IETF Logo Mail Archive

Re: [Edm] Please review draft-iab-use-it-or-lose-it-01

Martin Thomson <mt@lowentropy.net> Mon, 19 July 2021 00:04 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35B53A1673 for <edm@ietfa.amsl.com>; Sun, 18 Jul 2021 17:04:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=F5FDeSqX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cZuza1G3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWGFKknrotgJ for <edm@ietfa.amsl.com>; Sun, 18 Jul 2021 17:03:54 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51A413A1674 for <edm@iab.org>; Sun, 18 Jul 2021 17:03:54 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 253C55C0056; Sun, 18 Jul 2021 20:03:50 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Sun, 18 Jul 2021 20:03:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=uSAZBNn5A21zi4f6frcx+50825If ZexwIAWRDcKaY4E=; b=F5FDeSqXTdmgc1wlUZEw4sEJi5kA0EiPn4HRfkzcF75+ y1sH9tc28afqhfrxRn70vsOjN2cKYW9uRcLzPJPqhCX5a2+COwMCEJqICJBnKawa E0iJmnk5lMeRMClZBH+nWdRpmzgFNI9KfLV1QWkwlw6O2QKornIhuM1h4HUP38D/ NdtRgyWVQxNjABwaPwItJhCa7QHiNLl902PymgewGx8gIJU4DkmENAbDwGIjrOi0 yn/qWccHm0q5te4wYWv97FN+jYxhBMbAa1TlPRdpPdC6DyzAf4idHaWoOP2I/0u2 YpsI66HGWukPaQjCvd0Fz02Jcs0sBG1d2DTYOoKh7w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=uSAZBN n5A21zi4f6frcx+50825IfZexwIAWRDcKaY4E=; b=cZuza1G3/yNE8Hcirq3vuD NixndY3hboDQH/UmQpAg5b1UIX6phEHviyN1p6rJgNzu+AZRYw8vtS2CoEJ49ARQ JUZIhlUjg4P+aCbWrVEweJuwlMnG7XofQsgA2V6TxguC4+UNZH/Y+YLwyo3Abirq tze2CU1xRlO01WljMAly91h1NKUn0IyJ00gmM8zwhqz0yAt9c/sywkgjnbUzurkF /hJvBralREr6RkDWkf3qKc92tLhira+5+BnFubDnbelL8NKU7Cc/vUdl1Qqv7rtS 1wUe0Yfq0BDS/7Tnq734H2k8TiWVZEodzYNbFbGoS1qmxvgO2F7wE09GuZJnYQ0A ==
X-ME-Sender: <xms:ZcH0YJxYcK-ClhoNXryryBL1bTvr7eNJLilx9MLH4y3ZneDC1292hA> <xme:ZcH0YJT-N-Ld-eZBlR58EdHn4g7MK29GvsJvvgpCM5dNXU-3fJzem-C9lkiVAND5S yGRTcIub0VKUeW1Sy8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvdelgddvhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepffelhfdufffhfefggfelje duvedtgfeutdffiedttefgveefveffffekuefggfevnecuffhomhgrihhnpehgihhthhhu sgdrtghomhdpfihikhhiphgvughirgdrohhrghdpfihikhhtihhonhgrrhihrdhorhhgne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehl ohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:ZcH0YDW1YKDQZeh07elccai6icxzbj9UA7_ZvYC-ExBWU5SS_B0Rww> <xmx:ZcH0YLgxunOlH-_-EtRuApamVW3qylucKU8hO89MSXDAcdQl-9n17A> <xmx:ZcH0YLA_1jADObeLnbkxOxDHb0gZL8EFVb7XcwCQJprrxZXMITtUOA> <xmx:ZsH0YO_vfRf11Odh4mEUrqKc9H3YdZcoI4ESBAhFOvsXCnRqi4aRKw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 666BE3C0E65; Sun, 18 Jul 2021 20:03:49 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-533-gf73e617b8a-fm-20210712.002-gf73e617b
Mime-Version: 1.0
Message-Id: <01832870-dfe9-42c8-b10f-d22169b94096@www.fastmail.com>
In-Reply-To: <20210716231731.GR24216@faui48e.informatik.uni-erlangen.de>
References: <162626887655.14379.5438309391409890693@ietfa.amsl.com> <80F3F8A2-2C3C-4DE8-BD1D-07842F5B2F89@apple.com> <20210715154649.GD24216@faui48e.informatik.uni-erlangen.de> <5149e82e-4f98-411b-9e34-27f243352b95@www.fastmail.com> <a2a718ba-7231-449f-8a55-fcc6a7823d59@www.fastmail.com> <20210716231731.GR24216@faui48e.informatik.uni-erlangen.de>
Date: Mon, 19 Jul 2021 10:03:30 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Toerless Eckert <tte@cs.fau.de>
Cc: edm@iab.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/NkklBMFF1ebZDECVkZIHFjJht68>
Subject: Re: [Edm] Please review draft-iab-use-it-or-lose-it-01
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 00:04:01 -0000


