Re: [Explicit-meas] Comparing Alternate Marking and Explicit Flow Measurements (Spin bit, ...)

Ian Swett <ianswett@google.com> Thu, 01 April 2021 13:42 UTC

Return-Path: <ianswett@google.com>
X-Original-To: explicit-meas@ietfa.amsl.com
Delivered-To: explicit-meas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54A983A122C for <explicit-meas@ietfa.amsl.com>; Thu, 1 Apr 2021 06:42:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gb9hHAntFJcR for <explicit-meas@ietfa.amsl.com>; Thu, 1 Apr 2021 06:42:22 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDCAF3A1224 for <explicit-meas@ietf.org>; Thu, 1 Apr 2021 06:42:20 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id e18so1874992wrt.6 for <explicit-meas@ietf.org>; Thu, 01 Apr 2021 06:42:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+2UkLBtPo+p0nwg8ZLw1r8AsJXAEkgdpwuCCaQFfmoI=; b=LnpvKkjpKlmlFdhDK5kEWik/JfRTwfoVVoH10RA3UdsIw5oV6c09KkIB19RSDiL7dD 8lOaKLk9PJXUMl4sTJKPa+Guo0g5NvB3AV0xwTESPmYOdOM9Ybh0eJf49CqRzpww9rLN Pie8EjX2NlkM3A3YN4v4jnZVw63kwcoHpl53RQHUdulze5UzjaXj6f+uNd5krtxRefxO RHvIGmJG5+zwdRE2vwmqNBgNIKOlpYEy0i2iE73D4ueFJH5QM3mfFwjt2Y7eMW5FQGdx AOdx4pctfeo7fcOlJSQkOqFsuuDkyO2EK9Dyd+rPhynWKnBVNyXD8/xUjQube+9M2q41 PjHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+2UkLBtPo+p0nwg8ZLw1r8AsJXAEkgdpwuCCaQFfmoI=; b=gYhoxBYh1cENRswV6aGIU6fx3qv2fPaMu2gCkvmqIGVVaJQKLp+eKMVeUyOCCo78To aKZ4REHRE1m26RL9zQ7h7jo/gJaJWSTtVY5BezTXiofN7dWlQ1QwAug77FnCo9shF7ur L148h++H/G++yffHH06/jl0f2rXXb0GX6kfiliJeTpYNlZpVT0w7J4zRDZstbABBy2dJ aicZ7LbCnjZ6qcdThgLGPPo7kPL1dvuhWrdWYkA1wQbt3jT7TsoBLo/EJP82OAn5iEbh 4GmXHwTx0mOD2nUp6xyLMoL0NdiiBIL+CWWVeNSbwX7ZWDsJGMvT9hbDPZ/xRDPG5nVD rnLg==
X-Gm-Message-State: AOAM531/bSXHJgcoPxVLf31Ipjm8n3RP2koHmPOT9v3hN2yBWa/pN0Yp AU22Efryg95ut8JmyEWWj1KSOcP4REX/Sjzqmo5JPg==
X-Google-Smtp-Source: ABdhPJx/p7FXpCmShHZX/XV3hyf/mwlMPWhmUiqm4cr4/QkiY1A3xhHj1WOT3K3ZQS8viqEIfp5AmfN4W/50+AfCVTU=
X-Received: by 2002:a05:6000:c7:: with SMTP id q7mr9861620wrx.356.1617284537521; Thu, 01 Apr 2021 06:42:17 -0700 (PDT)
MIME-Version: 1.0
References: <8f60ffc8e0fd4376ba911c03f5c43039@TELMBXD14BA020.telecomitalia.local> <56398ea2e37a4a6ca53e85eb39add9a2@usma1ex-dag1mb5.msg.corp.akamai.com> <CAKcm_gNb-J59S3w806V4h2P_K5TkozRXNJCpNmMHbUcSOVjnUQ@mail.gmail.com> <CAKKJt-dXpDGF79_5HJ1aQanPyJBcPEizvKt4rJBJ2jsNthOaJw@mail.gmail.com> <8332062d02c04f40af1ed3baef49dafc@usma1ex-dag1mb5.msg.corp.akamai.com> <CAKKJt-f5OJdKGXrJPZffTLEd4UhhtfgJWCvXHRpNheVFKN9JjQ@mail.gmail.com> <5d60e177b8ee477fb6409a4a0d2af81a@huawei.com>
In-Reply-To: <5d60e177b8ee477fb6409a4a0d2af81a@huawei.com>
From: Ian Swett <ianswett@google.com>
Date: Thu, 01 Apr 2021 09:42:05 -0400
Message-ID: <CAKcm_gMBT441MHwaujNvq=G98YG8Z3FMGDdLTWjCzusY9DQRNw@mail.gmail.com>
To: Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
Cc: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, "Lubashev, Igor" <ilubashe@akamai.com>, "explicit-meas@ietf.org" <explicit-meas@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>, "alexandre.ferrieux@orange.com" <alexandre.ferrieux@orange.com>, HAMCHAOUI Isabelle IMT/OLN <isabelle.hamchaoui@orange.com>, Cociglio Mauro <mauro.cociglio@telecomitalia.it>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c896905bee96659"
Archived-At: <https://mailarchive.ietf.org/arch/msg/explicit-meas/Na7kmc0jhY1eEIFFxfao8mUD2R4>
X-Mailman-Approved-At: Thu, 01 Apr 2021 06:46:44 -0700
Subject: Re: [Explicit-meas] Comparing Alternate Marking and Explicit Flow Measurements (Spin bit, ...)
X-BeenThere: explicit-meas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This mailing list is intended for discussions relating to Explicit Flow Measurements Techniques." <explicit-meas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/explicit-meas>, <mailto:explicit-meas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/explicit-meas/>
List-Post: <mailto:explicit-meas@ietf.org>
List-Help: <mailto:explicit-meas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/explicit-meas>, <mailto:explicit-meas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 13:42:28 -0000

Thanks Igor, the security considerations are definitely helpful.  I'm not
sure other working groups in the IETF(thinking QUIC) will find that
sufficient, but I agree that I don't have any specific concerns as an
individual.

