Re: [Edm] Please review draft-iab-use-it-or-lose-it-01
Toerless Eckert <tte@cs.fau.de> Mon, 19 July 2021 17:37 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E6D73A142F for <edm@ietfa.amsl.com>; Mon, 19 Jul 2021 10:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9QKzCzkujv7 for <edm@ietfa.amsl.com>; Mon, 19 Jul 2021 10:37:43 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D337A3A14A3 for <edm@iab.org>; Mon, 19 Jul 2021 10:37:42 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id EA5A9548049; Mon, 19 Jul 2021 19:37:35 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id E2A5E4E7AB6; Mon, 19 Jul 2021 19:37:35 +0200 (CEST)
Date: Mon, 19 Jul 2021 19:37:35 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Martin Thomson <mt@lowentropy.net>
Cc: edm@iab.org
Message-ID: <20210719173735.GC24216@faui48e.informatik.uni-erlangen.de>
References: <162626887655.14379.5438309391409890693@ietfa.amsl.com> <80F3F8A2-2C3C-4DE8-BD1D-07842F5B2F89@apple.com> <20210715154649.GD24216@faui48e.informatik.uni-erlangen.de> <5149e82e-4f98-411b-9e34-27f243352b95@www.fastmail.com> <a2a718ba-7231-449f-8a55-fcc6a7823d59@www.fastmail.com> <20210716231731.GR24216@faui48e.informatik.uni-erlangen.de> <01832870-dfe9-42c8-b10f-d22169b94096@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <01832870-dfe9-42c8-b10f-d22169b94096@www.fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/L2JEN2jbWbjxW9cBavXjLsqY8Qw>
Subject: Re: [Edm] Please review draft-iab-use-it-or-lose-it-01
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 17:37:48 -0000
On Mon, Jul 19, 2021 at 10:03:30AM +1000, Martin Thomson wrote:
>
>
> On Sat, Jul 17, 2021, at 08:37, Toerless Eckert wrote:
> > So put all the text about undesirable middleboxes into a separate section,
> > including the conclusions about encrypted protocols, because i don't
> > think the document has arguments about encryption applicable to b).
>
> I just reviewed the document and while there is mention of the multi-participant problem in a few places, the only substantive pieces are a dedicated section on the subject (which I think is worthwhile) and a separate section that mentions cryptography as a means of controlling participation. I think that it is OK as it is.
I stand by my suggestion for better structurin by categorization of cases,
such as with unplanned middleboxes.
> > The example problem with the IP version extension point was
> > one of c) - unplanned middleboxes.
>
> Routers are not unexpected protocol participants in IP. What was unexpected there was that routers were forwarding v6 packets without understanding any of their contents.
"IP's version field was
rendered useless when encapsulated over Ethernet, requring a new
ethertype with IPv6 [RFC2462], due in part to layer 2 devices making
version-independent assumptions about the structure of the IPv4
header."
Aka: yes, routers are not unplanned middleboxes, but in -04 you wrote about
layer 2 devices, not routers. Btw: A pointer or more elaboration about that
incident would be nice, because i do not remember this type of incident with
L2 devices.
> Maybe this is a problem with approaching it from the perspective of the number of participants. The key point is that other participants might not allow extension, regardless of how many participants there are. The corollary is that more participants increases the chances that extension is blocked by a participant. The supporting observation is that sometimes there are more participants than you might have expected.
Indeed. And "participant" again has multiple aspects:
- how many participants are allowed in a protocol communication
- how many implementations are there
- how many versions of implemenations are there
- how many different operators deploy a subset of the participants
In IP for example, the upper bound of participants in a communications
is arguably 255 (TTL expiry of a packet), but the total number
of implementations * versions * operators is much much larger.
And this doesn't take into account unplanned participants.
> I think that's a clean argument construction.
Right. And my explanation above was trying to show a worst-case example
of why the number of participants alone isn't even an upper bound for the
complexity of the problem when you have a popular, widely implemented/deployed
protocol.
> The unexpected participation observation doesn't really apply to the IP version example as you have to expect that every router on path needs to participate. The >>2 corollary applies in full though.
>
> > The more fundamental reason for this proposed characterization
> > of some metric for difficulty of extension points (depth inside
> > state machinery) is of course experience from testing suites and code
> > coverage measurements. The deeper the extension point in the state
> > machinery, the more code in the suite you need to get it covered.
>
> I don't think that necessarily holds. When we built QUIC, one of the most difficult pieces of code to build is the transport parameters. It's right at the end of a long sequence of things that you need to get right with a bunch of interactions between encryption levels, transport stuff, TLS internals, and 0-RTT interactions. It's about as deep in the state machine as I have ever experienced in building protocols.
Can't well comment as i do not know QUIC, but if there was something like a decision
tree over the extension poins with probabiliies on reaching any leaf based on
practical experience with deployments, then i wold not be surprised if many
leafs have a 0% probability to be reached in todays actual deployments,
and those leafs of course are the mayor concerns if/when they would get used
in the future.
Cheers
Toerless
> QUIC transport parameters are nonetheless pretty completely reliable as a means of extending the protocol. Maybe it's just because it is early days, but my belief is that it is the fact that we already have lots of uses of extensions that rely on them: https://github.com/quicwg/base-drafts/wiki/Temporary-IANA-Registry#quic-transport-parameters
>
> On Sat, Jul 17, 2021, at 09:17, Toerless Eckert wrote:
> > On Fri, Jul 16, 2021 at 06:06:17PM +1000, Martin Thomson wrote:
> > > Just one note. Throughout you mention authentication where the draft uses the word "cryptography". My understanding of cryptography is that it encompasses a broad discipline that includes encryption and integrity protection and authentication and a bunch of related things. Are you perhaps reading that word with the narrow meaning of "encryption"?
> >
> > https://en.wikipedia.org/wiki/Cryptography
> > "More generally, cryptography is about constructing and analyzing protocols
> > that prevent third parties or the public from reading private messages"
>
> https://en.wiktionary.org/wiki/cryptography is a better match with my understanding:
>
> > The discipline concerned with communication security (eg, confidentiality of messages, integrity of messages, sender authentication, non-repudiation of messages, and many other related issues), [...]
--
---
tte@cs.fau.de
- [Edm] Please review draft-iab-use-it-or-lose-it-01 Tommy Pauly
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Erik Auerswald
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Tommy Pauly
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Brian E Carpenter
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Stewart Bryant
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Brian E Carpenter
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert