJOFZ9AjzrCa90=; b=Vez5X2zw39ScsxnFbaMj93D52AOAEYf6LH21YEw+/n3T5vcAaHA9cBcPROgGaQym/VHIAV2fWDFpQl7Rgp17gotekxHoQBDOVD+cQ9iEwrcHQ/qpVDDZaS+jt5eaffS5RGiG3Hk7R4vSqsyuT36YQBer0S/l0ZAFXFVyJPX42Hk=
Received: from PH0PR13MB4922.namprd13.prod.outlook.com (2603:10b6:510:92::5) by PH0PR13MB5052.namprd13.prod.outlook.com (2603:10b6:510:97::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.11; Fri, 4 Jun 2021 17:42:12 +0000
Received: from PH0PR13MB4922.namprd13.prod.outlook.com ([fe80::e0bd:a1eb:fcce:c744]) by PH0PR13MB4922.namprd13.prod.outlook.com ([fe80::e0bd:a1eb:fcce:c744%8]) with mapi id 15.20.4219.012; Fri, 4 Jun 2021 17:42:12 +0000
From: Linda Dunbar <ldunbar@futurewei.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rtgwg@ietf.org" <rtgwg@ietf.org>, "apn@ietf.org" <apn@ietf.org>
Thread-Topic: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim
Thread-Index: AQHXWV8xS9XsZRp9ZEaa3aw75+8/PKsEG1Cw
Date: Fri, 4 Jun 2021 17:42:12 +0000
Message-ID: <PH0PR13MB4922EF9BAC0CCC4BB8CC38E6A93B9@PH0PR13MB4922.namprd13.prod.outlook.com>
References: <PH0PR13MB4922A88EFE55FA2398651301A9239@PH0PR13MB4922.namprd13.prod.outlook.com> <c78e1bae-042b-e0bb-be4a-c2223d039b11@sandelman.ca>
In-Reply-To: <c78e1bae-042b-e0bb-be4a-c2223d039b11@sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [2603:8081:1700:ab:5537:c14f:baf7:aa6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4b1c768d-ec91-48d6-9d95-08d927801612
x-ms-traffictypediagnostic: PH0PR13MB5052:
x-microsoft-antispam-prvs: <PH0PR13MB50525A2C1B6EF31566544929A93B9@PH0PR13MB5052.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EvtOi9VFPZMNDAFf28Uu5CPa6ohQjXY6RcoGxWgzhATfIBZ8ODGGlvcJ9Wjs+X+WwFXkNVIEyVcMABav9XxcKma2hdknm8/PNP6mysNyDXOPOtlUqdFYbYLG3uqjimFefabZSjr2HmtaFtbP3a39XO409/RO1kVZnUZ2DMVYR6fPTz7tZNtJhUjrpc5pI9xZcZyVmvHtSH1h3Zbw6nyC/fCKrVZZR/l5uNZ5pPwVvVHnvv1rfBmxPscFP1BIBSlT9dDQgEX8KEEx7Iz+mcDBkK515V8EMcXAqsDgemyIzdLdfGtVzHRh9JTU6VMxIKGqKA8R+b1xxjuTxufFp8f2TuT+ilIQOS/d5BXD4SicTvt05uUEdQl5O5kmufopuiMHj+oL3qCX7BHt2pLK0wLlMKi9C83K54TAz+WYfzVtJLjibyrtHW+E2LFtEcKKvEpFuNJMP9Sv7REocZkjb9iHl+pNOoNPSYlc2+2TbBtNzkcALW/sPuQUYLThcmfZbCJE5hUMUizVSBA3muX1zTUG1+zwJ3bxpF2KCXGQg/vM82A33801jCl9PbE1209IuknDDOtZ4ZSLxSg6dPijuuqVE+wtYGEuyLXC8wjKtPt7qVTEmc08aHSFopaM1DzAUnKtFOdc9i08TzDECUb1GTIdQWpAnwHr/qcd/w0WScx9aKBimbTJx3VTitiIdCYhkP6uErbpbtl3YQdMdh6AEet4A8bpmz6tHQKAnqWlwBxAFD5GHq+e9VHmJqxQon+uABQqfOpBwcwF1x8keWAgNiuzlw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR13MB4922.