Re: [Dlt-networking] updated draft-mcbride-rtgwg-bgp-blockchain
Jordi Paillissé <jordi.paillisse@upc.edu> Tue, 29 November 2022 11:10 UTC
Return-Path: <jordi.paillisse@upc.edu>
X-Original-To: dlt-networking@ietfa.amsl.com
Delivered-To: dlt-networking@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6467C152719 for <dlt-networking@ietfa.amsl.com>; Tue, 29 Nov 2022 03:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Level:
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=upc-edu.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qov9fnMcDvrW for <dlt-networking@ietfa.amsl.com>; Tue, 29 Nov 2022 03:10:17 -0800 (PST)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7788CC1522B4 for <dlt-networking@ietf.org>; Tue, 29 Nov 2022 03:10:17 -0800 (PST)
Received: by mail-wr1-x42c.google.com with SMTP id g12so21479997wrs.10 for <dlt-networking@ietf.org>; Tue, 29 Nov 2022 03:10:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=upc-edu.20210112.gappssmtp.com; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=OydhOj3zfeR5dqqrf+5LRnKeOIXXIeZr9qgtm9uRr0c=; b=kUT4pbbnmDEXvvV3Y2w0MSOmAP4lAMWgVuYpka56KtMMcAGiZpUCBjC583jWOgc8qe NbBAq5C086c1zZ63d8JHfYFuLO5NFO7/yK2HUEjMCrd6BRomhPLuRIOX7RAqOya/qzM+ nB+062H0lCKNUZMbL42YhwWO6Et2Y2u4juGwD9mIz53ynbJRp+OWgnrJiB+XObVw96g8 /6inzlBHE+lzFLARJLTLvXX8LjfisEGHT5NwFdIlXrnq1IWQOnSGJn4vXJylj4Zkoqhn Z7eyM8yk0OyqJPOEw8kDVPsxwLNfjwEc4/zvdkJCgD9BAs33O/m2B73hOLECCfLoi9qb jP6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OydhOj3zfeR5dqqrf+5LRnKeOIXXIeZr9qgtm9uRr0c=; b=KXLKcOxRqxYXxbjfzkMQLdXAr4KksHHF4xhkEC7zS9X8QzERyGmw/IYVN2fbWYKjpk ZjXZ8pfBCT2GJvq43N28gxT5p4LJaZDdNGCIBKV6tz58BKxrf+gFVVQyr7NG/ogO/ygO bjDTpJ7/z7IBzW7YOF6/PEe6Xl6xxtzSMwBSO5S+icsauO1yLGwR31mYa8ItmXJCAMv1 BMv6q7N/+MKVSpMcKm+vN9GaOOtvScBgPTn9oo4uzdeu2ktgCWnKXR/oADPxlps8/awz LQAEh2KAsjeFaXqVULCjporPeZMF3CuQapz6qeFLKrkR90UW49qLu2X9Wzh9dbHS/HzV IHRA==
X-Gm-Message-State: ANoB5pmXYyszotz55InFR4VNbVEa/t5dR9sk2Hdy/NFHzbQn+v0bhygW Wwi7zgXJvZ66OxBUBM3mvTJJNw==
X-Google-Smtp-Source: AA0mqf6jJl4Dsp6MU6/SbaNzdDWXe/mimtXLyM0thwyGlL8+rcpf37nrf6iamUzOtoBBdkuE57ctmw==
X-Received: by 2002:adf:ff87:0:b0:241:db60:918a with SMTP id j7-20020adfff87000000b00241db60918amr25443419wrr.311.1669720215409; Tue, 29 Nov 2022 03:10:15 -0800 (PST)
Received: from [192.168.68.114] (2.red-79-158-103.dynamicip.rima-tde.net. [79.158.103.2]) by smtp.gmail.com with ESMTPSA id s18-20020adfea92000000b0023677e1157fsm13350330wrm.56.2022.11.29.03.10.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Nov 2022 03:10:14 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------Xkgo2YJfXQyQEx0RRr7qwwQq"
Message-ID: <e08fa221-1dfe-75a1-2dcf-d36e47daa9a7@upc.edu>
Date: Tue, 29 Nov 2022 12:10:13 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
Content-Language: ca
To: Dirk Trossen <dirk.trossen@huawei.com>, Michael McBride <michael.mcbride@futurewei.com>, Thomas Martin <T.Martin@mmu.ac.uk>, "dlt-networking@ietf.org" <dlt-networking@ietf.org>
Cc: "rtgwg@ietf.org" <rtgwg@ietf.org>
References: <BYAPR13MB2582A778C609AE79B203B972F4BD9@BYAPR13MB2582.namprd13.prod.outlook.com> <DB9PR01MB9566BE9C585622CAE4D6AAB5C4079@DB9PR01MB9566.eurprd01.prod.exchangelabs.com> <a8b21371b835403fbca314b27c6d8de4@huawei.com> <BYAPR13MB2582C7C2937E280BDF86D930F4069@BYAPR13MB2582.namprd13.prod.outlook.com> <4374e626-8eec-4a2c-b3ea-dadcadfa2be1@upc.edu> <2830f4ba9f2d4390a88d24689a924de1@huawei.com> <45cb2a39-486f-629e-9c03-4635db8fe5a9@upc.edu> <50abb6870ffa454db44f98a42cbe5203@huawei.com>
From: Jordi Paillissé <jordi.paillisse@upc.edu>
In-Reply-To: <50abb6870ffa454db44f98a42cbe5203@huawei.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dlt-networking/qHi7kT1dcJIHzGHGBDi_-jkWAqE>
Subject: Re: [Dlt-networking] updated draft-mcbride-rtgwg-bgp-blockchain
X-BeenThere: dlt-networking@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DLT Networking <dlt-networking.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dlt-networking>, <mailto:dlt-networking-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dlt-networking/>
List-Post: <mailto:dlt-networking@ietf.org>
List-Help: <mailto:dlt-networking-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dlt-networking>, <mailto:dlt-networking-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2022 11:10:21 -0000
Hi Dirk, Yep, this makes sense to me. Thanks, Jordi El 28/11/22 a les 09:24, Dirk Trossen ha escrit: > > Hi Jordi, > > My point is that gathering the need for those latency boundaries > allows for designing/thinking of a DCS that would indeed have the > ‘right’ boundary (to be any useful for BGP updates). IOW, any DCS not > being ‘fast enough’ is of no use, is it? > > Best, > > Dirk > > *From:*Jordi Paillissé Vilanova <jordi.paillisse@upc.edu> > *Sent:* 25 November 2022 16:32 > *To:* Dirk Trossen <dirk.trossen@huawei.com>; Michael McBride > <michael.mcbride@futurewei.com>; Thomas Martin <T.Martin@mmu.ac.uk>; > dlt-networking@ietf.org > *Cc:* rtgwg@ietf.org > *Subject:* Re: [Dlt-networking] updated draft-mcbride-rtgwg-bgp-blockchain > > Hi Dirk, > > Thanks for your answer. > > If I understood your last paragraph correctly, do you mean that a DCS > for BGP updates would have some kind of bounded delay for message > propagation, so its data can keep up with the propagation speed of > "regular" BGP messages? > > Thanks, > > Jordi > > El 17/11/22 a les 18:02, Dirk Trossen ha escrit: > > Hi Jordi, > > Thanks for the reference, which is really useful. We’ve not looked > specifically into the right consensus mechanism but as you outline > in your paper, PoS seems to be fitting given the use case here, > indeed. PoW seems to not only be somehow disconnected from the > ‘ownership’ aspect that the use case embodies but its prohibitive > footprint makes it not a candidate of choice when proposing this > as a mechanism going forward (the IAB workshop on environmental > impact of Internet applications comes to mind here). > > You are right that the challenge lies in the consensus > convergence, i.e., the ‘throughput’ of the DCS in terms of > transaction validations. This also relates to the draft on impact > of DLTs on provider networks > (https://datatracker.ietf.org/doc/draft-trossen-rtgwg-impact-of-dlts/) > , where we studied what the required messaging in a DCS (with the > example being ETH in the work) caused by the needed diffusion > multicast in DLT is doing in and to networks. > > Those insights, however, may be useful to think of network > innovations that may improve not just on that impact (in terms of > signaling and thus costs) but also convergence time. A first step > would be to bound that required time, given by the use case here > (validating BGP updates) in order to define the boundary against > which any possible (DCS) solution must be designed. > > Best, > > Dirk > > *From:*Dlt-networking <dlt-networking-bounces@ietf.org> > <mailto:dlt-networking-bounces@ietf.org> *On Behalf Of *Jordi > Paillissé Vilanova > *Sent:* 17 November 2022 17:14 > *To:* Michael McBride <michael.mcbride@futurewei.com> > <mailto:michael.mcbride@futurewei.com>; Dirk Trossen > <dirk.trossen@huawei.com> <mailto:dirk.trossen@huawei.com>; Thomas > Martin <T.Martin@mmu.ac.uk> <mailto:T.Martin@mmu.ac.uk>; > dlt-networking@ietf.org > *Cc:* rtgwg@ietf.org > *Subject:* Re: [Dlt-networking] updated > draft-mcbride-rtgwg-bgp-blockchain > > Hi Thomas, Mike, > > I had a quick look at your draft and a key question that comes to > my mind is: which consensus algorithm would you use in the this > blockchain? You mention linking the blockchain access control to > the the RPKI, but not how you'd achieve consensus. > > However, even though I am a blockchain enthusiast, I see some > difficulties in deploying such blockchain. What would be really > nice, adding the AS_PATH (right now not covered by the RPKI and > dependent on the deployment of BGPsec) presents some scalability > challenges, because there is a significant amount of data to > validate and