Re: [Edm] Please review draft-iab-use-it-or-lose-it-01
Toerless Eckert <tte@cs.fau.de> Fri, 16 July 2021 23:17 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: edm@ietfa.amsl.com
Delivered-To: edm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8324C3A0983 for <edm@ietfa.amsl.com>; Fri, 16 Jul 2021 16:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T2hVAlxd5LQi for <edm@ietfa.amsl.com>; Fri, 16 Jul 2021 16:17:38 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABBEE3A097F for <edm@iab.org>; Fri, 16 Jul 2021 16:17:38 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 7C06C548056; Sat, 17 Jul 2021 01:17:31 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 755604E7A74; Sat, 17 Jul 2021 01:17:31 +0200 (CEST)
Date: Sat, 17 Jul 2021 01:17:31 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Martin Thomson <mt@lowentropy.net>
Cc: edm@iab.org
Message-ID: <20210716231731.GR24216@faui48e.informatik.uni-erlangen.de>
References: <162626887655.14379.5438309391409890693@ietfa.amsl.com> <80F3F8A2-2C3C-4DE8-BD1D-07842F5B2F89@apple.com> <20210715154649.GD24216@faui48e.informatik.uni-erlangen.de> <5149e82e-4f98-411b-9e34-27f243352b95@www.fastmail.com> <a2a718ba-7231-449f-8a55-fcc6a7823d59@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <a2a718ba-7231-449f-8a55-fcc6a7823d59@www.fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/edm/t6GUYQYJpni5BwvLKBKGiXdjX9E>
Subject: Re: [Edm] Please review draft-iab-use-it-or-lose-it-01
X-BeenThere: edm@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Evolvability, Deployability, & Maintainability \(Proposed\) Program" <edm.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/edm>, <mailto:edm-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/edm/>
List-Post: <mailto:edm@iab.org>
List-Help: <mailto:edm-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/edm>, <mailto:edm-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 23:17:44 -0000
On Fri, Jul 16, 2021 at 06:06:17PM +1000, Martin Thomson wrote: > Just one note. Throughout you mention authentication where the draft uses the word "cryptography". My understanding of cryptography is that it encompasses a broad discipline that includes encryption and integrity protection and authentication and a bunch of related things. Are you perhaps reading that word with the narrow meaning of "encryption"? https://en.wikipedia.org/wiki/Cryptography "More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages" So yes, i would very much appreciate if authentication without encryption is explicitly mentioned as an option to limited arbitrary interaction with a protocol: "In particular, one of the consequences of an unencrypted protocol is that any element on path can interact with the protocol." I don't think anyone would consider that a protocol with authentication but without encryption is covered by that sentence. Likewise: "Cryptography can be used to reduce the number of middlebox entities that can participate in a protocol or limit the extent of participation. Using TLS or other cryptographic tools can therefore reduce the number of entities that can influence whether new features are usable." With TLS-1.3 having removed null encryption, that text too is leading toward only considering encryption. Cheers Toerless > Cheers, > Martin > > On Fri, Jul 16, 2021, at 17:14, Martin Thomson wrote: > > Hi Toerless, > > > > Thanks for the review. > > > > It's going to take me a little while to just read your email. If there > > are specific items that you think need to be drawn out in particular, I > > would encourage you to open issues or new threads on just those. It > > will be easy to lose things with an email this long. > > > > I'm just going to reply to your meta-level comments here. I might try > > to turn the rest of this into issues on the repository. > > > > On Fri, Jul 16, 2021, at 01:46, Toerless Eckert wrote: > > > I think it would be good to write that the problems an solutions likely > > > fall all into three high level categories: > > > > > > a) p2p protocol extension considerations. > > > b) 3 or more party protocol extension considerations > > > (including middleboxes as supported parties). > > > c) 2 or more party protocol considerations plus undesirable middleboxes. > > > > > > Separating b) and c) is IMHO most important, > > > > I disagree. The draft does acknowledge the fact that difficulty scales > > poorly as more protocol participants are involved, but this is not the > > focus of the draft at all. The text exists to acknowledge that as a > > problem, but the core thesis is not that these are different but that > > they are _fundamentally_ the same. The number of participants just > > scales the problem (often very quickly out of reach). > > > > Your category (c) is almost out of scope. The text on limiting > > unwanted participation is very narrowly focused here. It only exists > > because it was necessary to point out that unprotected protocols can > > have more participants than expected and that - once the problem is > > identified - the most obvious solution seemed worth noting (not that it > > is always a *practical* solution, of course). > > > > See also https://martinthomson.github.io/tmi/draft-thomson-tmi.html > > > > > The other high-level suggestion is that at least in my opinion > > > there is more that could be written about reasons. > > > > > > IMHO: The deeper the extension point is within a protocol, and the > > > more complex the protocols starte machienry reaction to > > > unsupported extensions hs to be in the state machinery, > > > the more difficult it is to make sure it will work correctly > > > when needed. Of course, the most easy case is when you have > > > extensible data structures signalled and some parts can > > > just be ignored, but that is not always the semantic required. > > > > I think that this is just a matter of degree. Whether an extension > > point is hard to reach hasn't seemed to affect its availability in the > > cases we've gathered thus far. It's whether people have been motivated > > to seek it and actively use it that has mattered. It's not like the IP > > version field is hard to find or complicated. And - not in the draft - > > arguably some of the extension points in SDP are harder to reach than > > others, but the hard ones (a=extmap) are often more reliable than the > > easy ones (RTP/SAVPF). > > > > -- > > Edm mailing list > > Edm@iab.org > > https://www.iab.org/mailman/listinfo/edm > > > > -- > Edm mailing list > Edm@iab.org > https://www.iab.org/mailman/listinfo/edm -- --- tte@cs.fau.de
- [Edm] Please review draft-iab-use-it-or-lose-it-01 Tommy Pauly
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Erik Auerswald
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Tommy Pauly
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Brian E Carpenter
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Martin Thomson
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Stewart Bryant
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Brian E Carpenter
- Re: [Edm] Please review draft-iab-use-it-or-lose-… Toerless Eckert