IETF Logo Mail Archive

Re: draft-dolson-plus-middlebox-benefits (was RE: Review of draft-mm-wg-effect-encrypt-09)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 12 April 2017 08:35 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20D3712EAE1 for <ietf@ietfa.amsl.com>; Wed, 12 Apr 2017 01:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmSo3l4k1SxL for <ietf@ietfa.amsl.com>; Wed, 12 Apr 2017 01:35:34 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABCE512EAB7 for <ietf@ietf.org>; Wed, 12 Apr 2017 01:35:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2BBC4BE5D; Wed, 12 Apr 2017 09:35:30 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qx3NwRvtzroT; Wed, 12 Apr 2017 09:35:28 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CBCA7BE53; Wed, 12 Apr 2017 09:35:27 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1491986128; bh=dVyix83R7nDf7cZ7Lr+JRuQB0mFt7peotomSftwJeZg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=xj3937jmiNIA/xJZa8UpqEFdYPspIqVYw6JNUzMCPxsdrbOJJtWmzSegoPxZQ8hdp hWrWcfD1oymBPNIKnEwjiDPGBsYvgz50xBwDxnAuY1k2ozfMc3z7XaZ/LPl+dqqObj MOzTId+bdmdY/VS0QpOVLgFvbPRal8NWHmqCRi1E=
Subject: Re: draft-dolson-plus-middlebox-benefits (was RE: Review of draft-mm-wg-effect-encrypt-09)
To: mohamed.boucadair@orange.com, Dave Dolson <ddolson@sandvine.com>, Martin Thomson <martin.thomson@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>
References: <787AE7BB302AE849A7480A190F8B933009E4B818@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <11843452-d76d-50e3-c162-155f4d1621e2@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B933009E4B953@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20170411120303.5128273.2297.7062@sandvine.com> <79c4d3c8-f6e6-760f-bea4-969e8d8b40a9@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B933009E4C1CE@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Cc: "draft-dolson-plus-middlebox-benefits@tools.ietf.org" <draft-dolson-plus-middlebox-benefits@tools.ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <6edcf3dd-373b-ee11-ccc3-c4f10f90d0f9@cs.tcd.ie>
Date: Wed, 12 Apr 2017 09:35:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009E4C1CE@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="F9AkoN4aUrlDs1BjhR3KAxckUOO62gntf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/tAgwER9OO9pVeIIT7aOM-RyKWLo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2017 08:35:37 -0000

Hiya,

On 12/04/17 09:13, mohamed.boucadair@orange.com wrote:
> Hi Stephen,
> 
> Please see inline.
> 
> Cheers, Med
> 
>> -----Message d'origine----- De : Stephen Farrell
>> [mailto:stephen.farrell@cs.tcd.ie] Envoyé : mardi 11 avril 2017
>> 20:34 À : Dave Dolson; BOUCADAIR Mohamed IMT/OLN; Martin Thomson;
>> ietf@ietf.org Cc :
>> draft-dolson-plus-middlebox-benefits@tools.ietf.org Objet : Re:
>> draft-dolson-plus-middlebox-benefits (was RE: Review of draft- 
>> mm-wg-effect-encrypt-09)
>> 
>> 
>> 
>> On 11/04/17 13:03, Dave Dolson wrote:
>>> Regarding "benefits", these devices clearly have perceived
>>> benefits
>> 
>> I do not agree that the IETF ought described perceived benefits as
>> if the claimed benefits accrue as hoped for.
> 
> [Med] I'm afraid it is hoped for some functions. For example, the
> IETF specified in the past many functions to provide specific
> services (called benefit in draft-dolson) such as NAT64 (IPv4 service
> continuity).

I'm not sure that s/benefits/services/g in the document text
would work, so I don't accept that argument. If you meant
something else, I'm not sure what.

> 
> If you don't perceive that function as a "benefit", can you please
> answer the following:
> 
> * Because your operator is running out of IPv4 addresses, it decides
> to give you an IPv6 prefix without enabling any function in the
> network. Won't you call the hotline of that operator to claim that
> you don't access to most of Internet resources and that something is
> to be fixed otherwise you will unsubscribe?
> 
> * When you are attending an IETF meeting, I assume you are using
> IPv6-only SSID. Do you volunteer to opt-out from NAT64 in the coming
> meeting?

I did not argue that no middlebox ever provided any benefit
to anyone so I don't know how answering the above questions
would help.

But in case it does help: yes, firewalls have provided some
benefits over the years. I suspect those are now diminishing
but could be wrong. I don't know if it's gotten to the point
that firewalls are more of a benefit or a scourge today. (Having
just had the fun of installing a stun/turn server to get two
browsers to chat with one another, I can freshly attest to the
"pointless scourge" aspect as I didn't have to ask the f/w
admins anything to get around the useless barrier they were
in this particular case;-)

It might be possible to do studies and produce data that'd help
the community decide that question (f/w utility vs. scourge) and
that could be a useful activity, if done objectively. That last
(objectivity) seems hard though, as it seems there are many folks
who find being objective in this space difficult (on all sides).
I've no idea if similar studies and data could help with
(re-)evaluating other aspects of middlebox deployment claimed
utility.