needs to propagate as fast as possible so routers can > validate the BGP announcements. > > You may want to have a look at our paper about the topic: > https://ieeexplore.ieee.org/abstract/document/8903274 > > Thanks, > > Jordi > > El 17/11/22 a les 1:52, Michael McBride ha escrit: > > Good points Thomas and Dirk. > > We will add some of that text to the draft, Thomas, thank you, > you are welcome to join the draft as an author if interested. > By group of users I was thinking of those devices (minors, > validators) which actually create the blocks. Good point about > smart contracts, we need to explain their role in greater detail. > > Before our next IETF (Yokohama) I’d like to have a draft which > proposes specifically how we think blockchain can help a > routing protocol such as BGP. The current draft simply > provides an overview of various possibilities. It’ll probably > be a good idea to have a side meeting as well to discuss this > topic beyond 10 minutes in rtgwg. > > Lastly, some of the comments during the rtgwg meeting (cc’d) > included: > > 1. Having a blockchain as part of the bgp control loop is > probably not a good thing due it’s low transaction speed. > 2. Only way this may be useful is to show proof of ownership > of network assignments (addr, prefix, AS, etc). > 3. BGP policy may be a good area of focus for blockchain: > Address delegation contracts. Billing. ARIN/RIPE databases... > > mike > > *From:* Dirk Trossen <dirk.trossen@huawei.com> > <mailto:dirk.trossen@huawei.com> > *Sent:* Wednesday, November 16, 2022 5:09 AM > *To:* Thomas Martin <T.Martin@mmu.ac.uk> > <mailto:T.Martin@mmu.ac.uk>; Michael McBride > <michael.mcbride@futurewei.com> > <mailto:michael.mcbride@futurewei.com>; dlt-networking@ietf.org > *Subject:* RE: updated draft-mcbride-rtgwg-bgp-blockchain > > Hi Thomas, > > Many thanks for the feedback and comments. Good to see the > discussion; I will leave it to Mike to decide whether we > should reflect this discussion also on the RTG WG list (where > the draft was presented). For now, I am quite fine here. > > Best, > > Dirk > > *From:* Dlt-networking <dlt-networking-bounces@ietf.org> *On > Behalf Of *Thomas Martin > *Sent:* 16 November 2022 12:40 > *To:* Michael McBride <michael.mcbride@futurewei.com>; > dlt-networking@ietf.org > *Subject:* Re: [Dlt-networking] updated > draft-mcbride-rtgwg-bgp-blockchain > > Hello, > > I've read the draft and I have some comments (first time > posting to a IETF mailing list, apologies if there's etiquette > I'm not aware of). The proposal seems to be written with a > view of putting BGP data in the blockchain and using smart > contracts to control how the data is managed. This is creating > a single source of truth, something that blockchains are > particularly well suited for. However, reading some of the > draft indicates to me that there is potential that has not > been identified: > > "In terms of trust assumptions, a DCS for BGP may require > authentication to prevent fraudulent DCS transactions, such as > fraudulent BGP announcements being made. For this, the > existing RPKI system could be used to authorize any client > before sending suitable smart contract transactions into the > DCS." > > "Furthermore, the DCS could be permissisoned, thereby > restricting the nodes holding as well as accessing information > to trusted members of the community." > > Both of these quotes indicates that > authentication/authorisation would need to be added-on to the > DCS. Blockchains have inherent authentication through the use > of public-private keys. Any action that changes the state of > the blockchain ledger requires a signature, which > authenticates the entity (only someone with the private key > could have created the signature). If you need some method of > relating a blockchain address to a real-world entity, then > that is something that would need to be added-on. But any > blockchain solution should take advantage of the inherent > authentication provided by the use of public keys. > > */[DOT] Your reference to the pub/priv keys used is, in fact, > similar to the use of the RPKI system for achieving the same > objective. The BGP community is quite familiar with its > objective and purpose, hence the mentioning on it rather than > the pub/priv keys usually used in BC. /* > > */[DOT] When it comes to the permissioned aspect, it more > relates to your issue below, I think./* > > The other implicit message I read from the above quotes (and > the rest of the draft) was the idea of a group of authorised > users. That there is some set of users who can make changes to > the BGP data on the blockchain, and everyone else is prevented > from changing anything/can only read the data. To me, this is > not implementing the principle of least privilege. > > */[DOT] I am not entirely sure that this is the message that > was intended here and I would argue that the possibly > commissioned nature is not about that either (if anything, it > is restricting the set of users per se, period, not just for > write access). /* > > If the smart contract is only checking membership in the > authorised set, then the users would have the capability to > perform many actions beyond what they should. Accidental > errors (or compromised accounts) could lead to harm. A secure > blockchain system will place as much of the logic > controlling/restricting access in the code of the smart > contract itself as possible as this is the least corruptible > part of the system. > > */[DOT] I agree with that, if that was indeed the intended > objective but see my last comment. /* > > To apply this to BGP, it could be possible to use another > thing that blockchains do very well: namely assigning > individual owners to resources. NFTs gets a lot of deserved > ridicule for the associated hype and unethical behaviour, but > the technology allows a verifiable single source of ownership > to be determined. This is something that a PKI cannot do. It > is possible to have multiple conflicting chains of > certificates signed (e.g., through error or attack). To me, > the natural application of blockchains to BGP would be to > consider prefixes as tokens assigned to AS blockchain > addresses. The unique owner of any prefix could be determined > with high confidence. This, plus the signing of peering > relationships by the relevant ASes, could solve a lot of the > problems with fraudulent announcements. If the smart contract > is written correctly (big if, obviously), then it would be > impossible for any entity to announce a route they were not > authorised to. > > */[DOT] I think this is an excellent point and worthwhile > capturing in the draft, i.e., using BC to assert ownership of > a resource (like a prefix). If we positioned this (rightly) as > the key issue for BGP operations, all else may just be > ‘bootstrapped’ from it. /* > > There are a lot of unanswered questions about how practical > and scalable any of the above is. > > */[DOT] You may (or may not) have noticed a second draft in > the IETF on “impact of DLTs on provider networks”, now > superseded by a more detailed publication and originating from > some work done in the IIC (Industrial Internet Consortium) > with a whitepaper released in Jan 2022. This work is looking > at DCS (example there is Ethereum) and what it ‘does’ to a > network, largely driven by the need for capability-based > communication to realise the randomized diffusion > broadcast/multicast that underlies the DLT operation. From a > network perspective, it is quite painful but raises also > interesting questions on how networks could improve on it or > provide support (through network-level innovations). /* > > It is an area of research I've put some thought into, but not > yet had much of a chance to do any serious work on it. If any > of the above may be applicable to the aim of this group, > please let me know. > > */[DOT] It sure sounds like it