Re: [auth48] AUTH48: RFC-to-be 9419 <draft-iab-path-signals-collaboration-03> for your review
Ted Hardie <ted.ietf@gmail.com> Fri, 02 June 2023 09:30 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46946C15198A; Fri, 2 Jun 2023 02:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAk5D4lCV1zg; Fri, 2 Jun 2023 02:30:21 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 060C2C151B23; Fri, 2 Jun 2023 02:30:21 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5147f5efeb5so2737902a12.0; Fri, 02 Jun 2023 02:30:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685698219; x=1688290219; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5xDNy43x4V9C555jdsMpZbdocuskOf4DfljakYIHILA=; b=g2RJhqfrGw8L/cuKy40cJQla0JlhvjPSkjDIbi99BfXtLc32UTB5J9MR5y5hsFlykX zv7w4MT9owOTqTKBHgxycvvcX9MCcWIIMBGOmmZX3hgTDvE1DcssE4tt/sBaDXQzLjIB kEXNhiqiJ143suO00ajuDWLz/30ROJdKClSYuAKzCIBDoc1cmbxQ+PphV/o5FnBQF7Rt Bbp0IDDAIh9hR2PIw2HUh37xqtfE4iaW0/aDGk9ioE5pv5dIzbi4RASoySvLAY19x9KQ CbMZ9W7D+9/5U2lTuE9n0y5f2+2gAg2yPnO5HP6PK0QLDaGluakkdlWOSB5XrxhomgK/ t3+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685698219; x=1688290219; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5xDNy43x4V9C555jdsMpZbdocuskOf4DfljakYIHILA=; b=F/6VVpSEsNpQax14j9wNY8kdXS+DHYgLYW8mFQ4N50Z7n56twiUW58efpi0acFhO5e ukUr4Vdog2YfICu30Q7TUBoMT83qN6pj0QYnZwNoePoLHOzr1oL0SpW9hW1f7wsRmIzf Lkd7xIYexfSh7j8XQafaYuHg2RYaPibsjPBV2wxoyZGiDW0ZKcExGYG5Gs1doIgf6pm/ yxLmNlH0F0PIVIHBvDPdWz4w+ilR/99gC/5Aayum4Xw+n+KdJ8nO3qOTHEEK60uw7PAN Q1EawrMBquup/6NkAzqOY0RBHjBNBKar5kpkgYiawt0J5fP51XRXYiqrBVmKThgQsn8t Jgjw==
X-Gm-Message-State: AC+VfDx3F+wXz7vkNCG1VVWiIPdT8zKbDQz9N2SEcIrRLedMisJHf3Rm /TW2njQtSoaUTrrCGE1EVC6g8gvAtcx28Y43eKsHKdfxlK0BYg==
X-Google-Smtp-Source: ACHHUZ7H3eCZdihIZvzmDanlS8Hc4I3pPj04r7s2zKWFJXy/k0eejYfr2WyCRepo5Jeo/FYK4ba+wWi58o2aV6F8/iY=
X-Received: by 2002:aa7:cf17:0:b0:514:9e91:f54 with SMTP id a23-20020aa7cf17000000b005149e910f54mr1531277edy.26.1685698218899; Fri, 02 Jun 2023 02:30:18 -0700 (PDT)
MIME-Version: 1.0
References: <20230601185345.BD2E9EDE66@rfcpa.amsl.com>
In-Reply-To: <20230601185345.BD2E9EDE66@rfcpa.amsl.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 02 Jun 2023 10:29:52 +0100
Message-ID: <CA+9kkMAdL3muP=dt2BYLuanDSTHy9Xd6QScuVMKZYJzmEjfh=A@mail.gmail.com>
To: rfc-editor@rfc-editor.org
Cc: jari.arkko@ericsson.com, tpauly@apple.com, mirja.kuehlewind@ericsson.com, iab@ietf.org, auth48archive@rfc-editor.org
Content-Type: multipart/alternative; boundary="000000000000893dc605fd2233d3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/1vdPQ6y8_i5dhvPbDF_-Ix6Hjic>
Subject: Re: [auth48] AUTH48: RFC-to-be 9419 <draft-iab-path-signals-collaboration-03> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2023 09:30:25 -0000
Some personal answers to the questions in-line. On Thu, Jun 1, 2023 at 7:53 PM <rfc-editor@rfc-editor.org> wrote: > Authors, > > While reviewing this document during AUTH48, please resolve (as necessary) > the following questions, which are also in the XML file. > > 1) <!--[rfced] Would it be correct to rephrase the document title as > follows for clarity (i.e., "Application Considerations for" > instead of "Considerations on Application -")? > > Original: > Considerations on Application - Network Collaboration > Using Path Signals > > Perhaps: > Application Considerations for Network Collaboration > Using Path Signals > --> > > No, I don't think this change is correct; both the network and applications have this to consider here so it isn't just "application considerations". > > 2) <!-- [rfced] Please insert any keywords (beyond those that appear in > the title) for use on https://www.rfc-editor.org/search. > --> > > > 3) <!--[rfced] Informative reference RFC 793 has been obsoleted by RFC > 9293. > Per Section 4.8.6 in the RFC Style Guide (RFC 7322), we recommend > replacing RFC 793 with RFC 9293. May we update the reference? > > Original: > For instance, on-path elements use various fields of the > TCP header [RFC0793] to derive information about > end-to-end latency as well as congestion. > > Suggested: > For instance, on-path elements use various fields of the > TCP header [RFC9293] to derive information about > end-to-end latency as well as congestion. > --> > > I am okay with this change. > > 4) <!-- [rfced] FYI, to make the two categories easier to read, we > formatted this text as a list. Please let us know of any > objections. > > Original: > Many protocol mechanisms throughout the stack fall into one of two > categories: authenticated and private communication that is only > visible to a very limited set of parties, often one on each "end"; > and unauthenticated public communication that is also visible to all > network elements on a path. > > Current: > Many protocol mechanisms throughout the stack fall into one of two > categories: > > * authenticated private communication that is only visible to a > very limited set of parties, often one on each "end", and > > * unauthenticated public communication that is visible to all > network elements on a path. > --> > > I prefer the first, but if the other authors prefer the second I can agree. The reason I prefer the first is that we were not trying to create an exhaustive enumeration but were introducing a common pair of patterns. I believe the list form will tend to lure the reader into assuming the list is exhaustive when it is not. I do recognize that this is explicitly disclaimed, which is why I will agree if the other authors prefer this formulation. > > 5) <!