Re: [icnrg] Maximizing the utility of Manifests

Marc Mosko <mmosko@parc.com> Sun, 09 August 2020 22:41 UTC

Return-Path: <mmosko@parc.com>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93CC33A0847 for <icnrg@ietfa.amsl.com>; Sun, 9 Aug 2020 15:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=parc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2OJ0l4OfTv5 for <icnrg@ietfa.amsl.com>; Sun, 9 Aug 2020 15:41:10 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2076.outbound.protection.outlook.com [40.107.243.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB16D3A0846 for <icnrg@irtf.org>; Sun, 9 Aug 2020 15:41:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QXnDUEqWHYVhJsEEKoRBMe3z7mynckeE4cDv/tR+dvDnP59CREQjZ3FIMOEpa9g3SzuPNKMaOlPICHqamLEKHKTDUqIMrb/mCO5FIIH/3yqF7k0torAoLXVCB1tTRTliU3RX4ikVBdEA71BN8Z5CoohOtz5Ah/XHDwdSxSD7+0SS+gLMaogy5h6M+YRnUd9QXcG0fO1Mrt4nO+H+AhUyWW0W67UlDQSqMGNXOVSgLPvzFv/ZaUvPoMhpGcB6dGVple4WtG2OJe4qCWigKrojwXgrgjKUz/HEvR0MIqiWcL2xnCLnzebsNn0qBRCCp28XKtJ1S+YjfHYHdR0BdAt+PA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rJeCGRp48YJdThzUoXHcf9f/osxWpKoMX8rSVJPEOYw=; b=WnGfyqhPELZstjsouJMkjgx7eVv5YXF5bv4m5fh329v4+x52Sp/8Z3kX4aTbkJiOCnEapB+eXuXeXZvgyAJoOev5psqUlIxWO/IzmSZ/bxU36aFSIleoj6utjNvgmg39eHGrqjb/yucUjPb+KL6ST/g+65Iwi362J5kQVJLPpQ0W+VNxMjHWAL3YDYuioOKgYWqjW2mNbMUcVR+WEUgN9EA5EQF/sn4JWIdgrwbrJkkpCkrNjyk9qqMj3P/HOv0ncQysftonS4xCkk/5LSWECoh2ljgFwKFeGl05GuiAopddlz9tcjOVMAv5r6E8vwJmQXCTInUVic2Rak/QffPGhA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=parc.com; dmarc=pass action=none header.from=parc.com; dkim=pass header.d=parc.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parc.onmicrosoft.com; s=selector2-parc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rJeCGRp48YJdThzUoXHcf9f/osxWpKoMX8rSVJPEOYw=; b=HUL3GWEcMiVBCyXGLgCaBQ78msj+7NcBnJEx/fWgm0mI9NOPhR7Y6zaYF1+T1bGsOauIPBTOIdEC3CJUF9U/X/tF+DFjkR5WJdqAb3BwAn0WJSfJX10YswFrxJfDcbEwbxB48yGdhX2RMAL/JqpxWMTL5jOEBqhiZ2yr/DXtGzo=
Received: from BYAPR15MB3238.namprd15.prod.outlook.com (2603:10b6:a03:106::29) by BYAPR15MB2534.namprd15.prod.outlook.com (2603:10b6:a03:152::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Sun, 9 Aug 2020 22:41:06 +0000
Received: from BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::1045:4aad:16d6:c0e6]) by BYAPR15MB3238.namprd15.prod.outlook.com ([fe80::1045:4aad:16d6:c0e6%7]) with mapi id 15.20.3261.023; Sun, 9 Aug 2020 22:41:06 +0000
From: Marc Mosko <mmosko@parc.com>
To: "David R. Oran" <daveoran@orandom.net>, Christian Tschudin <christian.tschudin@unibas.ch>, Christopher Wood <caw@heapingbits.net>
CC: ICNRG <icnrg@irtf.org>
Thread-Topic: Maximizing the utility of Manifests
Thread-Index: AQHWbMcvxLZiY74qzUKgQFh/lXldo6kv7WwA
Date: Sun, 9 Aug 2020 22:41:05 +0000
Message-ID: <0D43093B-844D-483E-A020-1DFE0F5D9ED8@parc.com>
References: <E728B5F3-9CC0-4B29-884A-A81B408BC1AD@orandom.net>
