Re: [arch-d] IAB statement on "Avoiding Unintended Harm to Internet Infrastructure"
Brian Trammell (IETF) <ietf@trammell.ch> Sun, 17 November 2019 03:00 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B696120823 for <architecture-discuss@ietfa.amsl.com>; Sat, 16 Nov 2019 19:00:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWK5vk1Yr77f for <architecture-discuss@ietfa.amsl.com>; Sat, 16 Nov 2019 19:00:41 -0800 (PST)
Received: from smtp-sh.infomaniak.ch (smtp-sh.infomaniak.ch [128.65.195.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 872FF120096 for <architecture-discuss@ietf.org>; Sat, 16 Nov 2019 19:00:41 -0800 (PST)
Received: from smtp-3-0000.mail.infomaniak.ch ([10.4.36.107]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id xAH30Wwa023998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 17 Nov 2019 04:00:32 +0100
Received: from dhcp-8264.meeting.ietf.org (unknown [31.133.130.100]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 9BC1A10083DE6; Sun, 17 Nov 2019 04:00:30 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <89C3177C-5F83-4477-8B9E-7EF6844C7049@mnot.net>
Date: Sun, 17 Nov 2019 11:00:26 +0800
Cc: Paul Ebersman <list-architecture-discuss@dragon.net>, Andrew Campling <andrew.campling@419.consulting>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FF2BFCD8-A7B0-4C54-91E7-AC65DB2B233D@trammell.ch>
References: <LO2P265MB0573C0D8F8D9D7ECF4E472AFC2760@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <20191113222929.E72EC194CFA1@fafnir.remote.dragon.net> <89C3177C-5F83-4477-8B9E-7EF6844C7049@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.3445.104.11)
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8
X-Antivirus-Code: 0x100000
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/vgfwPtQIIQzf_CycFW7VcQZ8T9U>
Subject: Re: [arch-d] IAB statement on "Avoiding Unintended Harm to Internet Infrastructure"
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2019 03:00:45 -0000
Hi Mark, all, Quoting below for emphasis. > On 14 Nov 2019, at 00:37, Mark Nottingham <mnot@mnot.net> wrote: > > There are user-centred arguments as to why it's necessary to impose that policy at the network level (eg., lack of interfaces to configure IoT devices), but let's not start from the assumption that the best place to interpose those services is by having the network transparently handle them, just because that's how it's been done before. This, a few hundred times. We've tried transparent network functions of various forms; for the most part, they either work while irretrievably changing the architecture (e.g. NAT have moved the network/transport layer header boundary to include the transport port numbers), or they tend only to work in a restricted set of environments (which may or may not be the environments the functions are sold to work in, but that's a different rant). > Let's also not assume that obtaining consent explicitly from the user to interpose those services is easy or without risks of various sorts; we have lots of examples where allowing random devices on networks to ask permission to do things ended up badly. In a cleaner architectural environment, we could move some of these functions to the endpoints (e.g., replacing in-network TCP enhancement with, well, better TCP stacks, which is largely what has happened in server and end-user platforms space over the past couple of decades), and transmute the rest into network functions deployed transparently, where the function's presence is explicit, and ideally exposed to the endpoint in such a way that the endpoint can negotiate with it. Of course, as you say, the gap between transparency to the network/transport endpoint and informed user consent is a large one. But it'd be nice if we could work on solving that problem, as opposed to pretending that the accidental situation we find ourselves in with a network cluttered with functions that try and fail to be transparent is somehow essential to the Internet architecture, and argue about how best to maintain that situation. It's also not lost on me that "user consent" is a slippery beast for functions (lawful intercept) where asking for consent is antithetical to the function at hand. In these situations, consent is given by a third party, generally someone from the judiciary in common law jurisdictions. But control over who gives consent is key to how the function is used and misused even in the most pervasive cases. What the IAB is trying to do with this statement (IMHO) is to try to separate these threads. The way most of these functions are built tends to break things that are well outside the scope of the desired function, without an analysis of the tradeoffs involved. Without discussion of these tradeoffs, an informed discussion of the pros and cons of any given in-network function is not really possible. Hence "avoiding *unintended* harm". Cheers, Brian
- [arch-d] IAB statement on "Avoiding Unintended Ha… Vittorio Bertola
- Re: [arch-d] IAB statement on "Avoiding Unintende… Andrew Campling
- Re: [arch-d] IAB statement on "Avoiding Unintende… Paul Ebersman
- Re: [arch-d] IAB statement on "Avoiding Unintende… Mark Nottingham
- Re: [arch-d] IAB statement on "Avoiding Unintende… Stephen Farrell
- Re: [arch-d] IAB statement on "Avoiding Unintende… Paul Ebersman
- Re: [arch-d] IAB statement on "Avoiding Unintende… Brian Trammell (IETF)
- Re: [arch-d] IAB statement on "Avoiding Unintende… S Moonesamy
- Re: [arch-d] IAB statement on "Avoiding Unintende… Brian Trammell (IETF)