--[rfced] To avoid using "ensures" and "ensuring" in close > proximity, may we rephrase this sentence as follows? > > Original: > For instance, QUIC replaces TCP for various applications and ensures > end-to-end signals are only accessible by the endpoints, ensuring > evolvability [RFC9000]. > > Perhaps: > For instance, QUIC replaces TCP for various applications so that > end-to-end signals are only accessible by the endpoints, ensuring > the ability to evolve [RFC9000]. > I don't think this captures the sense of the original. Would this work: For instance, QUIC replaces TCP for various applications and protects end-to-end signals so that they are only accessible by the endpoints, ensuring evolvability [RFC9000]. > --> > > > 6) <!-- [rfced] FYI, to make the items easier to read, we formatted this > text > as a list. Please let us know of any objections. > > Original: > Authentication and trust > must be considered in both directions: how endpoints trust and > authenticate signals from network path elements, and how network path > elements trust and authenticate signals from endpoints. > > Current: > Authentication and trust > must be considered in both directions: > > * how endpoints trust and authenticate signals from network path > elements and > > * how network path elements trust and authenticate signals from > endpoints. > --> > > I do not personally believe this improves the readability. > > 7) <!--[rfced] We rephrased this sentence for clarity; please let us know > of any objections. > > Original: > This section also provides some examples and explanation > of situations that not following the principles can lead to. > > Current: > This section also provides some examples and explanation > of situations that can arise when the principles are not > followed. > --> > > Would this work: This section also provides examples and explores the consequences of not following these principles in those examples. > > 8) <!-- [rfced] Please clarify "they are from and to other parties". Would > "they > are coming from and going to other parties" help clarify? > > Original: > Note that these communications are conceptually > independent of the base flow, even if they share a packet; they are > from and to other parties, rather than creating a multiparty > communication. > > Perhaps: > Note that these communications are conceptually > independent of the base flow, even if they share a packet; they are > coming from and going to other parties, rather than creating a > multiparty communication. > --> > > I am fine with this change. > > 9) <!-- [rfced] We would like to rephrase this information as follows for > clarity and to reduce redundancy. Please let us know if the > preferred text is agreeable or if you prefer otherwise. > > Original: > The goal is that any information should be provided knowingly, for a > specific purpose, sent in signals designed for that purpose, and that > any use of information should be done within that purpose. And that > an analysis of the security and privacy implications of the specific > purpose and associated information is needed. > > Perhaps: > The goal is that any information should be provided knowingly for a > specific purpose, sent in signals designed for that purpose, and used > within that purpose. In addition, an analysis of the security and > privacy > implications of the specific purpose and associated information is > needed. > --> > > I think the phrasing of the second sentence is an improvement, but I prefer the original formulation of the first sentence. In particular, I believe "should be provided knowingly, for a specific purpose," is clearer that the two elements are distinct characteristics of the goal. > 10) <!--[rfced] Would it be clearer to say "Even if" instead of "Whether" > and "it does not mean" instead of "it does not follow" in the > following sentence? > > Original: > Whether a communication is with an application server or > network element that can be shown to be associated with a particular > domain name, it does not follow that information about the user can > be safely sent to it. > > Perhaps: > Even if communication with an application server or network > element can be shown to be associated with a particular > domain name, it does not mean that information about the > user can be safely sent to it. > --> > > I don't have a suggestion here--Jari, any thoughts on this one? > > 11) <!--[rfced] The following list is not parallel. Please let us know if > the perhaps text captures the intended meaning. > > Original: > And of course we need to choose such cases where the collaboration > can be performed safely, is not a privacy concern, and the > incentives of the relevant parties are aligned. > > Perhaps: > And, of course, we need to choose such cases where the collaboration > can be performed safely, there are no privacy concerns, and the > incentives of the relevant parties are aligned. > --> > > Would this work: And of course we need to choose cases where the collaboration can be performed safely, where it is not a privacy concern, and where the incentives of the relevant parties are aligned. The original had a specific focus: the collaboration not being a privacy concern. I'm a bit concerned that "there are no privacy concerns" is too expansive. > > 12) <!--[rfced] Some of the bullet points in this list begin with a > complete sentence and some begin with a fragmented sentence (see > #4, #5, and #6). Please let us know if/how we may make the list > parallel. > > Original: > * Some forms of collaboration may depend on business arrangements, > which may or may not be easy to put in place. > > * Secure communications with path elements is needed as discussed in > Section 2.3. > > * The use of path signals for reducing the effects of denial-of- > service attacks, e.g., perhaps modern forms of "source quench" > designs could be developed. > > * Ways of protecting information when held by network elements or > servers, beyond communications security. > > * Sharing information from networks to applications. > > * Sharing information from applications to networks. > > * Data privacy regimes generally deal with more issues than merely > whether some information is shared with another party or not. > > * The present work has focused on the technical aspects of making > collaboration safe and mutually beneficial, but of course, > deployments need to take into account various regulatory and other > policy matters. > --> > > I think these should all be complete sentences; if everyone agrees, I can take a whack at some suggested expansions. > > 13) <!--[rfced] For better readability, we combined the following > sentences. Please let us know if this is accurate or please clarify. > > Original: > Finding practical ways for this has been difficult, both from the > mechanics and scalability point view. And also because there > is no easy way to find out which parties to trust or what trust > roots would be appropriate. > > Current: > Finding practical ways for this has been difficult, both from the > mechanics and scalability point of view, especially because there > is no easy way to find out which parties to trust or what trust > roots would be appropriate. > --> > > I think it would be "partially because" rather than "especially because" if you combine them, but I'm okay with keeping "especially because" if others prefer it. > > 14) <!--[rfced] May we rephrase this sentence for clarity as follows? > > Original: > Data privacy regimes generally deal with more issues than merely > whether some information is shared with another party or not. > > Perhaps: > Data privacy regimes generally deal with multiple issues, not just > whether or not some information is shared with another party. > --> > > I am okay with this change. > > 15) <!-- [rfced] IAB Formatting > > a) Please review the guidance for IAB documents > <https://www.rfc-editor.org/materials/iab-format.txt> and let us know if > any > changes are needed. > > Note that if you include an "IAB Members at the Time of Approval" section > (since this document has IAB consensus), it will appear before the > Acknowledgements section and will list the members listed on < > https://www.iab.org/about/iab-members/> unless you specify otherwise. > --> > > > 16) <!-- [rfced] Please review the "Inclusive Language" portion of the > online > Style Guide < > https://www.rfc-editor.org/styleguide/part2/#inclusive_language> > and let us know if any changes are needed. > > Note that our script did not flag any words in particular, but this should > still be reviewed as a best practice. > --> > > > Thank you. > > RFC Editor/st/kc > > > On Jun 1, 2023, at 11:52 AM, rfc-editor@rfc-editor.org wrote: > > *****IMPORTANT***** > > Updated 2023/06/01 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info/). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * rfc-editor@rfc-editor.org (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided XML file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9419.xml > https://www.rfc-editor.org/authors/rfc9419.html > https://www.rfc-editor.org/authors/rfc9419.pdf > https://www.rfc-editor.org/authors/rfc9419.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9419-diff.html > https://www.rfc-editor.org/authors/rfc9419-rfcdiff.html (side by side) > > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9419-xmldiff1.html > > The following files are provided to facilitate creation of your own > diff files of the XML. > > Initial XMLv3 created using XMLv2 as input: > https://www.rfc-editor.org/authors/rfc9419.original.v2v3.xml > > XMLv3 file that is a best effort to capture v3-related format updates > only: > https://www.rfc-editor.org/authors/rfc9419.form.xml > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9419 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9419 (draft-iab-path-signals-collaboration-03) > > Title : Considerations on Application - Network Collaboration > Using Path Signals > Author(s) : J. Arkko, T. Hardie, T. Pauly, M. Kuehlewind > WG Chair(s) : > Area Director(s) : > > > >
- [auth48] AUTH48: RFC-to-be 9419 <draft-iab-path-s… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9419 <draft-iab-pa… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9419 <draft-iab-pa… Ted Hardie
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Tommy Pauly
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Alice Russo
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Ted Hardie
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Tommy Pauly
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Ted Hardie
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Jari Arkko
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Ted Hardie
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Mirja Kuehlewind
- Re: [auth48] [IAB] AUTH48: RFC-to-be 9419 <draft-… Karen Moore