Re: [Edm] Thoughts on greasing mechanisms
Tommy Pauly <tpauly@apple.com> Fri, 13 November 2020 18:59 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45DC33A10A3 for <edm@ietfa.amsl.com>; Fri, 13 Nov 2020 10:59:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id adD2ima_jfsJ for <edm@ietfa.amsl.com>; Fri, 13 Nov 2020 10:59:49 -0800 (PST)
Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA1B73A108C for <edm@iab.org>; Fri, 13 Nov 2020 10:59:47 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 0ADIx1gM051934; Fri, 13 Nov 2020 10:59:46 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=fGamFYsmBEx/3xymCAo8caLhMi55Sf9Ld+oXEu0AyrM=; b=XfmsDf2lWXEf3O71OCaqr9NMZQZ9d+gE8XVhW8+jh5MP5JfMU0SLyyro6fdroW3laCvK u6lXVZJ6GkdgZbMZHQI51Ggw9OTin73acHbfl+nYFVAQtE9dgvC4V2PtNejYTAnUYxT9 n6g/28P1PnyaTPwM0f9ry4FUPYA1/ZiOw+O3xS0IN9XHDwlztt6GKOJriNxXVP4HCP6u wKv6HcwDdvq9A1K60YhtKQ4R8VuNOMT4+2geOP3csgvPr5E8kKGNBWubZ+2+xp7Z5UM7 6VaDnCcsEG7DvEg+ibe1WbW1ft6dEujaOyifGfklru6MCSncBJLKHa3KrE5OChqloPHH Qw==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 34ns520gnv-66 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 13 Nov 2020 10:59:46 -0800
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QJR00G8P0RL9A21@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 13 Nov 2020 10:59:45 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QJR00S000JRTG00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 13 Nov 2020 10:59:45 -0800 (PST)
X-Va-A:
X-Va-T-CD: e9d67ce7285e94c14859feadb7d3c5c8
X-Va-E-CD: 0c7d4d1d92843a5b7a3ab26b0fb51783
X-Va-R-CD: ff8bd99ea4d6c3c3ce6a5e087244dd2c
X-Va-CD: 0
X-Va-ID: c730d214-54a9-4851-ab60-408f75c64747
X-V-A:
X-V-T-CD: e9d67ce7285e94c14859feadb7d3c5c8
X-V-E-CD: 0c7d4d1d92843a5b7a3ab26b0fb51783
X-V-R-CD: ff8bd99ea4d6c3c3ce6a5e087244dd2c
X-V-CD: 0
X-V-ID: 1fd24df8-f6b0-45b0-b65d-b1ef2b308f76
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-13_10:2020-11-13, 2020-11-13 signatures=0
Received: from localhost.localdomain (unknown [17.234.122.131]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QJR00Z410RFZF00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Fri, 13 Nov 2020 10:59:44 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <DC94AF98-6A92-4446-84BD-1DDD293C2756@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_817DDBCE-F369-479B-9266-12CFAD2227D9"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.0.3.2.26\))
Date: Fri, 13 Nov 2020 10:59:37 -0800
In-reply-to: <A3F4201B-0595-4967-AED6-01B9567D5BBB@kuehlewind.net>
Cc: Mark Nottingham <mnot@mnot.net>, edm@iab.org, Martin Thomson <mt@lowentropy.net>
To: Mirja Kuehlewind <ietf@kuehlewind.net>
References: <C26B3C62-D9DA-4A86-A60B-AB61A4F899C5@apple.com> <FDDC396D-8712-4995-9C47-D0E630E90BF0@kuehlewind.net> <515CABD7-FC05-443E-8DB1-8C34DB47A394@mnot.net> <A3F4201B-0595-4967-AED6-01B9567D5BBB@kuehlewind.net>
X-Mailer: Apple Mail (2.3654.0.3.2.26)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-13_10:2020-11-13, 2020-11-13 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/pSPGvyVmD2BDc9AkEjH5b1geafE>
Subject: Re: [Edm] Thoughts on greasing mechanisms
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 18:59:59 -0000
> On Nov 13, 2020, at 12:34 AM, Mirja Kuehlewind <ietf@kuehlewind.net> wrote: > > > >> On 12. Nov 2020, at 23:26, Mark Nottingham <mnot@mnot.net> wrote: >> >> >> >>> On 13 Nov 2020, at 6:06 am, Mirja Kuehlewind <ietf@kuehlewind.net> wrote: >>> >>> Hm… I guess I have to say I’m not the biggest greasing “fan”. Greasing has proven a really useful mechanism, e.g. in the case of TLS to actually detect broken systems, however, I’m a bit sad that we need to build in the same hack into brand new protocols as it feels to me like a waste to reserve codepoints for that (as a German always looking for efficiency ;-) ). And what you propose maybe feels like you just add more bits to it. >> >> Why are new protocols different? Once they get deployed, they become not-new protocols, so why should our expectations change regarding ossification? > > I’m still hoping we can be smarter than this for new protocols… As I said greasing is a good way to detect ossification. Not sure if it really will avoid ossification. I think if a protocol can grease (or do an equivalent) from the start, it actually does have a better chance of avoiding ossification. Mirja, I entirely sympathize with the desire to not reserve code points forever for greasing—both for efficiency, and to avoid implementations ossifying for the non-reserved values. That’s partly why I’m trying to dig into the idea of how a new protocol would be able to design its extensibility in a way that allows “greasing" without needing to strictly reserve codepoints. > >> >>> Maybe we need to consider better in protocol design that we not only make sure extension mechanisms are available but also frequently used and tested? Just a though… >> >> I think that's exactly what greasing is -- exercising extension points artificially to assure that they maintain flexibility. > > The difference might be the word artificial. Yes, I think this is what the intent of greasing is. I think what we’ve seen so far is how we fit greasing into existing protocols like TLS, but there are opportunities to have a design that bakes the principles into the protocol