IETF Logo Mail Archive

Re: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt

<mohamed.boucadair@orange.com> Fri, 19 July 2013 07:57 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F84921E810A for <int-area@ietfa.amsl.com>; Fri, 19 Jul 2013 00:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPwC9PGGQJ0k for <int-area@ietfa.amsl.com>; Fri, 19 Jul 2013 00:57:47 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by ietfa.amsl.com (Postfix) with ESMTP id CD85311E80F5 for <int-area@ietf.org>; Fri, 19 Jul 2013 00:57:46 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm09.si.francetelecom.fr (ESMTP service) with ESMTP id 41C562DC2CC; Fri, 19 Jul 2013 09:57:46 +0200 (CEST)
Received: from puexch31.nanterre.francetelecom.fr (unknown [10.101.44.29]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 1F31923806E; Fri, 19 Jul 2013 09:57:46 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.233.200.25]) by puexch31.nanterre.francetelecom.fr ([10.101.44.29]) with mapi; Fri, 19 Jul 2013 09:57:45 +0200
From: mohamed.boucadair@orange.com
To: Toerless Eckert <eckert@cisco.com>
Date: Fri, 19 Jul 2013 09:57:44 +0200
Thread-Topic: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt
Thread-Index: Ac6ELdUBUd4pHoqQRQqubi9dAsh31wAIUaow
Message-ID: <94C682931C08B048B7A8645303FDC9F36EE2DDB790@PUEXCB1B.nanterre.francetelecom.fr>
References: <94C682931C08B048B7A8645303FDC9F36EE2DDB4FE@PUEXCB1B.nanterre.francetelecom.fr> <45A697A8FFD7CF48BCF2BE7E106F0604090C8510@xmb-rcd-x04.cisco.com> <94C682931C08B048B7A8645303FDC9F36EE2DDB59F@PUEXCB1B.nanterre.francetelecom.fr> <20130719031237.GM23170@cisco.com>
In-Reply-To: <20130719031237.GM23170@cisco.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.5.21.113319
Cc: "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [Int-area] FW: New Version Notification for draft-eckert-intarea-flow-metadata-framework-01.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2013 07:57:52 -0000

Dear Toerless,

Please see inline. 

Cheers,
Med

>-----Message d'origine-----
>De : Toerless Eckert [mailto:eckert@cisco.com]
>Envoyé : vendredi 19 juillet 2013 05:13
>À : BOUCADAIR Mohamed OLNC/OLN
>Cc : Reinaldo Penno (repenno); Charles Eckel (eckelcu); int-area@ietf.org
>Objet : Re: [Int-area] FW: New Version Notification for draft-eckert-
>intarea-flow-metadata-framework-01.txt
>
>On Thu, Jul 18, 2013 at 02:11:21PM +0200, mohamed.boucadair@orange.com
>wrote:
>> >[RP] I believe the end-point making the request for flow characteristics
>> >will be the CPE in many cases where the applications is not metadata
>> >aware. In other words, the CPE makes the request on behalf of
>applications.
>> [Med] I'm more interested in this CPE flavor (managed CPE) since it
>avoids relying on applications to benefit from the added value of this
>approach. This is worth be discussed in the document too.
>
>See section 3.1.4.1 which talks about proxies. The problem really is where
>the proxied information comes from. If the proxy is doing DPI inspection to
>deduce it or some configured mappings, then it's likely going to be
>unreliable
>(encryption) or suffer from problems in getting it provisioned.

[Med] Section 3.1.4.1 as it is does not provide decent discussion of these deployment issues and considerations. Sketching the expected behavior of such intermediary functions would even be better. This applies also for the other deployment-related issues I listed in my initial e-mail.

>
>To me these inspecting proxies are a way to get a foot in the door with
>the method while it takes its time to persuade app-developers (or
>middleware
>like browsers) to signal the information explicitly (couple of years ?...).
>
>> [Med] The question is not whether a secure transport is used or not but
>to what extent the flow description is accurate (e.g., send fake flow
>description, systematically request treatment with higher priority, etc.).
>
>Right. That was the intention of 3.1.4.2. Ultimately the network taking
>action on the metadata needs to trust the authenticated identity
>associated with the attributes to not lie about the attributes - OR
>enforce the semantic of the attributes signalled.
>
[Med] this discussion about trust is worth to be elaborated further in the document. For sure, this point will be raised by others.

>Cheers
>    Toerless

v2.23.0 | Report a Bug | By Email