Re: [Edm] Thoughts on greasing mechanisms

Mirja Kuehlewind <ietf@kuehlewind.net> Thu, 12 November 2020 19:07 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C10753A0045; Thu, 12 Nov 2020 11:07:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XkX6wTGrP2r1; Thu, 12 Nov 2020 11:07:01 -0800 (PST)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F3F93A003F; Thu, 12 Nov 2020 11:07:00 -0800 (PST)
Received: from p200300dee707b600141061c179aad33d.dip0.t-ipconnect.de ([2003:de:e707:b600:1410:61c1:79aa:d33d]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1kdHvr-0001kF-MJ; Thu, 12 Nov 2020 20:06:55 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <C26B3C62-D9DA-4A86-A60B-AB61A4F899C5@apple.com>
Date: Thu, 12 Nov 2020 20:06:54 +0100
Cc: edm@iab.org, Martin Thomson <mt@lowentropy.net>, Mark Nottingham <mnot@mnot.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FDDC396D-8712-4995-9C47-D0E630E90BF0@kuehlewind.net>
References: <C26B3C62-D9DA-4A86-A60B-AB61A4F899C5@apple.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1605208021;cb794178;
X-HE-SMSGID: 1kdHvr-0001kF-MJ
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/lws4VUCmrVMBHRBW29DBWxiLp0Y>
Subject: Re: [Edm] Thoughts on greasing mechanisms
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 19:07:04 -0000

Hm… I guess I have to say I’m not the biggest greasing “fan”. Greasing has proven a really useful mechanism, e.g. in the case of TLS to actually detect broken systems, however, I’m a bit sad that we need to build in the same hack into brand new protocols as it feels to me like a waste to reserve codepoints for that (as a German always looking for efficiency ;-) ). And what you propose maybe feels like you just add more bits to it. Maybe we need to consider better in protocol design that we not only make sure extension mechanisms are available but also frequently used and tested? Just a though…



> On 8. Nov 2020, at 05:40, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
> 
> One of the items I’d like to get kicked off for our work in the EDM program is updating and working on draft-iab-use-it-or-lose-it, which analyzes some problems with extension point use and makes recommendations. One of the newer approaches it covers is “greasing”. I filed the following issue for discussion, and would like to hear the input of the people on this list.
> 
> https://github.com/intarchboard/edm/issues/7
> 
> Can greasing mechanisms avoid reserving or coordinating "fake" values?
> 
> In TLS, GREASE (https://www.rfc-editor.org/rfc/rfc8701.html) reserves several values in different extension code point spaces to be used for greasing—that is, endpoints will randomly select some of the reserved values to send to the peer in order to ensure that the peer can handle unknown values.
> 
> This is also described in the use-it-or-lose-it draft which EDM is looking at (https://intarchboard.github.io/use-it-or-lose-it/draft-iab-use-it-or-lose-it.html#rfc.section.4.3). The description here also refers to the approach of reserving these values.
> 
> For existing protocols like TLS, reserving values seems to be the safest option. The downside is that these values represent only a finite subset of possible values; it is possible to still ossify to allow reserved greased values, but not allow others (if your implementation is particularly obstructive). It is also necessary to choose a wide distribution of values that ensure that the entire range of possible values is kept from ossifying.
> 
> Reservation of values is harder for other kinds of extension points. For example, the proposed HTTP greasing (https://tools.ietf.org/html/draft-nottingham-http-grease-01) discusses greasing header names and values. Since these are strings and other arbitrary values, simply reserving these ahead of time doesn't make sense. The proposal here is to have a coordination effort where greased values are agreed upon by the community.
> 
> If we are looking at recommendations for new protocol design, I wonder if we can come up with recommendations that achieve the goals of greasing without needing to rely on either reservation or coordination.
> 
> A goal we could have is that an endpoint can (and would) generate random or unknown values for various extension points to prevent ossification; but not risk causing a peer that actually does understand and handle that value to think that the endpoint is trying to use a protocol feature. Put another way, the random value should be indistinguishable from a valid value to the receiver of the value that doesn't support the valid version of the value; but a receiver that does understand the valid version of the value should be able to distinguish a greased/random value from an intentional value.
> 
> Consider an extension point like the ones that are greased in TLS, where the values are numbers within a range (say, 16-bit integers). Rather than just using these as Types in a Type-Length-Value scheme, the encoding could also include a value that proves if the sender is using a type based on a given version of a standard, or is just sending random data. Call this Type-Length-Hash-Value. In this case, when a given type is reserved, it could also define a unique pattern that can be hashed with something that changes in a message where the extension appears (like a nonce). If the receiver also knows the same unique pattern, it could confirm that the sender has the same understanding of the type by calculating the hash. A receiver that doesn't understand the type wouldn't be able to tell whether or not this was greased or valid.
> 
> A similar approach could be taken when the extensible values are strings, etc, allowing implementations to send random values without coordination.
> 
> Curious to hear people’s thoughts!
> 
> Best,
> Tommy
> -- 
> Edm mailing list
> Edm@iab.org
> https://www.iab.org/mailman/listinfo/edm