Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Wed, 17 April 2019 13:33 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBF5912008D; Wed, 17 Apr 2019 06:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=SW2sfIFd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=qBiM3QAG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNsE5-ui25rF; Wed, 17 Apr 2019 06:33:43 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C74E1200DF; Wed, 17 Apr 2019 06:33:43 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 26186239F1; Wed, 17 Apr 2019 09:33:42 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 17 Apr 2019 09:33:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm2; bh=6U2IyDBF0spAcIPq/CZE/ZM 17D12c/WP+1VIKe0GXiw=; b=SW2sfIFd95rmCTNzsAj5lHafrTGSpbgGyPZRiMl q/TcLhTdA4lmlKS1cXv5BM4zZtD8vdhaAqCfaKeOZlv8fJRwG6Ut+v5l+C8Fcwnx Z1aOYNQlNu7SDYsrO2mVcjzN6F57eOFoQ/yEnh55zbrQj4zN1B1wXxmvH8yCq7Mk 6UzzWH17YIuZO4E/wA9u+LP6uhFr4VNXwrFNkaYyC4rUsVCp4KjaTI1QcMvg7t1L N9K4/9FsMSaXilZ9A6MyS5lS5ZEbLuntJ5iyHc7k9XzrSw7yxxeampKF3fevH3HT JWYNvMuTAgFJx5ZB2jpwHVtMKceGLo9xL5EL3TtuNpa6FXg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=6U2IyD BF0spAcIPq/CZE/ZM17D12c/WP+1VIKe0GXiw=; b=qBiM3QAGLR2WuTY9dK3yGv elFrtqBmiwQgzg15QA49fV1OPtmkfm47YX8WKGiRTR1mo3Khr02OdDOwXQ4wi63A D63aoaRCf1FCbdY8U0dtp0nLqpZ181hH8WqVAdIJllwqMU0WJkXopRHE2O7vgGTY Owxot2qSq0KSUCc7KfzSveylgngdUrJGKgoKndkh6lzxeoyDdxGGqDpVmUCwiwcN bkg3VSuPiOHotBgSnTIEJehLJcUL6oxGk3GDNBJDuycw+rjBqrpk997bM0SLiHZF vDFnBOnOxSoS11+eCpl3Tgj4YcrZs5mFFRFy7CMHDBteCxdb2DDUPSlhrvl+7SEg ==
X-ME-Sender: <xms:NCu3XJ0-qhIoV9k2o6y1wU6ZkGsxh2KqolnZYJcpc-zQOH9i9Viwxw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrfeefgdeihecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhkfgtggfuffgjvfhfofesrgdtmherhhdtjeenucfhrhhomheptehlihhsshgr ucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucffohhmrghinh epihgvthhfrdhorhhgnecukfhppedujeefrdefkedruddujedrkeejnecurfgrrhgrmhep mhgrihhlfhhrohhmpegrlhhishhsrgestghoohhpvghrfidrihhnnecuvehluhhsthgvrh fuihiivgeptd
X-ME-Proxy: <xmx:NCu3XCW7R8TxLZJl_mhURhgfIt79tEdsgnpEiGA8e970yygA8GrbgQ> <xmx:NCu3XMLIDYzt2Ak7KOkcSyyLnkv8ZOZwkZHHU77u-u7VXlN11ejWCQ> <xmx:NCu3XM00xOHVR-2SAeznK76s9IKfRLMCyQMeUeuR8jF5yWqddXN1zA> <xmx:Niu3XIBq-M1vOJCREW2EV7YwdNq_JTmK2KjbnbfXZ1EFIJvQeolkLA>
Received: from rtp-alcoop-nitro5.cisco.com (unknown [173.38.117.87]) by mail.messagingengine.com (Postfix) with ESMTPA id 11FF4E4561; Wed, 17 Apr 2019 09:33:39 -0400 (EDT)
From: Alissa Cooper <alissa@cooperw.in>
Message-Id: <BEAECAD3-DA6B-4858-97C3-6C05264761E0@cooperw.in>
Content-Type: multipart/alternative; boundary="Apple-Mail=_79E707F8-4EB5-4C3D-BDB5-507DFFF6DACA"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 17 Apr 2019 09:33:31 -0400
In-Reply-To: <ddfc0ddb-3ac6-d4dc-da6e-8c9889dd77c4@ericsson.com>
Cc: Lou Berger <lberger@labn.net>, draft-ietf-detnet-architecture@ietf.org, detnet@ietf.org, IESG <iesg@ietf.org>, "detnet-chairs@ietf.org" <detnet-chairs@ietf.org>
To: János Farkas <janos.farkas@ericsson.com>
References: <155067447797.31337.768983002923056061.idtracker@ietfa.amsl.com> <40b28261-5f04-7fcd-4f4f-ce243f32a808@labn.net> <1AA376D8-DE94-4FAF-B9D2-CC4E155CEC85@cooperw.in> <ec41b988-8f3c-4ae0-fc65-1269bf33f93e@labn.net> <b1c6345f-d3f1-735c-04cd-81c5a405ef11@ericsson.com> <0f7e2d9a-bf74-b5ea-6898-29ad2129a0c0@ericsson.com> <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in> <ddfc0ddb-3ac6-d4dc-da6e-8c9889dd77c4@ericsson.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/8hRHRm5VkGl73lXW_9OkwqCEAF0>
Subject: Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 13:33:46 -0000

