IETF Logo Mail Archive

Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Stewart Bryant <stewart.bryant@gmail.com> Thu, 05 January 2023 09:08 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A869BC14CE25; Thu, 5 Jan 2023 01:08:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqOcRS2yCOx9; Thu, 5 Jan 2023 01:08:58 -0800 (PST)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BBBBC14CF14; Thu, 5 Jan 2023 01:08:58 -0800 (PST)
Received: by mail-wm1-x332.google.com with SMTP id m8-20020a05600c3b0800b003d96f801c48so828104wms.0; Thu, 05 Jan 2023 01:08:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qKP8wRKpx5KKVyTvqzxpvmC4QewreSjpUND3sG+owYU=; b=GB/1UVn6MbQBRMvNrqHfOYqM0tt8LBsXMpNw0bZ5pABNom2tdku6UDLeGj7lOoN6yB ye0zU1RE7U7a3sZ5Ur7NwOzZjTXKBFfEdBkiHoLslaIbvtEaX+tVPV5hOCNNP4sK4IbF nqdcgdpzEMpv4SvU5lmZ4KgSW9FKxvSus0dBjFS9cB75SeepaKMmawwygsXdlJJzmB9b dSQjnTmiBfnRLaqU8smthiWxnS6N47EI6Kr7MmIpB6dQwcPr2vLYJ4Yc+xsANNclqcCA m0SIATZWMvDW7WYPI4L3rhyvgI8vd1gIMm2Aw0sUrBk8f8IiwNdCxIe2EcIA0pKyoVuV vAVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qKP8wRKpx5KKVyTvqzxpvmC4QewreSjpUND3sG+owYU=; b=PW/2yZI7eOIEVpvwoE45TTrZB5hFhtsjs6/hPfoDg4fyWkU/VonL4ZuFPfebWHABxT c6ZChjdtPaRVWRax5ujvnbphLOhmnBYm/yv17aaMuCRf/od79NNJ/lJsayvDG6o6YCO+ /MNgF5w3yiBEHrpW//dog43sWkI7ng2FrSDbcYPj2fxGx860p08iavBh208KPkU1WbcO 3uOf5MNvvRORNCWGDJXhAWbZQC5L74tU7kcWYzmZ5qjI+Zl48wFM1TzeGB6xdTdvWbDX cNuCvpH7sA43a5pS+0la3STAgKI+DrpOrshuF7w4//VWH1OWVXefEAMjTGW8LdDQ9+Vu NYeg==
X-Gm-Message-State: AFqh2kpefOi6OOCOdWwyx/H7xYGFbs6WDUYwY91kLLUd3zuxLzI7VCpq YmECVwjWuAq9sVvcN6g06bV6ZeOEtZr+xg==
X-Google-Smtp-Source: AMrXdXuXW8eIVSrYN0wh1hIRrXmsezAvtQtzPj2PEaDD5hzuInO82QLxsgnljSgY/x55eYOULIVzXg==
X-Received: by 2002:a05:600c:500a:b0:3d3:5b56:b834 with SMTP id n10-20020a05600c500a00b003d35b56b834mr35683269wmr.5.1672909736170; Thu, 05 Jan 2023 01:08:56 -0800 (PST)
Received: from smtpclient.apple ([148.252.129.84]) by smtp.gmail.com with ESMTPSA id d13-20020a05600c34cd00b003d9c97d82f2sm1744345wmq.8.2023.01.05.01.08.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Jan 2023 01:08:55 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
From: Stewart Bryant <stewart.bryant@gmail.com>
In-Reply-To: <EFCEFAA6-3638-4CE0-91DD-3E38FE00DF29@gmail.com>
Date: Thu, 05 Jan 2023 09:08:43 +0000
Cc: Stewart Bryant <stewart.bryant@gmail.com>, George Michaelson <ggm@algebras.org>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, hrpc@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <1F71EB99-3657-4A20-8B28-2AFB743A9762@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com> <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com> <EFCEFAA6-3638-4CE0-91DD-3E38FE00DF29@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fK3b6PWN_XETluixTlEKqmgh-w4>
X-Mailman-Approved-At: Fri, 06 Jan 2023 08:28:01 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 09:08:58 -0000

I suppose that you have to question whether IP is the ideal base for multicast?

Our networks are no longer mono-protocol and multicast tends to be domain specific. 

Many of the original uses for multicast are now dominated by unicast packet duplication with edge computing making this less of a bandwidth hog, so it is not clear what the long term future of multicast is.

- Stewart


> On 4 Jan 2023, at 19:59, Dino Farinacci <farinacci@gmail.com> wrote:
> 
> You need a source address for multicast, unless you use shared-trees. And the multicast working groups at the IETF have pushed SSM forward quite a bit. So source-trees prevail.
> 
> Dino
> 
>> On Jan 4, 2023, at 5:54 AM, Stewart Bryant <stewart.bryant@gmail.com> wrote:
>> 
>> 
>> 
>>> On 4 Jan 2023, at 09:35, George Michaelson <ggm@algebras.org> wrote:
>>> 
>>> Put a nonce source ip in the packet header and the real source as 4-16 bytes of PFS protected payload. 
>> 
>> Indeed we know that there is no need for an SA other than to support the most primitive types of communication or the most primitive types of detection of errors or spoofed packets. Though a spoofed SA may fall foul of the latter and cause the packet to be dropped. MPLS works fine without SAs.
>> 
>>> 
>>> Use asymmetric routing. A single point of capture which isn't close to source or destination is occluded. 
>> 
>> Just to note that some protocols would like path symmetry for round trip delay equalisation. NTP is a good example. However this more a wish than a promise as ECMP is not symmetr
>> 
>> Indeed, picking up on the earlier note about encrypted source routing, back in the very early days of MPLS SR we speculated about obscuring the labels so as to introduce a primitive form of end to end path control with limited visibility and limited ability of nefarious nodes to send over premium paths.
>> 
>> Stewart
>> 
>> 
>>> 
>>> Can't fix a warrant tap, but can at least obfuscate for on-path.
>>> 
>>> G
>> 
>

v2.23.0 | Report a Bug | By Email