In-Reply-To: <E728B5F3-9CC0-4B29-884A-A81B408BC1AD@orandom.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: orandom.net; dkim=none (message not signed) header.d=none;orandom.net; dmarc=none action=none header.from=parc.com;
x-originating-ip: [50.0.67.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9780115c-e38c-48ce-b9d7-08d83cb54d8e
x-ms-traffictypediagnostic: BYAPR15MB2534:
x-microsoft-antispam-prvs: <BYAPR15MB2534162703D35372BFA8C118AD470@BYAPR15MB2534.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7lskA2Ichk6W7YT0rYGdCwtOIpm6jb3NbvSDZaFRNN2ON3/XfVBxG2rptshUWPG2O/zKcs3zPkUTew7E+XsqBP3A+rWeIVhIYL5i+/xiXU9SZsZEJ5tEEnTyHsZ/m/sJZ+QCyJwTLqSVjQfNS8xi2Ng/8BgQdLMXHLq1Aqaus7OZeUj9b7sOM+UOUESgjHj81KUdbnkaZUCMIW7qHIArB4LlC2s9EQspGixpDpMBuox2lUCR3OzGlfSMQlQdZ1N00TJeebc3yOGUf76L2rYnqG4qt0Whjrj12eh3vbOf5ZBGYfNqeiBYXjzQQ0YYEknxiXPb5WqogSFle++vdqhC3g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR15MB3238.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39840400004)(376002)(346002)(136003)(366004)(53546011)(6506007)(83380400001)(2906002)(186003)(6486002)(110136005)(71200400001)(8936002)(478600001)(4326008)(66946007)(33656002)(66446008)(2616005)(8676002)(66556008)(66476007)(64756008)(66574015)(6512007)(26005)(36756003)(316002)(86362001)(76116006)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Dp4G2LoTWkHpfgnkR4V+DxYRWdR1kxsynYiObS4TzkPCDPzyLxzCTXbHShz88XmloKqH5jS5I/zFs4eji7Jefa4Ur89KmGbyirDX800Diy1isDMIZJquTZNbJLQP/CfAHp5pM322gBvnyBTAUqRg0Nupy6b8C0QRb1G8qTY4Jxiaso/cIBpgy6oW9Z9stKKkM85fRwja2aYs5fR4LXPo4CRcna2DE21+ka9ksQ3ZqJ7g2hpGcPim3/bCMsv03qQ5df/yKcyfxMHAS6aZbP3MCzy+nXApeSkNGx2xhg0BHpbl5Y1jo87gX2Wn6sHQ/KvXXXV1qqkYu97wEvF7vxp2+PJgtj4wqXAWqBh+0ZxjFYSHEr/kuXja4KPjNA2uDdWUw9Nh0EFocKhvmASz8ZHz/xvHaPpFJTzqW1PENoizscRCpmVeeAYQnMnaqj206aGfnnQcgo7ZiS0FnPp6FQYlLKzNmAncsF1xk4FX3IEF0i0uDGHwtjHTwakGuFQNtNcFAqnMlCCiVHaYJJk4vKRpn/2T5vSrTH97Em29tEc7ljXuG+08WrZP9Pef3eN0q5U2NfXXedes5QF/4IWfYObnxuF9Op8uBD8v5o2mV1PXlq/jSnEKs9HzUlgXTTDTGS0tLUpnp4uELVq/V0ovxScpJQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_0D43093B844D483EA0201DFE0F5D9ED8parccom_"
MIME-Version: 1.0
X-OriginatorOrg: parc.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR15MB3238.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9780115c-e38c-48ce-b9d7-08d83cb54d8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2020 22:41:05.9002 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 733d6903-c9f1-4a0f-b05b-d75eddb52d0d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: he7qnTmPZFKQxoTch1YAkhmJstBNTzegVOWaN6YTFOG4Mfb09drXyl2vljn15Ei/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2534
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/ni2oj3OEBFx56IKbP3UhpukAKyU>
Subject: Re: [icnrg] Maximizing the utility of Manifests
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2020 22:41:13 -0000

From: "David R. Oran" <daveoran@orandom.net>
Date: Friday, August 7, 2020 at 7:29 AM
To: Marc Mosko <mmosko@parc.com>om>, Christian Tschudin <christian.tschudin@unibas.ch>ch>, Christopher Wood <caw@heapingbits.net>
Cc: ICNRG <icnrg@irtf.org>
Subject: Maximizing the utility of Manifests

I’m starting a new thread on this, since it’s coming at some of the architectural choices from a broader point of view than what the producers/consumers of application data may need in a Manifest. The implications, if you buy into my general proposition, touch on a number of aspects of Manifest design, including extensibility tradeoffs, what goes into the base required functionality, and how we view both security and privacy issues.

Here’s the basic premise. I believe we want Manifests to be useful to any element that stores, fetches, or caches the content described by a manifest. This includes both:

·         Repositories (in NDN terms “Repos”) that provide non-volatile storage of content produced elsewhere and act both as:
o    archival storage that can survive the temporary or possibly permanent unavailability of the original producer of data
o    A form of distributed cache in which content can be replicated and advertised into routing the same way the origin producer would.

·         Forwarder Caches (Content Stores) that can provide various optimizations beyond simple on-demand opportunistic caching to improve latency and/or robustness to downstream consumers. This would include watching for requested Manifests and in addition to caching them, using information in the Manifest to pre-fetch content likely to be requested by one or more downstream consumers.

I think I would say it like “A manifest data structure should enable a reader to correctly fetch the original data in the proper order with no external knowledge, assuming it as the proper security context for the manifest.  The security context of the manifest may be different than the security context of the data.”   A reader might not be able to reassemble the data, if it does not have that security context.  But if it can read the manifest, it can read, in-order, the data Data objects.

Both of these require that Manifests have, I believe at a minimum, the following characteristics:

1.    Manifests have Name Constructors so that these non-application elements are able to form Interests to fetch the content described in the Manifest without knowing application-specific namespace conventions.

2.    We have some generally understood annotations (or whatever we decide to call this restricted form of metadata) to give hints about:
o    optimal/desirable fetch order
o    relative importance for availability when producer is either not reachable or down
o    interdependence of pieces if partial and not total to help drive cache replacement policies
I do not believe that annotations should be able to change the correct traversal order to read the data in-order (which is currently the pre-order DFS traversal order).  As long as a reader can ignore annotations and still correctly re-assemble the original file, the annotations can say anything they want.

3.    Clear and simple binding to the “right” security context so that there is not a complex explosion of signing and encryption keys. My recommendation would to allow only two security contexts for Manifests
o    signed/encrypted by keys used for application data. Such data would not be available to the intermediaries descried above.
o    signed/encrypted under by the keys used for the Manifest itself. Such data would be available to any/all elements that are given the keys associated with the names in the Manifest’s namespace.
I view this as the manifest has a single security context, for the manifest.  The data can do whatever the data wants to do.  It would most likely be a separate security context.   A reader with the manifest security context knows the correct pointers for the data and can fetch the data, but the security context for reading the data is unrelated to the manifest.
Exception to the rule: maybe there is an annotation that tells the reader what the data context will be so it can start working on that before it receives any data.  But that is purely an optimization, it does not affect manifest processing at all.
Maybe we need to expand this a little:

  1.  The outer Manifest security context, usually on only a top-level manifest, is a public key signature.  This binds the manifest to a publisher and is used for trust purposes.  It also binds the ensuing hash tree to the signature, so subsequent manifest objects do not need a public key signature.  This signature may be the same as the data.  This security context is specified by the normal CCNx/NDN mechanisms for signing data.  There can be variations on this if one allows in-lining, as I mentioned in a prior email.
  2.  The manifest-specific security context.  This is the encryption context, though as we use AEAD mechanisms, it also provides some authentication too.  This could be as simple as a pre-shared AES key, or a group encryption mechanism, or a broadcast encryption mechanism, etc.
  3.  The Data security context.  Normally, under a Manifest system, the data Data objects do not need to be signed.
  4.  The data encryption context.  Encryption is done in whatever mechanism the publisher wants.  Personally, I think we should specify a standard way of doing this, or come up with a conversion of CMS, or adopt a standard record format.  Something.

4.    any other goop in a Manifest (e.g. general application metadata) is treated as if were any other transparently cached application data, although I argue elsewhere against trying to support general application metadata in Manifests.

I think having annotations that could point to side-car data (generally their own FLIC) is the way to go.  If an application wants to have, say, bibliographic data for something, have an annotation that says to look there.  I think these would generally only be used in the top-level manifest.   Or the application could always bake it in to the application data.

So, as a top level question, do people think these are important and/or reasonable requirements to accommodate in our Manifest architecture?

I’ll note that it is of course possible to design a completely separate data structure and named elements for use by Repositories and forwarders, but that seems to me to be way more complex than just viewing manifests in this broader context.

DaveO