Re: [arch-d] Call for Comment: <draft-iab-path-signals-collaboration-01> (Considerations on Application - Network Collaboration Using Path Signals)
Chris Box <chris.box.ietf@gmail.com> Wed, 24 August 2022 16:41 UTC
Return-Path: <chris.box.ietf@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B1D2C14CE27 for <architecture-discuss@ietfa.amsl.com>; Wed, 24 Aug 2022 09:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQSo937MsXOY for <architecture-discuss@ietfa.amsl.com>; Wed, 24 Aug 2022 09:41:53 -0700 (PDT)
Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56D76C14F72C for <architecture-discuss@ietf.org>; Wed, 24 Aug 2022 09:41:53 -0700 (PDT)
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-11c5ee9bf43so21519111fac.5 for <architecture-discuss@ietf.org>; Wed, 24 Aug 2022 09:41:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc; bh=tL/Dl7na5f/XCN2Zaf2OUU2KpyvRJDGd7f+z3VPVf0g=; b=TY8YVT67+6BYl4DrQvKQmbbxX9wHpa5GsGKOh58cn3M6VQRKag6yKVuXIOLfjErzKa G4TbF9FBtNPjvaLCmJxYzolX5lEHDTB0S8sbfY1D6wlUGcGt3LFV4b4ArYuSiCllit/Z u/CuXYLe7W0GTB56o5hiNVCYWmc4bGP0IVarINBgYIH4bbGuL76nuIkYd78y2RL7990B qhcptqxRfcGVd8p5TgcDUftSfZlVBHl2BrCVBKh/HyJoKFVd5ijf7a/MGDooW5fWySIA Yv0f35ZnQfs0ZST5qcA2VQvdpAGF9pIUSRVfZwPkygMzpaigiMsAtcPl9x0Iqjb2V5Fk p+2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc; bh=tL/Dl7na5f/XCN2Zaf2OUU2KpyvRJDGd7f+z3VPVf0g=; b=Y9Uyp5SmyFO0N6BX5W7owgSOT14ZcOyewgJFJjvd9UNjWshaE/+5wxiGQHd8mmnfPw Uuu/gK8p7ExFf+AiYFqiDC9X8poKJheuM280b4akEsVnpjk3yh3AahKjW1a6mfxTE22m XFV9CpPa+1+y+r/nta8x/n9hC6fUnwCr8Zgbte5JahTiL4r6NPEnAwLeAd1vugq1W0i2 Dk5TDgGV9+dJuBApNq18CkpZXnixMTlmadR46tY/uzaEkQBHsP+VmZZuF4AgWRb/LE0U 1seboB6yy+aOrAzY78VMSdAdhDVuz1Xr1eUklDcztTEv5v7MP6VWgQaytkFPJF3dxqbv 9tKw==
X-Gm-Message-State: ACgBeo34Zw2F2+x0WBwxpP+vSu2J9gin8Qut6tnHbNOZ9z8bb5kfSYbj jJTRObshA8sqcdaqlPXnO4frNM/3hMDbwN3zG+Zi05qPRnOo7Q==
X-Google-Smtp-Source: AA6agR5g1C5lpj7FrMrcg6l2VFxdk4Oma9Xg+iL/7RLsF9MuSFK+Yf5pjLfmy5nfuTs2Cuuy4MokYojVLKbw42rzNBQ=
X-Received: by 2002:a05:6871:587:b0:11c:cd8b:e08a with SMTP id u7-20020a056871058700b0011ccd8be08amr3988251oan.256.1661359311789; Wed, 24 Aug 2022 09:41:51 -0700 (PDT)
MIME-Version: 1.0
References: <165904905204.15796.11876196752734419717@ietfa.amsl.com>
In-Reply-To: <165904905204.15796.11876196752734419717@ietfa.amsl.com>
From: Chris Box <chris.box.ietf@gmail.com>
Date: Wed, 24 Aug 2022 17:41:40 +0100
Message-ID: <CACJ6M14jP-ixhJp+V7_VxPyQpDX2Pk7CgcK0PKftDDDWBc6qxQ@mail.gmail.com>
To: architecture-discuss@ietf.org, iab@iab.org
Content-Type: multipart/alternative; boundary="0000000000009fa2b805e6ff5b78"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/_14RT-XdZ1aqk6Kb522kNe548xA>
Subject: Re: [arch-d] Call for Comment: <draft-iab-path-signals-collaboration-01> (Considerations on Application - Network Collaboration Using Path Signals)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2022 16:41:57 -0000
Hello IAB members and architectural thinkers, A little while ago this came out: > This is an announcement of an IETF-wide Call for Comment on > draft-iab-path-signals-collaboration-01. > > The document is being considered for publication as an Informational RFC > within the IAB stream, and is available for inspection at: > <https://datatracker.ietf.org/doc/draft-iab-path-signals-collaboration/> > Having reviewed it, I support the aims and principles described in the document, and consider them to be a good way forward. Without such work we are heading towards a complete absence of path signals, and that would create many problems of its own. The balance struck in the document seems good, describing in general terms what should be shared, under which conditions, and how information should be protected. My overarching concern is only one of timing. It will take many years to develop and deploy new information-sharing protocols that follow these principles. In the meantime, hiding of cleartext path signals continues apace. Network operators therefore face a few years of enforced blindness before the new mechanisms are in place to permit sharing where the user desires it. So it would be helpful to (a) advise careful consultation before withdrawing each cleartext signal, and (b) work quickly on developing the new protocols. I also have some detailed feedback for your consideration, below. *Section 1: Introduction* The current document says "But a lack of all path signalling, on the other hand, may be harmful to network management, debugging, or the ability for networks to provide the most efficient services." I’d like to suggest some more real-life examples in there, so it becomes two sentences: "But a lack of all path signalling, on the other hand, may be harmful to network management, debugging, service provision, or security. It can also harm the ability of networks to provide the most efficient services, including traffic routing and content delivery optimisation.” Regarding "Another extreme is to employ explicit trust and coordination between all involved entities, endpoints as well as network devices. VPNs are a good example of a case where there is an explicit authentication and negotiation with a network path element that is used to optimize behavior or gain access to specific resources. Authentication and trust must be considered in multiple directions: how endpoints trust and authenticate signals from network devices, and how network devices trust and authenticate signals from endpoints.", I have two points here. 1. The second sentence is not an example of the first sentence. If I cross four autonomous systems in order to reach my VPN concentrator, then in the present world I am not telling those ASs "Hey, please let my packets through because of this good reason". I just try it and see if it works. Can we add an example that actually illustrates the first sentence? 