itself. There could still be some “artificial” exercising of the extension mechanism, without necessarily needing to pre-allocated “artificial” values. Fundamentally, it seems like what we need to do to defend against ossifying a new extension mechanism is: - Ensure that implementations often see and must ignore unknown values without adverse effects - Ensure that implementations can’t simply filter out a range of unknown values and still mishandle values that will later be allocated - Ensure that an implementation can block or filter out values it knows about that it doesn’t want to support on purpose (like deprecated older values), without allowing it to block new values it doesn’t understand Does that seem like the right list of goals? Tommy > >> >> >> >>>> On 8. Nov 2020, at 05:40, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote: >>>> >>>> One of the items I’d like to get kicked off for our work in the EDM program is updating and working on draft-iab-use-it-or-lose-it, which analyzes some problems with extension point use and makes recommendations. One of the newer approaches it covers is “greasing”. I filed the following issue for discussion, and would like to hear the input of the people on this list. >>>> >>>> https://github.com/intarchboard/edm/issues/7 >>>> >>>> Can greasing mechanisms avoid reserving or coordinating "fake" values? >>>> >>>> In TLS, GREASE (https://www.rfc-editor.org/rfc/rfc8701.html) reserves several values in different extension code point spaces to be used for greasing—that is, endpoints will randomly select some of the reserved values to send to the peer in order to ensure that the peer can handle unknown values. >>>> >>>> This is also described in the use-it-or-lose-it draft which EDM is looking at (https://intarchboard.github.io/use-it-or-lose-it/draft-iab-use-it-or-lose-it.html#rfc.section.4.3). The description here also refers to the approach of reserving these values. >>>> >>>> For existing protocols like TLS, reserving values seems to be the safest option. The downside is that these values represent only a finite subset of possible values; it is possible to still ossify to allow reserved greased values, but not allow others (if your implementation is particularly obstructive). It is also necessary to choose a wide distribution of values that ensure that the entire range of possible values is kept from ossifying. >>>> >>>> Reservation of values is harder for other kinds of extension points. For example, the proposed HTTP greasing (https://tools.ietf.org/html/draft-nottingham-http-grease-01) discusses greasing header names and values. Since these are strings and other arbitrary values, simply reserving these ahead of time doesn't make sense. The proposal here is to have a coordination effort where greased values are agreed upon by the community. >>>> >>>> If we are looking at recommendations for new protocol design, I wonder if we can come up with recommendations that achieve the goals of greasing without needing to rely on either reservation or coordination. >>>> >>>> A goal we could have is that an endpoint can (and would) generate random or unknown values for various extension points to prevent ossification; but not risk causing a peer that actually does understand and handle that value to think that the endpoint is trying to use a protocol feature. Put another way, the random value should be indistinguishable from a valid value to the receiver of the value that doesn't support the valid version of the value; but a receiver that does understand the valid version of the value should be able to distinguish a greased/random value from an intentional value. >>>> >>>> Consider an extension point like the ones that are greased in TLS, where the values are numbers within a range (say, 16-bit integers). Rather than just using these as Types in a Type-Length-Value scheme, the encoding could also include a value that proves if the sender is using a type based on a given version of a standard, or is just sending random data. Call this Type-Length-Hash-Value. In this case, when a given type is reserved, it could also define a unique pattern that can be hashed with something that changes in a message where the extension appears (like a nonce). If the receiver also knows the same unique pattern, it could confirm that the sender has the same understanding of the type by calculating the hash. A receiver that doesn't understand the type wouldn't be able to tell whether or not this was greased or valid. >>>> >>>> A similar approach could be taken when the extensible values are strings, etc, allowing implementations to send random values without coordination. >>>> >>>> Curious to hear people’s thoughts! >>>> >>>> Best, >>>> Tommy >>>> -- >>>> Edm mailing list >>>> Edm@iab.org >>>> https://www.iab.org/mailman/listinfo/edm >>> >> >> -- >> Mark Nottingham https://www.mnot.net/ >> >> -- >> Edm mailing list >> Edm@iab.org >> https://www.iab.org/mailman/listinfo/edm >
- [Edm] Thoughts on greasing mechanisms Tommy Pauly
- Re: [Edm] Thoughts on greasing mechanisms Mark Nottingham
- Re: [Edm] Thoughts on greasing mechanisms Mirja Kuehlewind
- Re: [Edm] Thoughts on greasing mechanisms Mirja Kuehlewind
- Re: [Edm] Thoughts on greasing mechanisms Tommy Pauly