and it would be good to get > these thoughts into a revision of the draft and further > discussed. We are still looking into the constituency within > the IETF to have this conversation but it may well be this > group, which will hopefully grow. /* > > Kind Regards, > > Thomas. > > ** > > Dr Thomas Martin (he/him) | Senior Lecturer | Department of > Computing and Mathematics | t.martin@mmu.ac.uk > > > 0161 247 1501 | Room JD E120 > > Manchester Metropolitan University | John Dalton Building | > Manchester | M1 5GD > > Office Hours: Monday 3:00 - 4:30 pm and Wednesday 11:30 - 1:00 pm > > Please note that I am on a flexible working schedule and will > only be reading/answering MMU email on Monday/Tuesday/Wednesday > > ------------------------------------------------------------------------ > > *From:*Dlt-networking <dlt-networking-bounces@ietf.org> on > behalf of Michael McBride <michael.mcbride@futurewei.com> > *Sent:* 01 July 2022 9:46 PM > *To:* dlt-networking@ietf.org <dlt-networking@ietf.org> > *Subject:* [Dlt-networking] updated > draft-mcbride-rtgwg-bgp-blockchain > > *This email originated from outside of Manchester Met. Do not > click links or open attachments unless you recognise the > sender and believe the content to be safe. Please contact the > IT Helpline if you have any concerns, > https://www.mmu.ac.uk/isds/contact > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mmu.ac.uk%2Fisds%2Fcontact&data=05%7C01%7Cmichael.mcbride%40futurewei.com%7C3c48c5a9deb648bd46e708dac7d3b518%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638042009342782431%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SZxvPzLDwCZ7YkLp43K77bLq8NSaqUmJWHipD7Writg%3D&reserved=0>* > > ------------------------------------------------------------------------ > > Hello, > > A couple of new authors joined in and we’ve updated > https://www.ietf.org/archive/id/draft-mcbride-rtgwg-bgp-blockchain-01.txt > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-mcbride-rtgwg-bgp-blockchain-01.txt&data=05%7C01%7Cmichael.mcbride%40futurewei.com%7C3c48c5a9deb648bd46e708dac7d3b518%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638042009342782431%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FBDHIa9semYZv6DXO4UpUdG5HzOOBtSeYPict4JYK8w%3D&reserved=0> > with a fair amount of new information including the use of > smart contracts. Please give it a read and comment if you feel > it’s on the right track or not. We have time to update the > draft again before the deadline. We will likely discuss this > at the upcoming IETF 114 meeting in rtgwg if there is time. > Hope to see many of you in Philly. > > Thanks, > > mike > > "Before acting on this email or opening any attachments you > should read the Manchester Metropolitan University email > disclaimer available on its website > http://www.mmu.ac.uk/emaildisclaimer > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mmu.ac.uk%2Femaildisclaimer&data=05%7C01%7Cmichael.mcbride%40futurewei.com%7C3c48c5a9deb648bd46e708dac7d3b518%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C638042009342782431%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sUy1w7ALgeupl84GVTwst2RUE1d90jCBQ7o5Voog78E%3D&reserved=0> > " > > > > > _______________________________________________ > > rtgwg mailing list > > rtgwg@ietf.org > > https://www.ietf.org/mailman/listinfo/rtgwg >
- [Dlt-networking] updated draft-mcbride-rtgwg-bgp-… Michael McBride
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Thomas Martin
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Dirk Trossen
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Michael McBride
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Jordi Paillissé Vilanova
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Dirk Trossen
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Jordi Paillissé Vilanova
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Dirk Trossen
- Re: [Dlt-networking] updated draft-mcbride-rtgwg-… Jordi Paillissé