Hi János,

> On Apr 15, 2019, at 5:08 PM, János Farkas <janos.farkas@ericsson.com> wrote:
> 
> Hi Alissa,
> 
> Please see in-line.
> 
> On 4/12/2019 7:08 PM, Alissa Cooper wrote:
>> Hi János,
>> 
>> 
>>> On Mar 25, 2019, at 12:16 PM, János Farkas <janos.farkas@ericsson.com <mailto:janos.farkas@ericsson.com>> wrote:
>>> 
>>> Hi Alissa,
>>> 
>>> We believe that we have addressed your comments in the most recent revision: https://tools.ietf.org/html/draft-ietf-detnet-architecture-12 <https://tools.ietf.org/html/draft-ietf-detnet-architecture-12>. (https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM <https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM>)
>>> 
>>> Please let us know what else you would like to see done before you clear your DISCUSS.
>>> 
>>> I/we would be happy to meet with you this week if there is anything you would like to discuss.
>>> 
>>> Regards,
>>> Janos
>>> 
>>> 
>>> On 2/26/2019 2:20 PM, János Farkas wrote:
>>>> Hi Alissa,
>>>> 
>>>> Thank you for your review!
>>>> 
>>>> We can replace 
>>>> "DetNet is provides a Quality of Service (QoS), and as such, does not
>>>>    directly raise any new privacy considerations."
>>>> with
>>>> "DetNet provides a Quality of Service (QoS), and as such, is not expected to
>>>>    directly raise any new privacy considerations.”
>> 
>> I don’t understand why this is not expected. From what I can tell, the architecture allows for the use off domain- or app-flow-specific IDs. These seem like a new potential vector for tracking, and one that not every QoS architecture requires.
> As far as I understood from below, you were happy with the change to "is not expected”.

“Combined with the above removals” (about flow IDs and OAM) is what I said. Either the architecture allows for these things, in which case one might expect them, or it doesn’t.

> 
> Combined that with this discussion on the related text:
> https://mailarchive.ietf.org/arch/msg/detnet/-L_wsGPMqNEOtPMgsGYaJ30nFXk <https://mailarchive.ietf.org/arch/msg/detnet/-L_wsGPMqNEOtPMgsGYaJ30nFXk>
> 
> We came to the current text:
>    DetNet provides a Quality of Service (QoS), and as such, is not
>    expected to directly raise any new privacy considerations, the
>    generic considerations for such mechanisms apply.  In particular,
>    such markings allow for an attacker to correlate flows or to select
>    particular types of flow for more detailed inspection.
> 
> 
> Flow ID and associated QoS is not a new concept introduced by DetNet; therefore, does not expected to raise new concerns.
> 
> What specific further changes do you suggest to this text?

Given your exchange with Benjamin and the email today from Stewart, I would suggest:

DetNet provides a Quality of Service (QoS) mechanism, and the generic
   considerations for such mechanisms apply.  In particular, such markings
   allow for an attacker to correlate flows or to select particular types
   of flow for more detailed inspection.

My point is that the architecture does not actually forbid the possibility of adding additional information into DetNet packets that could be used as vectors for tracking/correlation. This change would also address my concern about the OAM piece, but if you or the WG want to pursue further edits regarding OAM given Greg’s mail I’m happy to review.

