Re: Review of draft-mm-wg-effect-encrypt-09

Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Wed, 12 April 2017 18:28 UTC

Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BCEB12EB3F for <ietf@ietfa.amsl.com>; Wed, 12 Apr 2017 11:28:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHEN5bOxhLYN for <ietf@ietfa.amsl.com>; Wed, 12 Apr 2017 11:28:35 -0700 (PDT)
Received: from virgo02.ee.ethz.ch (virgo02.ee.ethz.ch [129.132.72.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2897812EB28 for <ietf@ietf.org>; Wed, 12 Apr 2017 11:28:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by virgo02.ee.ethz.ch (Postfix) with ESMTP id 3w3C9F4D1cz15LhY; Wed, 12 Apr 2017 20:28:33 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at virgo02.ee.ethz.ch
Received: from virgo02.ee.ethz.ch ([127.0.0.1]) by localhost (virgo02.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNPezt5t814f; Wed, 12 Apr 2017 20:28:32 +0200 (CEST)
X-MtScore: NO score=0
Received: from [192.168.178.33] (p5DEC24E1.dip0.t-ipconnect.de [93.236.36.225]) by virgo02.ee.ethz.ch (Postfix) with ESMTPSA; Wed, 12 Apr 2017 20:28:32 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: Review of draft-mm-wg-effect-encrypt-09
From: =?utf-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>
In-Reply-To: <CAHbuEH6KGgqa7F59PcWO+U3i1e-YtaMOtPZQfXo4uE2x5jf2+Q@mail.gmail.com>
Date: Wed, 12 Apr 2017 20:28:31 +0200
Cc: Martin Thomson <martin.thomson@gmail.com>, IETF <ietf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A74855AD-0C8B-4A4D-86C7-940F56873F9E@tik.ee.ethz.ch>
References: <CABkgnnU-rFL6sPTx=Y2rh6vzf9NSiLmMTQPMFNgrV+-Fq29+dA@mail.gmail.com> <CAHbuEH7CeZ-3D8bqDzhUTTGSkLJ2k69cw3vAM8xid1_=UvGiyQ@mail.gmail.com> <CABkgnnXv4RkwGKW42O_0=6FgQHgFjOGVxoHvxUdY=vhAJPWi7A@mail.gmail.com> <CABkgnnWrufep_hQTVqbZ6cn9kDZRkc_B4ExWOV_5d3bK_H_-zw@mail.gmail.com> <CAHbuEH6KGgqa7F59PcWO+U3i1e-YtaMOtPZQfXo4uE2x5jf2+Q@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/X0Y3SyeWQIjlBeqkB5_nz7_tDc0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 18:28:37 -0000

Hi Martin, hi Kathleen,

I would like to comment (for now) just on this one section, as my name was called out.

> Am 11.04.2017 um 05:54 schrieb Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>;:
> 
>>> Section 2.1
>>> 
>>> This is one of the few sections that talk about what it means to operate a
>>> service as opposed to operate a network.
>>> 
>>> Overall, this section doesn't work particularly well.  The distinction
>>> between
>>> integrated and standalone load balancing is an interesting division, but
>>> it
>>> doesn't leverage this distinction well.  What causes a standalone
>>> load-balancer
>>> to be necessary?  

My understanding is that the stand-alone load balancer was only brought up to better explain what an integrated load balancer is, assuming that the integrated (more complex) case is the common one. 

However, to answer your question, for a stand-alone laod balancer it is assumed that you only have a small number of servers at one single location and you only need one box that does the load-balancing on these different servers. So all this box needs to know is the IP address of these servers.

>>> Is this something a network operator uses?  I see text
>>> on NFV
>>> later, but it's far removed from the original text and it seems
>>> aspirational
>>> rather than concrete.  On the other hand, many of the concerns in this
>>> document
>>> simply don't apply to an integrated load balancer.

To my understanding all the concerns apply to integrated load balancers. Integrated only means that the load balancer shares some information with the server and based on this knowledge the load balancer can identify based on some information in the packets which server this packet should be forwarded to.

>>> 
>>> The amount of text on QUIC here is surprising.  Given how much of QUIC is
>>> changing right now, we shouldn't publish a document that attempts to make
>>> claims
>>> about what QUIC is or how it is operated.  This attempts to dive into the
>>> details of QUIC connection migration in a way that presumes much about the
>>> outcome of issues that the QUIC working group is still struggling with.
>>> 
>>> I would strongly recommend removing QUIC-specific language from this
>>> section and
>>> the document as a whole.  We have an operational document in the QUIC
>>> working
>>> group that would be a good venue to discuss some of these concerns.
> 
> While we read this as  more of a substantive remark, the text on
> load balancers and QUIC were added per Mirja's IESG review.  We would
> need to check with her about making any changes here.  They were
> specific additions that were requested.
> 
> Further, it is only IETF QUIC that is in active development.
> Google QUIC (referred to as GQUIC in IETF discussions) is a more
> stable experiment now.


I fully agree to remove the quic specific language. It’s definitely too early to say something in this document (and GQUIC is probably not documented well enough to rely on this). This text wasn’t provided by me but I recommended a contributor for this text who is also active in the quic wg and missed this when he send the text.

I recommend to simply remove the following sentences:

"QUIC is an example of such
   protocol in development by IETF QUIC WG right now.“

"New connection-migration-tolerant protocols, such as QUIC, are
   deliberately designed to allow such extra information available in
   plain text (QUIC's server-generated flow IDs).“


> 
>>> 
>>> Is this an oblique reference to (the much-loved) RFC 7974?

No, not at all. There are other ways middleboxes can add information. But in this case actually the server would add information because the load balancers and the server share some knowledge.

>>> 
>>>   Current protocols, such as TCP, allow the development of stateless
>>> integrated
>>>   load balancers by availing such load balancers of additional plain text
>>>   information in client-to-server packets.
>>> 
>>> Otherwise, I don't know what it means.

A server could select a certain sequence number (range), or TCP timestamp, I guess...

>>> 
>>> BTW, I like this parenthetical:
>>> 
>>>   (That said, care must be exercised to make sure that the information
>>> encoded
>>>   by the endpoints is not sufficient to identify unique flows and
>>> facilitate
>>>   Persistent Surveillance attack vector.)
>>> 
>>> I'm going to take this to the QUIC working group, because QUIC certainly
>>> doesn't
>>> meet that bar right now.  It fully facilitates Persistent Surveillance in
>>> its
>>> current form (proper noun?  I haven't really seen that term before, even
>>> though
>>> it draws a neat parallel with Pervasive Surveillance).
>>> 
> 
> OK, let us know what you hear back.  These changes were in response to
> the sponsoring AD's request of that work.

I think this sentence should be removed in this document and a reference to RFC 7258 should be added, instead of coming up with new terminology here that sets the bar higher that what was agreed in RFC 7258.

> 
>>> Editorial:
>>> * "pop" is a term of art that needs explanation.
>>> * "QUIC?s", "network?s" - avoid smart quotes, and - more generally - the
>>>  possessive form for the inanimate.
>>> * "QUIC's server-generated flow IDs" -> "QUIC's connection IDs".
> 
> Thanks for the nit corrections.

Thanks!

I will further comment later!

Mirja