Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-icnrg-terminology-05
Colin Perkins <csp@csperkins.org> Mon, 30 September 2019 19:26 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: icnrg@ietfa.amsl.com
Delivered-To: icnrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C5B41201DE; Mon, 30 Sep 2019 12:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjn48mvS24gr; Mon, 30 Sep 2019 12:26:56 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 973D912007A; Mon, 30 Sep 2019 12:26:51 -0700 (PDT)
Received: from [62.254.92.13] (port=62658 helo=[172.16.0.81]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1iF1Jm-000371-4s; Mon, 30 Sep 2019 20:26:50 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <d9e570c4-596e-93b1-9431-7a02b912aa8a@cs.tcd.ie>
Date: Mon, 30 Sep 2019 20:26:43 +0100
Cc: Internet Research Steering Group <irsg@irtf.org>, "icnrg@irtf.org" <icnrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3DDAAD03-E47C-474B-8248-F17C2A4FF96C@csperkins.org>
References: <6D29C617-B033-47CE-B421-BABE76DC205B@csperkins.org> <d9e570c4-596e-93b1-9431-7a02b912aa8a@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/icnrg/wsQ11pGXyCPpqfs5EY98G9rYRxA>
Subject: Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-icnrg-terminology-05
X-BeenThere: icnrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Information-Centric Networking research group discussion list <icnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/icnrg>, <mailto:icnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/icnrg/>
List-Post: <mailto:icnrg@irtf.org>
List-Help: <mailto:icnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/icnrg>, <mailto:icnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 19:26:59 -0000
Thanks, Stephen. It seems that we need some discussion, and potentially a revision to the draft, before this is ready to progress. I’d appreciate it if the authors and RG chairs could take a look at the comments below. Thanks! Colin > On 24 Sep 2019, at 01:59, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > Hiya, > > On 23/09/2019 23:12, Colin Perkins wrote: >> IRSG members, >> >> This is to initiate a final IRSG poll on >> draft-irtf-icnrg-terminology-05 with a deadline of 14 October 2019. > > Given that I'm coming to the game very late, I am fine > with a ready to publish vote on this. > > However, had I not been so late, I'd have said this was > not ready as I'm not sure that any of the cryptographic > mechanism terms are properly handled. > > In particular I wonder if data packet signatures are > really checked or not (with existing s/w) and have to > consider the descriptions of confidentiality as being > mythical. I'd say fixing those parts could well be > considered an inherent part of due diligence. > > Detailed comments/suggestions below. > > Cheers, > S. > > - abstract: is ICN still "novel"? > > - intro: Is there really an intention to publish an equivalent for > e.g. NetInf? Be nice if there were, but it seems less likely now > than perhaps when this effort started. > > - section 2: I refute the potential existence of an "irrefutable > binding":-) Probably better to not use such odd language in a > terminology draft? (In case someone wants to discuss, consider a > DNSpionage type attack against a CA issuing certificates for use in > an ICN - doesn't matter if that'd be a hard or unlikely attack, > it's enough that irrefutable is wrong.) Suggest s/irrefutable > binding/strong cryptographic binding/ > > - s2: "Data authenticity and encryption" - hmm. Last time I asked a > student implementing ICN, he couldn't find any code that actually > enforced signature verification. Is that still the case? If so, > then it seems wrong to perpetuate a myth like this. If not - great! > And where can I find sample logs for mismatching interest and data > packet caught via signature failure? Secondly, the idea that it's > fine and dandy that confidentiality doesn't exist within ICN seems > nicely 20th century. All in all that paragraph seems misleading. I > think the best fix would be to make the description contingent, > e.g. to say something like "s/w could (but mostly doesn't) drop > data packets that don't match interests because of signature check > failure." And maybe say "there is no ICN confidentiality service > (sadly)" if we want to be clear. > > - s2: "Trust" - meh. I don't trust text with such definitions. > Also, a description of the concept of "Trust" that ends with > "trust model" seems circular. I'd just delete that para - it only > obfuscates and doesn't help. > > - s2: "packet mule" - there is a "data mule" concept from DTN that > may be what's meant here. I think using that term and referring > to something that defines it would be better than inventing the new > term "packet mule." Later I find you even define the term "data > mule" in 3.2 so just using that will be better. > > - 3.1: "Data packet immutability" - I don't believe it myself:-) If > you hand me a packet, I can change and forward it. I think what > you mean is that change can be detected (in principle). I don't > get the last sentence. > > - 3.3: I was puzzled by the ordering of terms here. Why be coy > about that? IOW, be good to explain to the reader why terms are > in this order. (My guess: to avoid forward refs.) > > - 3.3: If there exists a useful definition of stateful forwarding, > then why is there not one for stateless forwarding? If there is > not then why is there not just forwarding? In which case, why do we > need an entry in 3.3? > > - 3.3: "data packet" ... the "and is directly secured" phrase - is > that true? (See earlier.) > > - 3.5: "name" ... the assertion of being "semantically meaningful" > seems unnecessary to me and also impossible to verify. Maybe just > delete the phrase as it's qualified with a "usually" anyway? > > - 3.5: SHA256 probably calls for a reference. > > - 3.5: "nonce" - this has a cryptographic definition that is > perhaps not the same (see RFC4949). Saying that explicitly would > be good. > > - 3.7: "data integrity" also protects against deliberate > modification, as well as corruption. > > - 3.7: "authenticity" - using HMAC? Really? That seems like a > totally broken idea for an ICN. Surely any symmetric scheme > like that couldn't work with caching without allow forgery? > > - 3.7: all the "... confidentiality" paragraphs - this seems like > it'd be better omitted given the utter lack of ways in which such > a service can be provided as part of an ICN. > > <0x5AB2FAF17B172BEA.asc>_______________________________________________ > icnrg mailing list > icnrg@irtf.org > https://www.irtf.org/mailman/listinfo/icnrg -- Colin Perkins https://csperkins.org/
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… Stephen Farrell
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… Colin Perkins
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… David R. Oran
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… Stephen Farrell
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… David R. Oran
- Re: [icnrg] [irsg] Final IRSG poll on draft-irtf-… Stephen Farrell