[icnrg] FW: [irsg] IRSG Poll: draft-irtf-icnrg-challenges-03
Dirk Kutscher <Dirk.Kutscher@neclab.eu> Mon, 04 January 2016 19:13 UTC
Return-Path: <Dirk.Kutscher@neclab.eu>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 052381A8746 for <icnrg@ietfa.amsl.com>; Mon, 4 Jan 2016 11:13:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.612
X-Spam-Level:
X-Spam-Status: No, score=-2.612 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXnqnMrgS1cb for <icnrg@ietfa.amsl.com>; Mon, 4 Jan 2016 11:13:16 -0800 (PST)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 784C41A871E for <icnrg@irtf.org>; Mon, 4 Jan 2016 11:13:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu (Postfix) with ESMTP id 46E5710BA9B for <icnrg@irtf.org>; Mon, 4 Jan 2016 20:13:15 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (netlab.nec.de)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5f7n4swE5dtf for <icnrg@irtf.org>; Mon, 4 Jan 2016 20:13:15 +0100 (CET)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from ENCELADUS.office.hd (enceladus.office.hd [192.168.24.52]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailer1.neclab.eu (Postfix) with ESMTPS id 180F610BA9A for <icnrg@irtf.org>; Mon, 4 Jan 2016 20:13:13 +0100 (CET)
Received: from PALLENE.office.hd ([169.254.1.84]) by ENCELADUS.office.hd ([192.168.24.52]) with mapi id 14.03.0210.002; Mon, 4 Jan 2016 20:13:12 +0100
From: Dirk Kutscher <Dirk.Kutscher@neclab.eu>
To: "icnrg@irtf.org" <icnrg@irtf.org>
Thread-Topic: [irsg] IRSG Poll: draft-irtf-icnrg-challenges-03
Thread-Index: AdE45IfVN3rFUydLS9uKzcpIMuA5mwFmbUgAAilNCGA=
Date: Mon, 04 Jan 2016 19:13:12 +0000
Message-ID: <82AB329A76E2484D934BBCA77E9F5249A9ED2408@PALLENE.office.hd>
References: <82AB329A76E2484D934BBCA77E9F5249A6836572@Hydra.office.hd> <567C5058.4000608@cs.tcd.ie>
In-Reply-To: <567C5058.4000608@cs.tcd.ie>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.7.0.197]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/icnrg/hs1_-MWa053iEi-0mZp7UMiwFUs>
Subject: [icnrg] FW: [irsg] IRSG Poll: draft-irtf-icnrg-challenges-03
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 19:13:19 -0000
Dear all, during the IRSG poll for the challenges draft we received this extensive review from Stephen, which I found quite useful, so I'd like to share it and also give people a chance to discuss it. The result of this discussion would be reflected by the authors in a potential update of the document. Cheers, Dirk > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Donnerstag, 24. Dezember 2015 21:07 > To: Dirk Kutscher; Internet Research Steering Group (irsg@irtf.org) > Subject: Re: [irsg] IRSG Poll: draft-irtf-icnrg-challenges-03 > > > Hi all, > > I have no objection to this being published however I do think there are a couple > of significant weaknesses that really ought be addressed beforehand if the > authors/RG are willing to do that. > > To repeat: I'm not objecting to publication. These are comments I probably > would have made earlier had I had the time, but I didn't, sorry. > > Cheers, > S. > > PS: I didn't cc the rg list in case folk here want to chat 1st, but this or a later > version after such a chat probably should be sent to the list. I've no problem if > someone just replies to this and cc's the list. (I'm subscribed there.) > > PPS: Should dirk be the RG-chair running this poll? Better if a non-author does > the paperwork in cases like that isn't it? > > 1. stuff that'd really be better addressed... > --------------------------------------------- > > - The string "authoriz" does not occur in the draft. The word "authorised" does > occur once in 4.2.3, not as a challenge though, but rather as a putative way to > overcome an ICN challenge, by, as far as I can tell falling back to host based > networking. As far as I know, there is no way to do authorization in an ICN > without that fall-back to host based networking and I think omitting that from > this document is a major defect. Or, to put this in terms of issuing a challenge: > how can I deploy a purely ICN payroll system? > If a technology cannot be used to develop and deploy a payroll system, is that > not a challenge worth mentioning? I think it is. > (4.2.5 even says "without access control" implying that access control is > impossible in an ICN?) > > - Whether or not multiple applications can be run using the same ICN caches is > an interesting question with both business and technical aspects. Why is that not > covered? > > - 3.2: "ICN can support ... encryption" - I claim that this is not true in any useful > sense. Can you really justify it? If not, please don't make the claim. > > - 4.2.1: Where is "data object authentication" defined? I had a quick look but > didn't find a good definition, though I did find a > (very) few uses of the term. Is this perhaps some ill-defined mixture between > data origin authentication and data integrity? If so, then I think that may be part > of the reason why pepole appear to gloss over the requirement that a PKI is > needed to do any better than name-data integrity. (See below for more detail on > that.) Anyway, please define this if you keep the term, or, maybe better (only > because it'd probably be quicker), see if you can use terms already defined in > RFC4949. > > 2. nits, near-nits and generally not critical stuff... > ------------------------------------------------------ > > - abstract: this does mention some benefits of ICN but no specific challenges at > all, is that a fair reflection of the content? > > - intro: why does ICN need to be a "core" network-layer primitive? > I think it need not be, and can be useful an an optional network-layer primitive, > used for (I think) mostly applications where that makes sense. > > - intro: the challenging scenarios point requires that path symmetry not be > required. I believe CCN and derivatives still do require that, whereas netinf and > others do not. Maybe psirp has a need for symmetry along some parts of the > path. I think there is a challenge there to figure out the consequences of > requiring > (partial) path symmetry and whether or not ICN protocols should or should not > be designed assuming path symmetry. (It is possible that someone has done that > already though, I've not kept as up to date on ICN as I'd like.) 4.3.1 does ack this > issue to an extent but without linking to the challenged n/w scenario where it > can be a bigger deal. > > - intro: "ICN is expected to..." that kind of statement is sales-talk and out of > place in a document like this I think. > Perhaps s/expected to/promoted by some as a technolog that will/ would be ok. > (If the "by some" is felt to be too weasel-wordy in my suggestion, you could fix > that via a reference to some paper(s) that do make that claim.) > > - section 2, 4th bullet: I don't think it is correct to say that "n/w unaware of > media type => unable to manage access" which is how I read this. (See the > Marnew w/s which was largely about that > topic.) If you mean something else, then perhaps rephrasing this would be good. > > - 3.1: You don't distinguish between NDO and some smaller unit here (e.g. a > "chunk" or similar) that may be meaningful to a convergence layer or transport > used between ICN caches/routers. I guess the reason is that you think there's > no need for that distinction here, but if that's the case, maybe saying so would > be good, to avoid readers getting the wrong impression? (Note: I'm not sure if > such a change is needed or would be good, but I did think there was a missing > definition on first reading.) 3.2 does mention "segments of NDOs" though, and > "chunk" does occur later so maybe this might be worth another look (not sure). > > - 3.1: I'm also surprised you don't need a concept related to whatever/whoever > creates/publishes an NDO. > > - 4.1: "self-certifying" is STILL a crap term and always will be. > It is entirely misleading as to what one gets from name-data integrity. I think > you should remove all mention of that unless you leave in a statement that it is a > challenge for ICN to ovecome the misleading impression that has accrued from > use of that bogus term. > > - 4.1: Some forms of ICN name-data integrity (e.g. the CCN one) do, I maintain, > require a PKI, it is just a different PKI from the WebPKI, in about the same way > that DNSSEC is a different PKI from the WebPKI. > > - 4.1: What is an "aquainted hashed key"? The description here just does not > raise to the level where the "user" (huh, a user checks a digital signature?) can > "immediately verify that the data actually`are from the publisher." Such sloppy > language does not help describe challenges, but rather hides a challenge which > is how to deploy the PKI that is needed by signature based ICN naming schemes. > (You do to an extent recognise this challenge later, but that just makes ignoring > it here odder.) > > - 4.2: Why is it acceptable to say "instead of discussing... > technical details, we ... <do something else> " in an IRTF document? > > - 4.2.1: RFC5280 does not require a hierarchical PKI, saying that it does is a clear > error that needs fixing. I've already commented on the term "self-certifying, so > both "approaches" presented here as the 2 options are problematic, and there > are of course more options as well. > > - 4.3: (just wondering) with the DNS we have only recently recognised the > benefits of and documented QNAME minimisation. Are there any similar issues > with routing in ICN and how that impacts on privacy? (I'm not sure how one > might render that as a challenge. > > - 4.6: s/smooth RTT value/smoothed RTT value/ maybe? if not, then maybe > "smooth RTT value" needs a reference > > - 4.8: FCAPS could do with a reference maybe. > > - 4.8: DTN (and other acronyms, but I know that one well:-) should be expanded > on 1st use. > > - 4.8: It seems a bit odd for this to be the section where you mention DTN, > would the ICN/DTN relationship be better considered elsewhere? (I think a > sentence or two and a ref or two would be enough to cover that here.) > > - 4.8: "can also leverage upon" is an odd phrase - I don't know what it means > myself tbh. > > - 4.9.3: So-called IoT generally has an issue that the occurrence of traffic can > expose the content of that traffic. E.g. packets go to light switch when person > enters room => seeing (ciphertext or > plaintext) packets means a person has entered the room. Does ICN have the > same kind of issue? I'm not sure myself but would be interested in knowing, not > sure if it warrants a mention here. > >
- [icnrg] FW: [irsg] IRSG Poll: draft-irtf-icnrg-ch… Dirk Kutscher
- Re: [icnrg] FW: [irsg] IRSG Poll: draft-irtf-icnr… Dirk Kutscher
- Re: [icnrg] [irsg] IRSG Poll: draft-irtf-icnrg-ch… Dirk Kutscher