And again, I see no utility at all in a statements along the
lines that "firewalls are beneficial because they can do X."

S.

> 
> 
> That is far too
>> close to marketing. In a contentious case like this, I can see why
>> someone may feel that's useful as a form of balance or part of a
>> larger debate, but in the end I think we need to step back and take
>> an engineering approach.
> 
> [Med] Fully agree. This is why we need to understand the intended
> usage to have a reference for any engineering approach.
> 
>> 
>> S
>> 
>>> to those who deploy them. My view is that the document should
>>> explain that perspective for readers who lack the operator
>>> perspective. The intent was not to mandate or recommend
>>> deployments.
>>> 
>>> David Dolson ‎ Original Message From:
>>> mohamed.boucadair@orange.com Sent: Tuesday, April 11, 2017 7:48
>>> AM To: Stephen Farrell; Martin Thomson; ietf@ietf.org Cc: 
>>> draft-dolson-plus-middlebox-benefits@tools.ietf.org Subject: RE: 
>>> draft-dolson-plus-middlebox-benefits (was RE: Review of 
>>> draft-mm-wg-effect-encrypt-09)
>>> 
>>> 
>>> Hi Stephen,
>>> 
>>> Please see inline.
>>> 
>>> Cheers, Med
>>> 
>>>> -----Message d'origine----- De : Stephen Farrell 
>>>> [mailto:stephen.farrell@cs.tcd.ie] Envoyé : mardi 11 avril
>>>> 2017 10:51 À : BOUCADAIR Mohamed IMT/OLN; Martin Thomson; 
>>>> ietf@ietf.org Cc : 
>>>> draft-dolson-plus-middlebox-benefits@tools.ietf.org Objet :
>>>> Re: draft-dolson-plus-middlebox-benefits (was RE: Review of
>>>> draft- mm-wg-effect-encrypt-09)
>>>> 
>>>> 
>>>> Hi Med,
>>>> 
>>>> On 11/04/17 09:15, mohamed.boucadair@orange.com wrote:
>>>>>> I hope that the IETF never publishes 
>>>>>> draft-dolson-plus-middlebox-benefits; it makes claims
>>>>>> about the benefits of specific solutions for different use
>>>>>> cases with the goal of justifying those solutions.
>>>> 
>>>>> [Med] I'm afraid this is speculating about the intent of 
>>>>> draft-dolson. Assured this is not the purpose of that
>>>>> document. The motivation is to document current practices
>>>>> without including any recommendation or claiming these
>>>>> solutions are superior to others.
>>>> 
>>>> Just to note that I completely agree with Martin's
>>>> interpretation of the thrust of this draft and I totally fail
>>>> to see how your argument above can be justified given that
>>>> draft title, abstract and even filename (and also the
>>>> content;-).
>>> 
>>> [Med] "beneficial" is derived from the initial request that
>>> motivated this draft (excerpt from the abstract):
>>> 
>>> At IETF97, at a meeting regarding the Path Layer UDP Substrate 
>>> (PLUS) protocol, a request was made for documentation about the 
>>> benefits
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ that
>>> might be provided by permitting middleboxes to have some 
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>>> visibility to transport-layer information. 
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> 
>>> When the abstract
>>>> says "This document summarizes benefits" then I cannot
>>>> interpret that as other than being intended to justify the uses
>>>> described.
>>> 
>>> [Med] I would prefer if we can avoid to "interpret", but raise 
>>> questions to the authors if there is a doubt. The document does
>>> not provide a recommendation or claims this is the only way to
>>> achieve the technical goals. It does only reflect some deployment
>>> reality together with some motivations.
>>> 
>>>> 
>>>> A fairly thorough re-write to aim to describe the pros and
>>>> cons would be a different and more useful document.
>>> 
>>> [Med] There are already many RFCs that discuss the issues/cons (I
>>> can cite this RFC I co-authored
>>> https://tools.ietf.org/html/rfc6269 for the CGN case). What is
>>> needed IMHO is something else: understand the requirements that
>>> led to deploy some of these functions.
>>> 
>>> Similarly a draft
>>>> that strives to neutrally describe existing reality could maybe
>>>> be useful (*)
>>> 
>>> [Med] This is the intent of draft-dolson.
>>> 
>>> but one that only describes middlebox friends with
>>>> "benefits" is not IMO beneficial ;-)
>>> 
>>> [Med] The intent is not to "sell something" but to understand
>>> the technical needs so that hopefully we can have a reference for
>>> future solution-oriented discussions. If a given function can be
>>> provided without involving an on-path device, this would be great
>>> for operators (optimize CAPEX/OPEX is our motto).
>>> 
>>>> 
>>>> Cheers, S.
>>>> 
>>>> (*) That is the argument for draft-mm-effect-encrypt, for which
>>>> I do support publication (apparently in disagreement with
>>>> Martin in that case:-)
>>>> 
>>>> 
>>>> 
>>> 
>

v2.23.0 | Report a Bug | By Email