IETF Logo Mail Archive

Re: [Apn] Further revised draft Charter

"duzongpeng@foxmail.com" <duzongpeng@foxmail.com> Wed, 18 January 2023 15:53 UTC

Return-Path: <duzongpeng@foxmail.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11136C14F738; Wed, 18 Jan 2023 07:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.849
X-Spam-Level:
X-Spam-Status: No, score=0.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HELO_DYNAMIC_IPADDR=1.951, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=foxmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mi6Jfsf4vUcv; Wed, 18 Jan 2023 07:53:06 -0800 (PST)
Received: from out203-205-221-239.mail.qq.com (out203-205-221-239.mail.qq.com [203.205.221.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20292C14CEE4; Wed, 18 Jan 2023 07:53:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1674057179; bh=S62X2JCpDuqUHmqrDkUCgcFPrR3KqNTExb0H9YGpx9Y=; h=Date:From:To:Cc:Subject:References; b=KgiUcLKEdu22J+gmiQ8ggplSHXCdWueCxSByDhp5yhl1b0DP7ylyoJAUgndoZeFei ubKVUa5/wGCpHWfnHsItnEn2YLDEdeNJ+rev8jhfNRUdjYRyZIIrycO7TR78lpW8Ed kOoVaeJVaKvUhR2SjBe/digRLWB+bln6whp7nIes=
Received: from cmcc-PC ([123.119.232.15]) by newxmesmtplogicsvrszc2-1.qq.com (NewEsmtp) with SMTP id D39AC6A6; Wed, 18 Jan 2023 23:52:57 +0800
X-QQ-mid: xmsmtpt1674057177tnpn9dnvp
Message-ID: <tencent_14E50950C63E1CEC847CF46D156A34511108@qq.com>
X-QQ-XMAILINFO: M9dHPJQgK86CTm7Mb3WU4WF1qcA4WENmt5ViCuJdtKWPbzm3GuvtSq3VyMqaMI FXsYbqsAvVPIXJho5ywFYZxhxXJUG3regaZGddK/kwqb4EYJq4XoTPMC9A2L4bth2nSCfVOMzqpm r3Q9hwa1XQktYsfpES1y0CEx8kAV9GzIHx9PD1AjxqtPkZrhFe4hrrnMV6f3IVhc9s345GSM8VhI iwuYJKS3TAkNfneOqnl/3q6v1wQ0NaUYIA8CvBIYJqWeb4u/a6ZhLyjJ8M2/VAZ7uGNh8t7p4yrI C7rIsD7BAHViAIdOZ/yzctiC0Izvc4LolEhmoahlwI5d4hSEEyxvcqj6OeijQ/QNXnkXg0DJ2UYd QKay7r9NLmD/Awe9Z3kwXoB9+vOtHhZK/Yl2XDrxyGJpnqez6XH6gM2BI09Ex2uprVQxSMGkUpVL /BO+n9vgW9SV/F3QVo+jC3L3BkNybLHHlashX7pOX6HD5l5iIJrizOhaAx+61Wnw7mmxGbSDOcT3 nvcq/AkG4yoT3Ru9QN/M1YsmzUL3Sl/GohhMnzGNa3XFcSZRRCH0X7yY8pa4ofGmC/b6LqFqTu3L UBEkcfIJ40TfTLlAGg6vzwKsK75qnMtLe5h/k5mHs21Hnk55RoJEp47Ixo9uus3NmrNrczhFdLm6 WXXZcJ6wGzCCc2vbW0QexLWDeYXqDWE5Zzk5bH6IxflDfaLd6NTrXtdeCq7Oh5oYSvrX7wlYmrRj q7DB3Yi4EknblZ4WZAlwrjxvGhBa6wg+GfrwAk3ATY0LkL8j7rugdGQEhco3bKVv3aMhrUE8bKNg 4phDlg6YNh0Ime19+9+BSrgFdUiePkGPDLVhKo8w2JdyFA1nauZ52QFD+USZoEJuz6K1m9VA2rPS 2kAkIteIGhu5dRG5GsXDvWBc4k63Za98QEZcbpBfQCteA3c4wMZAg3MZ36oFpD+Ec1Xg32YRN3+h 4HbkP2wzNlqGyl7gfsyNBZAT+1zfWxaJOiEEh2siiqd81vC81HOgi6VRYgjhjvdtL8WGjcXx+54O XcSYLLu/DxBhk76GVIteLNl6XyHNXOMYqBLYHB/eJ1SQd9baz0
Date: Wed, 18 Jan 2023 23:52:58 +0800
From: "duzongpeng@foxmail.com" <duzongpeng@foxmail.com>
To: Ted Hardie <ted.ietf@gmail.com>, Donald Eastlake <d3e3e3@gmail.com>
Cc: "apn@ietf.org" <apn@ietf.org>, apn-chairs <apn-chairs@ietf.org>
References: <CAF4+nEFHcKBbc7J8v3yj_b6V1==4yUBOOhdazR2yrP75Gcd0mA@mail.gmail.com>, <CA+9kkMAqGi-RQBB=1Mh1b-r3eMc9ysrafAR+7gOUWG=V5X_Vsw@mail.gmail.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.25.178[cn]
Mime-Version: 1.0
X-OQ-MSGID: <2023011823525736725113@foxmail.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart668057766357_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/qk2oOz4MbKGYWum8Id-R1qnRzbM>
Subject: Re: [Apn] Further revised draft Charter
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2023 15:53:10 -0000