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39840400004)(396003)(376002)(136003)(366004)(346002)(15650500001)(66556008)(52536014)(66476007)(76116006)(64756008)(66446008)(66946007)(5660300002)(45080400002)(2906002)(478600001)(966005)(33656002)(71200400001)(86362001)(38100700002)(8676002)(6506007)(53546011)(83380400001)(9686003)(186003)(66574015)(7696005)(55016002)(316002)(122000001)(8936002)(110136005)(141324003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?tVv/fcKonzdIb9iI5EE34iAhOLPLPFwOBZeDg/EAH7jg/+fxcIrZSMeiNRxu?= =?us-ascii?Q?gSPXkMIdaFfp1TJ8pSiyUG57mSwmCmTK1r07PKnyTT4zo7tKtPb9Qlo4tet/?= =?us-ascii?Q?aFuQnLmZS01zVzbUWugZHy5ZN+nTzzjQWOtDtXE7VaiAtIzB+cFxxvQNC+v9?= =?us-ascii?Q?CXkQGZ7nPqsQ2YMWRMh3TIOX0vIMEml/bFe9UcMzMlZ2Ygb0uY9G1b7hPi8A?= =?us-ascii?Q?cOEHtQxZAyCevFQ62tbFtfN1+f814mxrkXsQGFuOp5mQX+1CxOTpJGhD2RQB?= =?us-ascii?Q?0si0kke7Yxvy75xrohzdnQ68U+YLkqEfPtxDwBmKtKCa2HsIbBgFKejdSmdh?= =?us-ascii?Q?pBBZdok93IDSs95CBOfAtOmzTwGId3zk+Smx85ww2mLnh5V351B/ZpfESnjr?= =?us-ascii?Q?kh0jfbkyxN9j6eRgCnbSEkitptJd87vOD0ZffK5oBEVoDP/9neXRcdkKs8IX?= =?us-ascii?Q?qN3QxkXJVFEjofZLxgp1eYqBDVclGMVAtTosysY+n6MFM3gLPZ8C5tYguE8X?= =?us-ascii?Q?m0FHrYR4i6gYtQIHXjLgasExBXc9vVLJq31s9tCJuBBmQIiYuS/SDmyP0a95?= =?us-ascii?Q?Kdq4Uyhid8wtu0bemxJBGW3RaNsR+2prnVl3FGzNBzKg2PgUSG40bdL1XvHo?= =?us-ascii?Q?4j3n/lvt8+SqOelBL1OFtyCFpA/gKn2pu96dY0leEh2oXyXJnBkLRkJ9VY/l?= =?us-ascii?Q?LK57mqoALYHR3GPf0RR2kEXZfFNK8X/enfT3axz+PVEJJ+DckeDgKR8LPAug?= =?us-ascii?Q?GobrKPE6dHeTkuPMF0V07EkoZczw7yHEe9PGpn/3oPu+IB5X6+OnMggH429g?= =?us-ascii?Q?BqRtCfPU61UGiTETjtmMfAu5QQeR2RbMwTwk8uOpkzA84ReFpz0JojbB9p6C?= =?us-ascii?Q?KEGVWYgx5vPxCJE/dGwf3cM5WpdQvKR5Tn2YtjRrlc1cTnF2ChVVvP//8JEe?= =?us-ascii?Q?NR8KwDs7opkF0wMdW0qVomw+wm2NZLabmGLsrW0akESB0142YLiDZZGlGM3k?= =?us-ascii?Q?J9X/qqJqe9kk3+1zHvzpzLWAZq/mVs18uw+vMTjfp1M+9QNG6Xil3nwIxaio?= =?us-ascii?Q?0niw2aQUVqSTWIgArVmYEipFvDEoUwfzP4bjmlXb8240L0T8XMtegJbpQdzk?= =?us-ascii?Q?DvWkGTs4k9JiQXUIAn9madlu7mLFveThppUhu8pTIG6vE0hADpavvJmBpW6g?= =?us-ascii?Q?jjA2JghwsRzIbTNHxvWPIw3xQPUaakcNX5r2ZDjL8Z/tQsKvCtTo9dAvkGqG?= =?us-ascii?Q?tTZGE3BST5/AWNHzEnMp8lTdTEQlRL5YfvPvWM8GvLPyYHZES+B0pcnG1iTh?= =?us-ascii?Q?4ufZZfnlwUZbPzl6k2eh5nydzax+ObuixC7SSEzYhsU4mbGXDXSHPtHkZyUP?= =?us-ascii?Q?aOjQrbc=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR13MB4922.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b1c768d-ec91-48d6-9d95-08d927801612
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2021 17:42:12.7389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wR1LRghHNJ0jh5KCGco3kJ3bMB4kU5su5fAMjKAL3uoydr9+OwvVMYUHDimCmIKbQsxJfsdyBASZBYv/QVL1xg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR13MB5052
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/R5kOUTEHI3LeeJ7unoghrmJ8W9M>
Subject: Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 17:42:22 -0000

