IETF Logo Mail Archive

Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Dino Farinacci <farinacci@gmail.com> Fri, 06 January 2023 20:41 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD4CC14CE3F; Fri, 6 Jan 2023 12:41:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEvP_rc5TucT; Fri, 6 Jan 2023 12:41:28 -0800 (PST)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44C9CC1377E5; Fri, 6 Jan 2023 12:40:43 -0800 (PST)
Received: by mail-pl1-x62b.google.com with SMTP id d9so2858967pll.9; Fri, 06 Jan 2023 12:40:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6/NSi//Cd9HiMqg7SG6SZDWHsLhNzIzQIuKbB3fjuRE=; b=pvbXun8rTElNdwjzOL3JjJiNAp2J7o91E28QllAvugI9lyN4GXP/uIoB6MD6TWWsS4 DVk9u9+97yF4W/H3gKGsN++xQ5FDQQzlnZH0PV6M/Fd154j2hx023xbDA494fynIi/fN qhsFiQ0k2mbLiYJDCv9Y6auSbpC1lCL7oEUTTg89sE3kvw1FP/q/mcGdjaIsFIkL/hm3 fsA4sd2JYteeAnNhqlFTFPQb1FiYFUp+2PJQl9W4h2ndPtPZe/sXWL7TsKtLX3Qt/NeZ grbO3lMy9GEVLxXqP4On4zYSn7xIAiuvUS6YGsCTIWluk9HD2DnmBnntFcBE/BGl1ytr FbYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/NSi//Cd9HiMqg7SG6SZDWHsLhNzIzQIuKbB3fjuRE=; b=glhD0E9fFV6SKva5V10H5etFlIBZnNgiNXf/WEOEsTTEoX/KaLGfPMUZ8bkInwDDIE f9TBc1RDrSNQzJcfDwTbrxEv835f0dV9VIc2nUn3izm9+fzuUPneznoBygfFJZ7RRYqm mygEx9a8raGXnaLOAaOEQeMTzaZc9QOH3LeBqzWTthdk8lCAB57YlzWXvdF5AG3LxBKq aVq0AiVMK9evlPbA/uT6ACzdwmEo8i4rKx8t7ZqHBkwgDgFCns1K2kG2/NDeHngN+x8V 47yoJhO+wvsdpSXE8L2nb0bvXX6/g0nRk8GFiXCNTLKH9tuLVvg0V5sqQlVG0cu1CMEx kE/A==
X-Gm-Message-State: AFqh2kp6pgyERsxFCQASSqFpjFMmgKWphmttmionblXw9ZDXEJ6CwC2o fMzkx05FMTRR6V/jw/fxudk=
X-Google-Smtp-Source: AMrXdXsn37eNQtqSEQKTthqlaOFSqKCTGRaxL1jq6KT6GTRPmTxnLWcuKaFwpDmWM7fUCkrfJA0stQ==
X-Received: by 2002:a05:6a21:328b:b0:af:76da:1462 with SMTP id yt11-20020a056a21328b00b000af76da1462mr82451374pzb.40.1673037642510; Fri, 06 Jan 2023 12:40:42 -0800 (PST)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id n15-20020a170902d2cf00b0018963b8e131sm1256606plc.290.2023.01.06.12.40.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Jan 2023 12:40:41 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAMm+Lwhe31gfb_Uhx+eFL4tZbJjbusJt1+yjq14wGqd1qenUaQ@mail.gmail.com>
Date: Fri, 06 Jan 2023 12:40:40 -0800
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, hrpc@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <90BDB002-4222-4DE9-A64C-66E0C73D6EFA@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com> <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com> <EFCEFAA6-3638-4CE0-91DD-3E38FE00DF29@gmail.com> <1F71EB99-3657-4A20-8B28-2AFB743A9762@gmail.com> <1B0A222E-21E5-413E-8B2C-9C0CBCDB0773@gmail.com> <CAMm+LwgdmHkA3PKrXb85Dt+pUg-Q5mJwY4kdktgvhB5Twwv3Ww@mail.gmail.com> <36BA0408-2523-440F-A011-7921A1868A66@gmail.com> <CAMm+Lwhe31gfb_Uhx+eFL4tZbJjbusJt1+yjq14wGqd1qenUaQ@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yRAv6htckR7DxNq7eCtHAZ7b8ww>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2023 20:41:32 -0000

> I was trying to be polite. Folk who have been peddling a technology which meets a need faced by essentially all Internet users that is being utilized by essentially none of them after 30+ years should be willing to take the win and move on.

My intent wasn't to be dismissive. I am not sure why you thought that.

> The people who are choosing not to use multicast are serious engineers who are fully aware of the existence of multicast. They are doing things differently for a reason and being dismissive about their engineering choices as clearly unfounded and incorrect is not the way to persuade them.

Yes, and I was just stating a conceptual optimization. It has been clear that people are *willing* to pay the cost for head-end replication at the app source. They do that because they have more control. Its understandable.

> Ditto above comment.
> 
> Again, seems like you are better at dismissing different ideas than explaining your position.

I did explain my position. It has proven work that distributed replication (in routers) scales better. But it comes at a different cost than doing head-end-replication. Engineers decide on that tradeoff.

> From my point of view as an application protocol developer, multicast is essentially useless because I have to do my own work to provide a reliable transport and that in turn means I can't make use of WebRTC libraries and the like.

For UDP applications, its simpler for the app to send 1 packet on a UDP socket when they want that packet to get to multiple recipients.

> I was rather annoyed to be watching the Times Square new years eve celebrations on You Tube TV with a 15 second delay. That could have been avoided if multicast had been a part of the distribution technology. But I can understand why it wasn't.

Yes, right.

> The only way I can see multicast being useful in the context of Internet broadcast events is as one component in a hybrid scheme which looks like QUIC to the receiving endpoint application with a multicast stream from the data source being supplemented by a separate branching control channel providing authentication and reliability.

Multicast being useful is getting off topic from this thread. Unless you believe to remove source addresses from a packet and not satify the multicast requirement, than that is a side to argue.

> Such a scheme would have to address security differently from the handling in QUIC because it is the nature of AEAD/MAC schemes that anyone who can authenticate the data can inject fake data. Thus it is necessary to either use public key or to provide each recipient with their own authentication feed.

It is well-known how complex multicast key management is and KEK doesn't scale with the number of receivers. But that state (for multiple receipients) has to be stored somewhere, at one layer or the other. So an engineer needs to make their own tradeoffs.

> But no, go on. Perhaps we should give it another 30 years. Lets just keep doing what we are doing and maybe things will change.

This is not a binary success or fail argument. And the argument should be taken offline since its off topic. If you want to discuss privately, would love to. Thanks.

Dino

v2.23.0 | Report a Bug | By Email