2. Terminology is currently confusing here. The phrases "network path element" and "network device" both seem to refer to the VPN concentrator, but it is also an endpoint of the VPN tunnel. *Section 2: Principles* These are listed in a counter-intuitive order for me. I would prefer an order that aligns with the thought process someone would need to go through in order to arrive at the right answer in an efficient way. I think you have to first define the minimal information to be sent and who it needs to be sent to, before considering how that should be achieved. I therefore propose this is a better order: Minimize Information Limiting Impact of Information Minimum Set of Entities Intentional Distribution Control of the Distribution of Information Protecting Information and Authentication Carrying Information But people may be able to point out areas where some of these should be swapped. *Section 2.7: Carrying Information* "This document recommends that signalling mechanisms that send information are built to specifically support sending the necessary, minimal set of information (see Section 2.4) and no more. Such mechanisms also need have an ability for establishing an agreement (see Section 2.2) and to establish sufficient trust to pass the information (see Section 2.3)." It's surprising to hear the IAB argue against extensibility, but I can see that in such cases it's important to debate and agree the extent of the information sharing risk. Having an extensible protocol can lead to an open-ended information risk. So I tend to agree that that information needs to be strictly defined. *Section 2’s missing principle?* The document implies there are cases where some flows should be identifiable to an authorised network element. But it says nothing about how the packets comprising the flow can be identified. The classic way to identify a flow is by 5-tuple, but this is weakening and the use of MASQUE destroys it entirely. I know the task of protocol design to support specific use cases is left to the reader, but it might be beneficial to articulate a generic principle that designers can draw on. *Applying the stated principles* In assessing this, I found it useful to consider how the principles might be applied. So I’ve applied it to a zero-rating use case. The case is that a user has purchased a network product that enables them to use a set of video streaming services without paying for the data. Example: https://ee.co.uk/help/help-new/offers-and-services/passes/what-is-the-ee-video-data-pass. They would therefore like the network to know which packets are in scope of this product, so that they are not overcharged for those packets. The network would like to be sure that the packets claimed to be in scope are genuinely in scope, and are not being fraudulently claimed. To keep this use case simple, I have limited it to the naive approach where the network assumes these claims are always valid. Adding fraud protection would probably require an additional entity who is trusted by the other two, but that's beyond the scope of what I'm trying to cover here. I will now map the naive case to the principles. Minimize Information The information needs to be simply: is this packet in scope of network product XYZ (e.g. EE video data pass)? The answer is a boolean yes or no. Sending "this is packet is Netflix" would reveal unnecessary information. Sending "this packet should be free" would reveal too little. Limiting Impact of Information The network would need to use this in deciding to which bucket this packet's size should be counted. Minimum Set of Entities Entity 1: Client device, with knowledge of the app being used Entity 2: Access network provider, who conveys the packets and charges the end user Intentional Distribution Implied by the purchase of the product, but would benefit from a user interface prompt to confirm this is still desired. Control of the Distribution of Information Sender needs to agree to send the information Sender needs to authenticate to whom it is revealing this information Receiver needs to agree to receive it Receiver needs the same level of confidence in end user identity that it already has in order to charge the end user. Protecting Information and Authentication The information should be delivered intact and not be revealed to any other entities, which implies the communication channel should be authenticated, integrity protected and confidential. Carrying Information Some mechanism needs to be defined that delivers the above, and no more. Exploring the above has given me some confidence that the principles are good, at least for this case. Thanks to the IAB for working on this, as it points the way to how we should deal with the loss of classic path signals. Chris
- [arch-d] Call for Comment: <draft-iab-path-signal… IAB Executive Administrative Manager
- Re: [arch-d] Call for Comment: <draft-iab-path-si… Chris Box
- Re: [arch-d] Call for Comment: <draft-iab-path-si… Vittorio Bertola