On Sat, Jul 17, 2021, at 08:37, Toerless Eckert wrote:
> So put all the text about undesirable middleboxes into a separate section,
> including the conclusions about encrypted protocols, because i don't
> think the document has arguments about encryption applicable to b).

I just reviewed the document and while there is mention of the multi-participant problem in a few places, the only substantive pieces are a dedicated section on the subject (which I think is worthwhile) and a separate section that mentions cryptography as a means of controlling participation.  I think that it is OK as it is.
 
> I think you are contradicting yourself.
> 
> Yes, the IP version field is indeed maybe the most easily reached
> extension point across the examples given. And IMHO we do not
> need to invent New IP Versions regularily just to keep the
> extension point greased (although i think there are other good
> reasons to do so, but thats a different discussion, happy to
> point you to a draft of mine for that too if there is interest ;-).
> 
> The example problem with the IP version extension point was
> one of c) - unplanned middleboxes. 

Routers are not unexpected protocol participants in IP.  What was unexpected there was that routers were forwarding v6 packets without understanding any of their contents.

Maybe this is a problem with approaching it from the perspective of the number of participants.  The key point is that other participants might not allow extension, regardless of how many participants there are.  The corollary is that more participants increases the chances that extension is blocked by a participant.  The supporting observation is that sometimes there are more participants than you might have expected.

I think that's a clean argument construction.

The unexpected participation observation doesn't really apply to the IP version example as you have to expect that every router on path needs to participate.  The >>2 corollary applies in full though.

> The more fundamental reason for this proposed characterization
> of some metric for difficulty of extension points (depth inside
> state machinery) is of course experience from testing suites and code
> coverage measurements. The deeper the extension point in the state
> machinery, the more code in the suite you need to get it covered.

I don't think that necessarily holds.  When we built QUIC, one of the most difficult pieces of code to build is the transport parameters.  It's right at the end of a long sequence of things that you need to get right with a bunch of interactions between encryption levels, transport stuff, TLS internals, and 0-RTT interactions.  It's about as deep in the state machine as I have ever experienced in building protocols.

QUIC transport parameters are nonetheless pretty completely reliable as a means of extending the protocol.  Maybe it's just because it is early days, but my belief is that it is the fact that we already have lots of uses of extensions that rely on them: https://github.com/quicwg/base-drafts/wiki/Temporary-IANA-Registry#quic-transport-parameters

On Sat, Jul 17, 2021, at 09:17, Toerless Eckert wrote:
> On Fri, Jul 16, 2021 at 06:06:17PM +1000, Martin Thomson wrote:
> > Just one note.  Throughout you mention authentication where the draft uses the word "cryptography".  My understanding of cryptography is that it encompasses a broad discipline that includes encryption and integrity protection and authentication and a bunch of related things.  Are you perhaps reading that word with the narrow meaning of "encryption"?
> 
> https://en.wikipedia.org/wiki/Cryptography
>   "More generally, cryptography is about constructing and analyzing protocols
>    that prevent third parties or the public from reading private messages"

https://en.wiktionary.org/wiki/cryptography is a better match with my understanding:

> The discipline concerned with communication security (eg, confidentiality of messages, integrity of messages, sender authentication, non-repudiation of messages, and many other related issues), [...]

v2.23.0 | Report a Bug | By Email