IETF Logo Mail Archive

Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)

János Farkas <janos.farkas@ericsson.com> Wed, 24 April 2019 18:26 UTC

Return-Path: <Janos.Farkas@ericsson.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF33C12011E for <detnet@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJpeUIlccRER for <detnet@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:03 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E4E120100 for <detnet@ietf.org>; Wed, 24 Apr 2019 11:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1556130356; x=1558722356; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+UsbKcNfXY8oISp/qCir4ZA6bLoo/y34TbVfhOSNuFo=; b=SDVqTe/UjI/dMzIZneuOCVyAlvmsTski76fHWkZ1uZs3SDeQUx0L6tXUQdXXj3aw +heRGxETUlWMhml1EdooZwfh3iGhsNvjBLZZq4tszQVpEOMDsEi+JjXF2BxJPnVV k0ccZ8rZ3T3/LU1Ogz6UzUT69UzINAGNNAA/7OMNQzU=;
X-AuditID: c1b4fb30-6ddff70000001814-5f-5cc0aa3412bc
Received: from ESESBMB502.ericsson.se (Unknown_Domain [153.88.183.115]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 93.F5.06164.43AA0CC5; Wed, 24 Apr 2019 20:25:56 +0200 (CEST)
Received: from ESESBMB502.ericsson.se (153.88.183.169) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 24 Apr 2019 20:25:56 +0200
Received: from [100.94.48.117] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.185) with Microsoft SMTP Server id 15.1.1713.5 via Frontend Transport; Wed, 24 Apr 2019 20:25:55 +0200
To: Alissa Cooper <alissa@cooperw.in>
CC: "Black, David" <David.Black@dell.com>, "draft-ietf-detnet-architecture@ietf.org" <draft-ietf-detnet-architecture@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, Lou Berger <lberger@labn.net>, IESG <iesg@ietf.org>, "detnet-chairs@ietf.org" <detnet-chairs@ietf.org>
References: <155067447797.31337.768983002923056061.idtracker@ietfa.amsl.com> <40b28261-5f04-7fcd-4f4f-ce243f32a808@labn.net> <1AA376D8-DE94-4FAF-B9D2-CC4E155CEC85@cooperw.in> <ec41b988-8f3c-4ae0-fc65-1269bf33f93e@labn.net> <b1c6345f-d3f1-735c-04cd-81c5a405ef11@ericsson.com> <0f7e2d9a-bf74-b5ea-6898-29ad2129a0c0@ericsson.com> <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in> <ddfc0ddb-3ac6-d4dc-da6e-8c9889dd77c4@ericsson.com> <BEAECAD3-DA6B-4858-97C3-6C05264761E0@cooperw.in> <CE03DB3D7B45C245BCA0D2432779493630516479@MX307CL04.corp.emc.com>
From: János Farkas <janos.farkas@ericsson.com>
Message-ID: <fc9b75ee-8768-42aa-b322-b085985e265e@ericsson.com>
Date: Wed, 24 Apr 2019 20:25:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D2432779493630516479@MX307CL04.corp.emc.com>
Content-Type: multipart/alternative; boundary="------------1EED15130D134E7623C83BA8"
Content-Language: en-US
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsUyM2J7sa7JqgMxBm9PKFlMP/OX0eLjrMUs Ftf6f7BY/P40m8Xiw7eZLBYz/kxktuhofsviwO7x5clLJo9JM2cweyxZ8pPJ48OmZrYAligu m5TUnMyy1CJ9uwSujPcv/jAWrGpmrvg27StrA+PnU4xdjJwcEgImEj9v3WLrYuTiEBI4yigx e84lFgjnG6PEo3PtzCBVQgJHGCWW3vMHsYUFCiT6LywHi4sIqEpcPfYDrJtZYDKTxNfGY1Dd m1gkVp59wwJSxSZgL3H30gawDl4g+1LXUTCbBaj7/KNj7CC2qECsxKcri6FqBCVOznwC1ssp 4Ccxtf0hWA2zQJjEy7mL2CBscYlbT+YzQVynJvHp7UP2CYyCs5C0z0LSMgtJC4RtITFz/nlG CFteonnrbGYIW0Oidc5cdmTxBYzsqxhFi1OLk3LTjYz0Uosyk4uL8/P08lJLNjEC4+vglt8G OxhfPnc8xCjAwajEw7tw+oEYIdbEsuLK3EOMEhzMSiK8Jtv3xwjxpiRWVqUW5ccXleakFh9i lOZgURLnjV69J0ZIID2xJDU7NbUgtQgmy8TBKdXAyFo8d91Gy4Lr3S1sG1QivH59bM+ufPTM wt2GV3iDmkHTxJpfz1z4XJemXe7ga1nvm8r24tws74nWkicrz/4+ZPhwFuOfH0uPeW8yO8m0 crHrrPfGfRd2+s0/n7J6m2OImEKo5eS0UCVx+5OtOen/NzzZb721cYlsj7zAHR+jelPmmJsJ HmGTlViKMxINtZiLihMB+gYBgasCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/stbrsM3ZYpkZmzqPjQPvrGW_N-c>
Subject: Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 18:26:06 -0000

Hi Alissa,

Thank you for the clarification.
I agree with the change you are suggesting.
I propose to make the change.

At this stage, I suggest to avoid any further change that is not necessary.

Thank you!
Janos


On 4/18/2019 6:52 PM, Black, David wrote:
>
> +1 on Alissa’s near-final comment:
>
> > […] the architecture does not actually forbid the possibility of 
> adding additional information into DetNet packets that could be used 
> as vectors for tracking/correlation.
>
> My understanding is that this is allowed by the DetNet architecture 
> even though none of the data plane designs have done so to date.  In 
> particular, I’ve seen some prior discussion of using DSCPs for to 
> identify DetNet traffic, even though that approach is not currently 
> being pursued.
>
> Thanks, --David
>
> *From:* detnet <detnet-bounces@ietf.org> *On Behalf Of *Alissa Cooper
> *Sent:* Wednesday, April 17, 2019 9:34 AM
> *To:* János Farkas
> *Cc:* draft-ietf-detnet-architecture@ietf.org; detnet@ietf.org; Lou 
> Berger; IESG; detnet-chairs@ietf.org
> *Subject:* Re: [Detnet] Alissa Cooper's Discuss on 
> draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
>
> [EXTERNAL EMAIL]
>
> Hi János,
>
>
>
>     On Apr 15, 2019, at 5:08 PM, János Farkas
>     <janos.farkas@ericsson.com <mailto:janos.farkas@ericsson.com>> wrote:
>
>     Hi Alissa,
>
>     Please see in-line.
>
>     On 4/12/2019 7:08 PM, Alissa Cooper wrote:
>
>         Hi János,
>
>
>
>             On Mar 25, 2019, at 12:16 PM, János Farkas
>             <janos.farkas@ericsson.com
>             <mailto:janos.farkas@ericsson.com>> wrote:
>
>             Hi Alissa,
>
>             We believe that we have addressed your comments in the
>             most recent revision:
>             https://tools.ietf.org/html/draft-ietf-detnet-architecture-12.
>             (https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM)
>
>             Please let us know what else you would like to see done
>             before you clear your DISCUSS.
>
>             I/we would be happy to meet with you this week if there is
>             anything you would like to discuss.
>
>             Regards,
>             Janos
>
>             On 2/26/2019 2:20 PM, János Farkas wrote:
>
>                 Hi Alissa,
>
>                 Thank you for your review!
>
>                 We can replace
>                 "DetNet is provides a Quality of Service (QoS), and as
>                 such, does not
>                    directly raise any new privacy considerations."
>                 with
>                 "DetNet provides a Quality of Service (QoS), and as
>                 such, is not expected to
>                    directly raise any new privacy considerations.”
>
>         I don’t understand why this is not expected. From what I can
>         tell, the architecture allows for the use off domain- or
>         app-flow-specific IDs. These seem like a new potential vector
>         for tracking, and one that not every QoS architecture requires.
>
>     As far as I understood from below, you were happy with the change
>     to "is not expected”.
>
> “Combined with the above removals” (about flow IDs and OAM) is what I 
> said. Either the architecture allows for these things, in which case 
> one might expect them, or it doesn’t.
>
>
>
>
>     Combined that with this discussion on the related text:
>     https://mailarchive.ietf.org/arch/msg/detnet/-L_wsGPMqNEOtPMgsGYaJ30nFXk
>
>     We came to the current text:
>        DetNet provides a Quality of Service (QoS), and as such, is not
>        expected to directly raise any new privacy considerations, the
>        generic considerations for such mechanisms apply.  In particular,
>        such markings allow for an attacker to correlate flows or to select
>        particular types of flow for more detailed inspection.
>
>
>     Flow ID and associated QoS is not a new concept introduced by
>     DetNet; therefore, does not expected to raise new concerns.
>
>     What specific further changes do you suggest to this text?
>
> Given your exchange with Benjamin and the email today from Stewart, I 
> would suggest:
>
> DetNet provides a Quality of Service (QoS) mechanism, and the generic
>
>    considerations for such mechanisms apply.  In particular, such markings
>
>    allow for an attacker to correlate flows or to select particular types
>
>    of flow for more detailed inspection.
>
> My point is that the architecture does not actually forbid the 
> possibility of adding additional information into DetNet packets that 
> could be used as vectors for tracking/correlation. This change would 
> also address my concern about the OAM piece, but if you or the WG want 
> to pursue further edits regarding OAM given Greg’s mail I’m happy to 
> review.
>
> Best,
>
> Alissa
>
>
>
>
>
>         This edit also doesn’t seem to cover the potential for
>         additional privacy exposure implied by the discussion of OAM
>         in Section 4.1.1:
>
>     Thank you for making clear that this is the text you mean under
>     "novel flow IDs and OAM tags" below. It was not clear to me
>     because the architecture document does not contain either new /
>     novel   Flow ID / OAM tag.
>
>
>         "OAM can involve specific tagging added in the packets for
>         tracing implementation or
>
>            network configuration errors; traceability enables to find
>         whether a
>
>            packet is a replica, which DetNet relay node performed the
>
>            replication, and which segment was intended for the replica.
>
>
>     This text is there since:
>     https://tools.ietf.org/html/draft-finn-detnet-architecture-05.
>
>
>         Active
>
>            and hybrid OAM methods require additional bandwidth to
>         perform fault
>
>            management and performance monitoring of the DetNet
>         domain.  OAM may,
>
>            for instance, generate special test probes or add OAM
>         information
>
>            into the data packet.”
>
>     This was added based on
>     https://www.ietf.org/mail-archive/web/detnet/current/msg01577.html.
>
>     This paragraph reads to me as pretty generic text on OAM.
>
>     What specific cahnge would you like to see made to this text?
>
>     Should we, e.g., update the first sentence of the paragraph to:
>        OAM can support tracing implementation or
>        network configuration errors. Traceability enables to find
>     whether a
>        packet is a replica, which DetNet relay node performed the
>        replication, and which segment was intended for the replica.
>
>     ?
>
>     Regards,
>     János
>
>
>
>
>         Thanks,
>
>         Alissa
>
>
>
>
>                 I'm not sure what "references to new flow IDs and OAM
>                 tags should be removed"?
>
>                 Could you point to the text that should be changed?
>
>                 Thank you!
>                 Janos
>
>                 On 2/20/2019 4:39 PM, Lou Berger wrote:
>
>                     On 2/20/2019 10:25 AM, Alissa Cooper wrote:
>
>
>
>                             On Feb 20, 2019, at 7:17 AM, Lou Berger
>                             <lberger@labn.net
>                             <mailto:lberger@labn.net>> wrote:
>
>                             Hi Alissa,
>
>                             Thanks for the comments - see below.
>
>                             On 2/20/2019 9:54 AM, Alissa Cooper wrote:
>
>                                 Alissa Cooper has entered the
>                                 following ballot position for
>                                 draft-ietf-detnet-architecture-11: Discuss
>
>                                 When responding, please keep the
>                                 subject line intact and reply to all
>                                 email addresses included in the To and
>                                 CC lines. (Feel free to cut this
>                                 introductory paragraph, however.)
>
>
>                                 Please refer to
>                                 https://www.ietf.org/iesg/statement/discuss-criteria.html
>                                 for more information about IESG
>                                 DISCUSS and COMMENT positions.
>
>
>                                 The document, along with other ballot
>                                 positions, can be found here:
>                                 https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/
>
>
>
>                                 ----------------------------------------------------------------------
>                                 DISCUSS:
>                                 ----------------------------------------------------------------------
>
>                                 = Section 6 =
>
>                                 "DetNet is provides a Quality of
>                                 Service (QoS), and as such, does not
>                                    directly raise any new privacy
>                                 considerations."
>
>                                 This seems like a false statement
>                                 given the possibility that DetNet may
>                                 require
>                                 novel flow IDs and OAM tags that
>                                 create additional identification and
>                                 correlation risk beyond existing
>                                 fields used to support QoS today.
>
>
>                             Based on the other work in the WG, I think
>                             "is not expected" is more accurate than
>                             "does not". This is based on the WG
>                             solutions for the DetNet data plane using
>                             existing IP (v4 or 6) headers or MPLS
>                             labels for flow identification.
>
>                         If that is the case then the references to new
>                         flow IDs and OAM tags should be removed from
>                         the architecture.
>
>                     sounds reasonable.  Can you point to the specific
>                     offending text?
>
>                     Thanks,
>
>                     Lou
>
>
>
>
>                             Would changing to "is not expected"
>                             address your concern?
>
>                         Combined with the above removals, that would
>                         work for me.
>
>                         Thanks,
>
>                         Alissa
>
>
>
>
>                             Thanks,
>
>                             Lou
>
>
>
>
>                         _______________________________________________
>
>                         detnet mailing list
>
>                         detnet@ietf.org  <mailto:detnet@ietf.org>
>
>                         https://www.ietf.org/mailman/listinfo/detnet
>

v2.23.0 | Report a Bug | By Email