Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
János Farkas <janos.farkas@ericsson.com> Wed, 24 April 2019 18:26 UTC
Return-Path: <Janos.Farkas@ericsson.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF33C12011E for <detnet@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJpeUIlccRER for <detnet@ietfa.amsl.com>; Wed, 24 Apr 2019 11:26:03 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E4E120100 for <detnet@ietf.org>; Wed, 24 Apr 2019 11:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1556130356; x=1558722356; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+UsbKcNfXY8oISp/qCir4ZA6bLoo/y34TbVfhOSNuFo=; b=SDVqTe/UjI/dMzIZneuOCVyAlvmsTski76fHWkZ1uZs3SDeQUx0L6tXUQdXXj3aw +heRGxETUlWMhml1EdooZwfh3iGhsNvjBLZZq4tszQVpEOMDsEi+JjXF2BxJPnVV k0ccZ8rZ3T3/LU1Ogz6UzUT69UzINAGNNAA/7OMNQzU=;
X-AuditID: c1b4fb30-6ddff70000001814-5f-5cc0aa3412bc
Received: from ESESBMB502.ericsson.se (Unknown_Domain [153.88.183.115]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 93.F5.06164.43AA0CC5; Wed, 24 Apr 2019 20:25:56 +0200 (CEST)
Received: from ESESBMB502.ericsson.se (153.88.183.169) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 24 Apr 2019 20:25:56 +0200
Received: from [100.94.48.117] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.185) with Microsoft SMTP Server id 15.1.1713.5 via Frontend Transport; Wed, 24 Apr 2019 20:25:55 +0200
To: Alissa Cooper <alissa@cooperw.in>
CC: "Black, David" <David.Black@dell.com>, "draft-ietf-detnet-architecture@ietf.org" <draft-ietf-detnet-architecture@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, Lou Berger <lberger@labn.net>, IESG <iesg@ietf.org>, "detnet-chairs@ietf.org" <detnet-chairs@ietf.org>
References: <155067447797.31337.768983002923056061.idtracker@ietfa.amsl.com> <40b28261-5f04-7fcd-4f4f-ce243f32a808@labn.net> <1AA376D8-DE94-4FAF-B9D2-CC4E155CEC85@cooperw.in> <ec41b988-8f3c-4ae0-fc65-1269bf33f93e@labn.net> <b1c6345f-d3f1-735c-04cd-81c5a405ef11@ericsson.com> <0f7e2d9a-bf74-b5ea-6898-29ad2129a0c0@ericsson.com> <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in> <ddfc0ddb-3ac6-d4dc-da6e-8c9889dd77c4@ericsson.com> <BEAECAD3-DA6B-4858-97C3-6C05264761E0@cooperw.in> <CE03DB3D7B45C245BCA0D2432779493630516479@MX307CL04.corp.emc.com>
From: János Farkas <janos.farkas@ericsson.com>
Message-ID: <fc9b75ee-8768-42aa-b322-b085985e265e@ericsson.com>
Date: Wed, 24 Apr 2019 20:25:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D2432779493630516479@MX307CL04.corp.emc.com>
Content-Type: multipart/alternative; boundary="------------1EED15130D134E7623C83BA8"
Content-Language: en-US
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsUyM2J7sa7JqgMxBm9PKFlMP/OX0eLjrMUs Ftf6f7BY/P40m8Xiw7eZLBYz/kxktuhofsviwO7x5clLJo9JM2cweyxZ8pPJ48OmZrYAligu m5TUnMyy1CJ9uwSujPcv/jAWrGpmrvg27StrA+PnU4xdjJwcEgImEj9v3WLrYuTiEBI4yigx e84lFgjnG6PEo3PtzCBVQgJHGCWW3vMHsYUFCiT6LywHi4sIqEpcPfYDrJtZYDKTxNfGY1Dd m1gkVp59wwJSxSZgL3H30gawDl4g+1LXUTCbBaj7/KNj7CC2qECsxKcri6FqBCVOznwC1ssp 4Ccxtf0hWA2zQJjEy7mL2CBscYlbT+YzQVynJvHp7UP2CYyCs5C0z0LSMgtJC4RtITFz/nlG CFteonnrbGYIW0Oidc5cdmTxBYzsqxhFi1OLk3LTjYz0Uosyk4uL8/P08lJLNjEC4+vglt8G OxhfPnc8xCjAwajEw7tw+oEYIdbEsuLK3EOMEhzMSiK8Jtv3xwjxpiRWVqUW5ccXleakFh9i lOZgURLnjV69J0ZIID2xJDU7NbUgtQgmy8TBKdXAyFo8d91Gy4Lr3S1sG1QivH59bM+ufPTM wt2GV3iDmkHTxJpfz1z4XJemXe7ga1nvm8r24tws74nWkicrz/4+ZPhwFuOfH0uPeW8yO8m0 crHrrPfGfRd2+s0/n7J6m2OImEKo5eS0UCVx+5OtOen/NzzZb721cYlsj7zAHR+jelPmmJsJ HmGTlViKMxINtZiLihMB+gYBgasCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/stbrsM3ZYpkZmzqPjQPvrGW_N-c>
Subject: Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 18:26:06 -0000