Hi Ted,

    Some personal opinions here. Hope it can help.

    APNET Field is used to carry more information in the packet so that various network services can be provided to the tenants more easily. We think APNET is solving an imminent problem of deploying various network services in scale. 

    I agree with you that more information would be provided in the APN packets. However, IMO, not all traffic are needed to be marked with the APN bits. I think that the APN packets are just for specific flows that have a special SLA requirement. Meanwhile, proper encryption mechanisms can mitigate the problem perhaps.
 
    About the architectural side, IMO, I think the APN marking is more flexible and straightforward. It can provide a data-driven on-demand APN triggered policy. As I have said before, not all the traffic need to be APN marked.

    The signals you mentioned last means the APN marking? I agree that the information carried in APN bits is actually flow oriented. But the trusting and restricting problems should be solvable. 

Best Regards
Zongpeng Du



duzongpeng@foxmail.com & duzongpeng@chinamobile.com
 
From: Ted Hardie
Date: 2023-01-18 17:16
To: Donald Eastlake
CC: apn; apn-chairs
Subject: Re: [Apn] Further revised draft Charter
Hi Donald,

I've read the new charter, and I continue to have both privacy concerns and architectural doubts.  On the privacy side, you note that there are a variety of services which might be required ranging from routing to prioritization and measurement.  The larger the number of services, the more likely it is that a specific combination can be used to fingerprint traffic in ways that become problematic.  I'm sure you're aware of the literature on this from the web world relating to headers and font selection, so I won't belabor it too much, but I feel the open-endedness of this field is problematic.  As I read this, an APNET domain could either put a large collection of data into the field that becomes a fingerprint, a hash of it that would also serve as a fingerprint, or even decide to put a customer identifier in that field and then let each router or middlebox on the path lookup the appropriate behavior.  While you might argue that either that the hash of that cluster or a customer identifier would be opaque, third party attackers would get at least uniqueness data that they would not otherwise have, contrary to efforts by the end system to use private IP addressing or similar approaches.

On the architectural side, there are a number of fields that already do elements of what this charter lists as desiderata (QoS, routing, etc.)--why is creating an omnibus field for all of them going to work better than acting on the ones that are already there?  Stepping back a bit, If you were to look back at the OPES considerations in RFC 3238, how would you distinguish this from that approach, and why would the considerations be different?  That recommended at least one party consent and directly addressed intermediaries, neither of which this seems to provide.  

To put this a differently, this work seems to want flow based path signals without trusting the endpoint and without restricting the scope of those signals.  Neither seems to me the best approach  

regards,

Ted


On Wed, Jan 18, 2023 at 2:04 AM Donald Eastlake <d3e3e3@gmail.com> wrote:
I've gotten some comments and I've re-read some of the AD DISCUSSES and comments. Based on that I've updated the draft Charter as attached.  Comments are welcome. 

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com
-- 
Apn mailing list
Apn@ietf.org
https://www.ietf.org/mailman/listinfo/apn

v2.23.0 | Report a Bug | By Email