I also agree that scoping this to a specific signal(loss) makes the privacy
implications possible to reason about, vs PLUS which was much more
expansive.

Ian

On Wed, Mar 31, 2021 at 1:49 PM Giuseppe Fioccola <
giuseppe.fioccola@huawei.com> wrote:

> Hi Spencer, Igor, Ian, All,
>
> It is interesting to look at the similar discussion for PLUS back in 2016
> and the related concerns about endpoints sending information to network
> entities.
>
> On the one hand, this draft describes several “explicit” measurement
> methods which send information to an on-path observer. But, on the other
> hand, it is worth mentioning that each one of the methods has different
> privacy implications. Different kinds of information are exposed to the
> on-path observer depending on which method is chosen.
>
> For example the Spin bit exposes an end-to-end delay metric while the
> sQuare bit exposes only endpoint-to-observer loss metric. So, in principle,
> it is possible to choose the method or the combination of methods based on
> the level of security that must be guaranteed.
>
>
>
> Regards,
>
>
>
> Giuseppe
>
>
>
>
>
> *From:* Explicit-meas [mailto:explicit-meas-bounces@ietf.org] *On Behalf
> Of *Spencer Dawkins at IETF
> *Sent:* Tuesday, March 30, 2021 11:44 PM
> *To:* Lubashev, Igor <ilubashe@akamai.com>
> *Cc:* explicit-meas@ietf.org; tsvwg@ietf.org; IETF IPPM WG (ippm@ietf.org)
> <ippm@ietf.org>; alexandre.ferrieux@orange.com; HAMCHAOUI Isabelle
> IMT/OLN <isabelle.hamchaoui@orange.com>; Cociglio Mauro <mauro.cociglio=
> 40telecomitalia.it@dmarc.ietf.org>; Ian Swett <ianswett=
> 40google.com@dmarc.ietf.org>; quic@ietf.org
> *Subject:* Re: [Explicit-meas] Comparing Alternate Marking and Explicit
> Flow Measurements (Spin bit, ...)
>
>
>
> Hi, Igor,
>
>
>
> On Tue, Mar 30, 2021 at 11:11 AM Lubashev, Igor <ilubashe@akamai.com>
> wrote:
>
> Thank you, Ian and Spencer.
>
>
>
> Sorry for top posting (the thread could otherwise get a little long and I
> am using Outlook…).
>
>
>
> Ian, we did consider privacy implications of the markings. Because all
> markings and internal counters are completely reset when there is a CID
> change, we did not see the markings compromise linkability during
> migrations. Otherwise, since the markings are minimal, we see them only
> disclosing the information they are meant to disclose – upstream/downstream
> loss.  We do discuss privacy-related implications of disclosing
> upstream/downstream loss in
> https://datatracker.ietf.org/doc/html/draft-ferrieuxhamchaoui-quic-lossbits-03#section-8.
> However, the discussion in the ID is theoretical and is not a result of
> large global study whose results are confirmed by independent third
> parties. I would be happy to collaborate on this with an interested PhD
> student or another researcher.
>
>
>
> Spencer, I will review the PLUS minutes. In a setup when endpoints are
> sending information to unknown third parties, my immediate concern is less
> with the third parties being unknown and more with the extent of the
> information sent being unknown. After all, endpoints are already sending
> information to “unknown third parties” on path every time they communicate
> over the Internet. With the explicit measurements proposals, the set of
> “unknown third parties” is not changing. What endpoints must focus on is
> the information content of the signal. In any case, the abovementioned
> draft allows for endpoints to decide whether this signal is being sent AND
> ensures that a certain portion of all connections does not use this
> signaling (so connections explicitly opting out do not stand out).
>
>
>
> This was exactly the concern PLUS tripped over (IMO).
>
>
>
> The concern being expressed was that the PLUS format allocated a
> fixed-length field (IIRC) that did not define every bit in the fixed-length
> field, so in the mind of the SEC types, a (let's just say it out loud)
> mobile operator who also sends you your phone, so controls both ends, could
> start sending itself interesting bits of information without a user "opting
> in", OR knowing that they should be trying to "opt out".
>
>
>
> PLUS happened at IETF 96 (in 2016), and I'm guessing that we are doing
> more with automated updates in 2021 than we were doing in 2016 (also the
> year QUIC was chartered, although Google had been using gQUIC for several
> years previously, so "change the behavior after a browser upgrade" was on
> our horizon).
>
>
>
> One didn't have to be a mobile operator mailing you a cell phone to add
> interesting behaviors without you, the user, realizing that.
>
>
>
> Brian and Mirja would remember the details better (they were at the front
> of the room, while I was in the back, where ADs usually live).
>
>
>
> But that's what I was trying to describe. I hope it makes sense. And good
> luck. This was important work that we didn't know how to charter at the
> time (again, IMO).
>
>
>
> Best,
>
>
>
> Spencer
>
>
>
> Delivery of qlog to specific operators is possible, but it does not help
> much to locate the source of the loss/delay (upstream of the operator?
> downstream? in the operator’s own systems?) – the primary goal of this
> draft.
>
>
>
> Very best,
>
>
>
>    - Igor
>
>