Hi Alissa, Thank you for the clarification. I agree with the change you are suggesting. I propose to make the change. At this stage, I suggest to avoid any further change that is not necessary. Thank you! Janos On 4/18/2019 6:52 PM, Black, David wrote: > > +1 on Alissa’s near-final comment: > > > […] the architecture does not actually forbid the possibility of > adding additional information into DetNet packets that could be used > as vectors for tracking/correlation. > > My understanding is that this is allowed by the DetNet architecture > even though none of the data plane designs have done so to date. In > particular, I’ve seen some prior discussion of using DSCPs for to > identify DetNet traffic, even though that approach is not currently > being pursued. > > Thanks, --David > > *From:* detnet <detnet-bounces@ietf.org> *On Behalf Of *Alissa Cooper > *Sent:* Wednesday, April 17, 2019 9:34 AM > *To:* János Farkas > *Cc:* draft-ietf-detnet-architecture@ietf.org; detnet@ietf.org; Lou > Berger; IESG; detnet-chairs@ietf.org > *Subject:* Re: [Detnet] Alissa Cooper's Discuss on > draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT) > > [EXTERNAL EMAIL] > > Hi János, > > > > On Apr 15, 2019, at 5:08 PM, János Farkas > <janos.farkas@ericsson.com <mailto:janos.farkas@ericsson.com>> wrote: > > Hi Alissa, > > Please see in-line. > > On 4/12/2019 7:08 PM, Alissa Cooper wrote: > > Hi János, > > > > On Mar 25, 2019, at 12:16 PM, János Farkas > <janos.farkas@ericsson.com > <mailto:janos.farkas@ericsson.com>> wrote: > > Hi Alissa, > > We believe that we have addressed your comments in the > most recent revision: > https://tools.ietf.org/html/draft-ietf-detnet-architecture-12. > (https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM) > > Please let us know what else you would like to see done > before you clear your DISCUSS. > > I/we would be happy to meet with you this week if there is > anything you would like to discuss. > > Regards, > Janos > > On 2/26/2019 2:20 PM, János Farkas wrote: > > Hi Alissa, > > Thank you for your review! > > We can replace > "DetNet is provides a Quality of Service (QoS), and as > such, does not > directly raise any new privacy considerations." > with > "DetNet provides a Quality of Service (QoS), and as > such, is not expected to > directly raise any new privacy considerations.” > > I don’t understand why this is not expected. From what I can > tell, the architecture allows for the use off domain- or > app-flow-specific IDs. These seem like a new potential vector > for tracking, and one that not every QoS architecture requires. > > As far as I understood from below, you were happy with the change > to "is not expected”. > > “Combined with the above removals” (about flow IDs and OAM) is what I > said. Either the architecture allows for these things, in which case > one might expect them, or it doesn’t. > > > > > Combined that with this discussion on the related text: > https://mailarchive.ietf.org/arch/msg/detnet/-L_wsGPMqNEOtPMgsGYaJ30nFXk > > We came to the current text: > DetNet provides a Quality of Service (QoS), and as such, is not > expected to directly raise any new privacy considerations, the > generic considerations for such mechanisms apply. In particular, > such markings allow for an attacker to correlate flows or to select > particular types of flow for more detailed inspection. > > > Flow ID and associated QoS is not a new concept introduced by > DetNet; therefore, does not expected to raise new concerns. > > What specific further changes do you suggest to this text? > > Given your exchange with Benjamin and the email today from Stewart, I > would suggest: > > DetNet provides a Quality of Service (QoS) mechanism, and the generic > > considerations for such mechanisms apply. In particular, such markings > > allow for an attacker to correlate flows or to select particular types > > of flow for more detailed inspection. > > My point is that the architecture does not actually forbid the > possibility of adding additional information into DetNet packets that > could be used as vectors for tracking/correlation. This change would > also address my concern about the OAM piece, but if you or the WG want > to pursue further edits regarding OAM given Greg’s mail I’m happy to > review. > > Best, > > Alissa > > > > > > This edit also doesn’t seem to cover the potential for > additional privacy exposure implied by the discussion