Best,
Alissa

> 
>> 
>> This edit also doesn’t seem to cover the potential for additional privacy exposure implied by the discussion of OAM in Section 4.1.1:
> Thank you for making clear that this is the text you mean under "novel flow IDs and OAM tags" below. It was not clear to me because the architecture document does not contain either new / novel   Flow ID / OAM tag.
> 
>> 
>> "OAM can involve specific tagging added in the packets for tracing implementation or
>>    network configuration errors; traceability enables to find whether a
>>    packet is a replica, which DetNet relay node performed the
>>    replication, and which segment was intended for the replica.  
> 
> This text is there since: https://tools.ietf.org/html/draft-finn-detnet-architecture-05 <https://tools.ietf.org/html/draft-finn-detnet-architecture-05>.
> 
>> Active
>>    and hybrid OAM methods require additional bandwidth to perform fault
>>    management and performance monitoring of the DetNet domain.  OAM may,
>>    for instance, generate special test probes or add OAM information
>>    into the data packet.”
> This was added based on https://www.ietf.org/mail-archive/web/detnet/current/msg01577.html <https://www.ietf.org/mail-archive/web/detnet/current/msg01577.html>.
> 
> This paragraph reads to me as pretty generic text on OAM. 
> 
> What specific cahnge would you like to see made to this text?
> 
> Should we, e.g., update the first sentence of the paragraph to:
>    OAM can support tracing implementation or
>    network configuration errors. Traceability enables to find whether a
>    packet is a replica, which DetNet relay node performed the
>    replication, and which segment was intended for the replica.
> 
> ?
> 
> Regards,
> János
> 
> 
> 
>> 
>> Thanks,
>> Alissa
>> 
>> 
>>>> 
>>>> I'm not sure what "references to new flow IDs and OAM tags should be removed"?
>>>> 
>>>> Could you point to the text that should be changed?
>>>> 
>>>> Thank you!
>>>> Janos
>>>> 
>>>> 
>>>> On 2/20/2019 4:39 PM, Lou Berger wrote:
>>>>> 
>>>>> On 2/20/2019 10:25 AM, Alissa Cooper wrote:
>>>>>> 
>>>>>> 
>>>>>>> On Feb 20, 2019, at 7:17 AM, Lou Berger <lberger@labn.net <mailto:lberger@labn.net>> wrote:
>>>>>>> 
>>>>>>> Hi Alissa,
>>>>>>> 
>>>>>>> Thanks for the comments - see below.
>>>>>>> 
>>>>>>> On 2/20/2019 9:54 AM, Alissa Cooper wrote:
>>>>>>>> Alissa Cooper has entered the following ballot position for
>>>>>>>> draft-ietf-detnet-architecture-11: Discuss
>>>>>>>> 
>>>>>>>> When responding, please keep the subject line intact and reply to all
>>>>>>>> email addresses included in the To and CC lines. (Feel free to cut this
>>>>>>>> introductory paragraph, however.)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html <https://www.ietf.org/iesg/statement/discuss-criteria.html>
>>>>>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> The document, along with other ballot positions, can be found here:
>>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/ <https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/>
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ----------------------------------------------------------------------
>>>>>>>> DISCUSS:
>>>>>>>> ----------------------------------------------------------------------
>>>>>>>> 
>>>>>>>> = Section 6 =
>>>>>>>> 
>>>>>>>> "DetNet is provides a Quality of Service (QoS), and as such, does not
>>>>>>>>    directly raise any new privacy considerations."
>>>>>>>> 
>>>>>>>> This seems like a false statement given the possibility that DetNet may require
>>>>>>>> novel flow IDs and OAM tags that create additional identification and
>>>>>>>> correlation risk beyond existing fields used to support QoS today.
>>>>>>> 
>>>>>>> Based on the other work in the WG, I think "is not expected" is more accurate than "does not". This is based on the WG solutions for the DetNet data plane using existing IP (v4 or 6) headers or MPLS labels for flow identification.
>>>>>> 
>>>>>> If that is the case then the references to new flow IDs and OAM tags should be removed from the architecture.
>>>>> sounds reasonable.  Can you point to the specific offending text?
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Lou
>>>>>> 
>>>>>>> 
>>>>>>> Would changing to "is not expected" address your concern?
>>>>>> 
>>>>>> Combined with the above removals, that would work for me.
>>>>>> 
>>>>>> Thanks,
>>>>>> Alissa
>>>>>> 
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> Lou
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> detnet mailing list
>>>>>> detnet@ietf.org <mailto:detnet@ietf.org>
>>>>>> https://www.ietf.org/mailman/listinfo/detnet <https://www.ietf.org/mailman/listinfo/detnet>
>>>> 
>>> 
>> 
>