Michael, 

WIFI is collision based transmission, and it doesn't support radio side differentiated services as good as 5G Radio does. 
Therefore, WIFI can't support specialized ultra-low latency services as 5G does. 

There is no point convincing you of the 5G value. But one thing for sure, there are a lot of 5G enabled vertical services powered by specialized closed loop networks. Netflex is not one of them. 

Linda

-----Original Message-----
From: Apn <apn-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Friday, June 4, 2021 11:32 AM
To: rtgwg@ietf.org; apn@ietf.org
Subject: Re: [Apn] why it is necessary to differentiate the security concern for 5G Vertical Networks from the grand Internet ( was RE: Application-Aware Networking (APN) focused interim

On 2021-05-27 6:51 p.m., Linda Dunbar wrote:
> Michael,
> 
> Since you have "mostly ignored 5G", here are some real money making business enabled by 5G.
> 
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> youtube.com%2Fwatch%3Fv%3DherCDIhWUnM&amp;data=04%7C01%7Cldunbar%40fut
> urewei.com%7C183a263cffab4b8988c508d92776529e%7C0fee8ff2a3b240189c753a
> 1d5591fedc%7C1%7C1%7C637584211419748943%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&am
> p;sdata=0%2FxH6V157DXKpaOAtDxZT1kjNC3kFV4FL78q99iUpF4%3D&amp;reserved=
> 0

_New 5G technology 'transforms virtual sport and entertainment viewing'
Was pretty much content-free.  I learnt that I might be able to order hotdogs while at the game

> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fyout
> u.be%2FGtu11EuCSXw&amp;data=04%7C01%7Cldunbar%40futurewei.com%7C183a26
> 3cffab4b8988c508d92776529e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%
> 7C637584211419748943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
> joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=oVl1wFM23Gt
> FkvXHF4cOFpSbPpRo36FLVTkCtlemO4E%3D&amp;reserved=0

5G for Sport	- a bunch of not yet here user interface technologies from 
BT... Google Glasses redux... "Every seat will be the best seat in the house"... just pure fantasy for the UI side of things in my opinion. 
But, I'll accept this technological McGuffin for the moment.

> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> youtube.com%2Fwatch%3Fv%3DZNQ4c4xeKEg&amp;data=04%7C01%7Cldunbar%40fut
> urewei.com%7C183a263cffab4b8988c508d92776529e%7C0fee8ff2a3b240189c753a
> 1d5591fedc%7C1%7C1%7C637584211419748943%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&am
> p;sdata=gtR%2Fbp8Y47j45e4OfuPNARVLdpib337vjQSYzRLNwCM%3D&amp;reserved=
> 0

Verizon 5G Edge and AWS Wavelength: Changing the experience of basketball | Verizon

All about shot-tracker.  They compared 5G to "4G", but not, to for instance, wifi6.

> 
> The business model is no longer the traditional monthly subscribers, but more of the Services oriented business model, enabled by dedicated closed-looped or Non-Public Networks (called by 3GPP).
> 
> Those Closed-Looped networks or Non-Public Networks, where APN is more likely to be valuable, have different security concern than the public Internet. It is not Netflix sending traffic across the public Internet and requiring subscribers to pay a premium, which has net neutrality and privacy issues.
> 
> In the Closed Looped Service Network, there is always a Service controller dictating various policies. There are many things that the Network needs to interact with the Service Controller, which is out of the scope of IETF APN. From IETF APN perspective, it needs to achieve optimized forwarding based on the Application characteristics managed by the Application/Service Controller.

Videos 1 and 2 were all about subscribers getting access to content, exactly as with netflix, but now all multi-feed, live and in 3D plus 
replays.   I saw nothing about a services oriented business model.
I see that the applications need to very clearly articulate which streams they care about, and this needs to go into the network.
(I don't really care if "Netflix" is across the Internet or via private peering.  It crosses an AS, and in the virtual interim this fact was
re-iterated)

The shot-tracker situation sounds like some kind of local 5G deployment at the basketball team training facility replacing, I guess, wifi. I'm unclear why there is any data going offsite ("edge computing" is mentioned a lot).... but maybe there is some AWS connection.  But, given that the whole facility is wired, I don't see why fiber can't provide.

So all my points remain: if end-user devices are involved (up to the application in order to know which QUIC streams are which), then we need a trust model between the devices and the Service Controller.  The lack of this trust model is why all the previous efforts have failed. 
Rejigging the L2 encoding won't change this.

Getting that trust model in place would be truly revolutionary.
Not only could I pay for better bandwidth when I need it, but I could also "unpay" for nuissance traffic and have it blocked upstream.
DOTS has gotten a lot way towards this, but it depends somewhat upon the home routers being provisioned by the ISP, and does not include end devices as yet.

--
Apn mailing list
Apn@ietf.org
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fapn&amp;data=04%7C01%7Cldunbar%40futurewei.com%7C183a263cffab4b8988c508d92776529e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637584211419748943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=wYgoIqsfHsLoNXE%2BUV8Hq5z7CP0TK2F6LzKgJ6%2F4Wv8%3D&amp;reserved=0