of OAM > in Section 4.1.1: > > Thank you for making clear that this is the text you mean under > "novel flow IDs and OAM tags" below. It was not clear to me > because the architecture document does not contain either new / > novel Flow ID / OAM tag. > > > "OAM can involve specific tagging added in the packets for > tracing implementation or > > network configuration errors; traceability enables to find > whether a > > packet is a replica, which DetNet relay node performed the > > replication, and which segment was intended for the replica. > > > This text is there since: > https://tools.ietf.org/html/draft-finn-detnet-architecture-05. > > > Active > > and hybrid OAM methods require additional bandwidth to > perform fault > > management and performance monitoring of the DetNet > domain. OAM may, > > for instance, generate special test probes or add OAM > information > > into the data packet.” > > This was added based on > https://www.ietf.org/mail-archive/web/detnet/current/msg01577.html. > > This paragraph reads to me as pretty generic text on OAM. > > What specific cahnge would you like to see made to this text? > > Should we, e.g., update the first sentence of the paragraph to: > OAM can support tracing implementation or > network configuration errors. Traceability enables to find > whether a > packet is a replica, which DetNet relay node performed the > replication, and which segment was intended for the replica. > > ? > > Regards, > János > > > > > Thanks, > > Alissa > > > > > I'm not sure what "references to new flow IDs and OAM > tags should be removed"? > > Could you point to the text that should be changed? > > Thank you! > Janos > > On 2/20/2019 4:39 PM, Lou Berger wrote: > > On 2/20/2019 10:25 AM, Alissa Cooper wrote: > > > > On Feb 20, 2019, at 7:17 AM, Lou Berger > <lberger@labn.net > <mailto:lberger@labn.net>> wrote: > > Hi Alissa, > > Thanks for the comments - see below. > > On 2/20/2019 9:54 AM, Alissa Cooper wrote: > > Alissa Cooper has entered the > following ballot position for > draft-ietf-detnet-architecture-11: Discuss > > When responding, please keep the > subject line intact and reply to all > email addresses included in the To and > CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG > DISCUSS and COMMENT positions. > > > The document, along with other ballot > positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > = Section 6 = > > "DetNet is provides a Quality of > Service (QoS), and as such, does not > directly raise any new privacy > considerations." > > This seems like a false statement > given the possibility that DetNet may > require > novel flow IDs and OAM tags that > create additional identification and > correlation risk beyond existing > fields used to support QoS today. > > > Based on the other work in the WG, I think > "is not expected" is more accurate than > "does not". This is based on the WG > solutions for the DetNet data plane using > existing IP (v4 or 6) headers or MPLS > labels for flow identification. > > If that is the case then the references to new > flow IDs and OAM tags should be removed from > the architecture. > > sounds reasonable. Can you point to the specific > offending text? > > Thanks, > > Lou > > > > > Would changing to "is not expected" > address your concern? > > Combined with the above removals, that would > work for me. > > Thanks, > > Alissa > > > > > Thanks, > > Lou > > > > > _______________________________________________ > > detnet mailing list > > detnet@ietf.org <mailto:detnet@ietf.org> > > https://www.ietf.org/mailman/listinfo/detnet >
- [Detnet] Alissa Cooper's Discuss on draft-ietf-de… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Lou Berger
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Lou Berger
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Greg Mirsky
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Stewart Bryant
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Black, David
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas