IETF Logo Mail Archive

Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 25 May 2022 20:30 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: mops@ietfa.amsl.com
Delivered-To: mops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AC5C19E87D; Wed, 25 May 2022 13:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDRPGYdxWC9f; Wed, 25 May 2022 13:30:38 -0700 (PDT)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com [IPv6:2607:f8b0:4864:20::e31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EDB7C14F72E; Wed, 25 May 2022 13:30:38 -0700 (PDT)
Received: by mail-vs1-xe31.google.com with SMTP id b7so22597382vsq.1; Wed, 25 May 2022 13:30:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pox21gEKQ5KWoIOXUQa1HKxn6eC93p3Ym+xJMqc77CQ=; b=IPVhMcCPGWhaboWce/eNpfx2PWBAuJUQCqnWFb5jz9BoYe5Avbn/MUncw0Hf19vgL4 +avoWScl4Bd/ju1BYYnI7KEAK/VUs+9OhnZ+G4GmDXRKA4/VrOu/MU9oHaGGULpRz97c TP01QVE///R1Tsu/FxcgKydKd4FGsxN23kKv5UCpyALMYsH6qGqMVsDyn57+u685XC9M VYsLQo1QxfWqKuVgahh6CQwKiJkSzbR1zpBH27bwfi1GArSMkOxvLwfrj/SCUMQ4K3HP dhBlz34EA2OOMYoFOWpOyy23jOD1wORDb8TXBy8jr2OFY6RpITPwjDJuH0KDnDUl2Z40 3mcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pox21gEKQ5KWoIOXUQa1HKxn6eC93p3Ym+xJMqc77CQ=; b=r9lCs4NPLKkQwTccCp0FCKrZzLuglEKBHM85ZPK/Gkn5Ikxu/H179kfDYxrm9O6fNt epWieO2irFsxP2QZ4K5fvmaHfSE8h68nkDbIdNxlaSp8uZp//ix3iRg9x48Ub1dV8oXa hRkbg+ErHiXdDJQtglkFH6jWskgb4BwRxINOLSG95unqUA/C9W2URGy6fBUz7zn576id kQTeTrX68ar20I8kKDFc9bP+Bk393T6O3YPN3S0sXUAFs4bGqDLY24tkeepQkTcNNo6r PU7SvMM/u+qbbzNqazI+rGA9Hp2eP49z9OBnAmuDTjMIoqTFxLc2PkrTQmoQvTGt9cai 7GJw==
X-Gm-Message-State: AOAM533eqqu1+WpDSavYoKxAnxGXBNfqBVPLEIawGwjITYZYploEvJCV jZv2E9JAD1pz588PSnX03bprsw1OPIuCwLw1CkY=
X-Google-Smtp-Source: ABdhPJxE+47+8cKE2p0fBbOO+zpGgn8UeX9EZte2bDVRjtnPGhCXE7ieMv1TSe7J8fH6RHfplak5h9NV5vk1rX9stGM=
X-Received: by 2002:a05:6102:e92:b0:335:bb5a:9d1 with SMTP id l18-20020a0561020e9200b00335bb5a09d1mr14265878vst.43.1653510637173; Wed, 25 May 2022 13:30:37 -0700 (PDT)
MIME-Version: 1.0
References: <165213552200.37320.14578434821075934922@ietfa.amsl.com> <CAGac5Ahb58EeNhtKyVoiX9wwTB7VLi3jhu53cU2fMXiUbV_tAA@mail.gmail.com>
In-Reply-To: <CAGac5Ahb58EeNhtKyVoiX9wwTB7VLi3jhu53cU2fMXiUbV_tAA@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 25 May 2022 15:30:11 -0500
Message-ID: <CAKKJt-eBQ_6zWuCCjQ71bxydT0eu-xJGXW7nUm_1EyOzbt-k7g@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mops-streaming-opcons@ietf.org, Jake Holland <jakeholland.net@gmail.com>, mops-chairs@ietf.org, MOPS Working Group <mops@ietf.org>, Sanjay Mishra <sanjay.mishra@verizon.com>, "Holland, Jake" <jholland@akamai.com>
Content-Type: multipart/alternative; boundary="000000000000293fd405dfdbf201"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mops/jUXL9keitejR2qykyc0-o909k18>
Subject: Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)
X-BeenThere: mops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Media OPerationS <mops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mops>, <mailto:mops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mops/>
List-Post: <mailto:mops@ietf.org>
List-Help: <mailto:mops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mops>, <mailto:mops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2022 20:30:42 -0000

Hi, Roman,

(Top-posting)

Did you have a chance to consider Jake's response about your Discuss ballot
(below)?

Best,

Spencer

On Wed, May 11, 2022 at 3:04 PM Jake Holland <jakeholland.net@gmail.com>
wrote:

> Hi Roman,
>
> We discussed this in an author's chat, and we're trying to pin down some
> good text that would cover your DISCUSS.  (We're separately considering
> your other excellent comments as well, but wanted to focus on this first.)
>
> We think the points to make are:
> - media operators, your media is part of an arms race aiming to track
> users for more effective advertisers
> - There are some efforts, such as [Topics](
> https://github.com/patcg-individual-drafts/topics), to get the ecosystem
> to reduce its reliance on individual tracking while still achieving
> targeted ads, which are worth a lot of money (pick out a reference or 2
> from e.g. [1]
> https://www2012.universite-lyon.fr/proceedings/proceedings/p111.pdf )
>
> As an initial idea, we're thinking perhaps to add a paragraph after the
> first mention of targeting, and we're wondering if this is in the right
> direction, and whether you can suggest any specific improvements?:
>
> https://htmlpreview.github.io/?https://github.com/ietf-wg-mops/draft-ietf-mops-streaming-opcons/blob/gh-pages/draft-ietf-mops-streaming-opcons.html#section-5.4-5
> :
>
> Traditionally, targeted ads have relied on user tracking, which involves a
> relatively large privacy exposure for end users.  At the time of this
> writing some proposals such as [Topics](
> https://github.com/patcg-individual-drafts/topics) have been made in an
> effort to reduce that exposure without losing the effects of targeting (ref
> from [1] that measures a high impact).
>
> We found a few references touching on the risks, like:
> - https://www.makeuseof.com/tag/targeted-ads-threat-privacy/
> - https://getterms.io/blog/the-risks-of-targeted-advertising/
>
> But maybe you know a better reference?
>
> Thanks and regards,
> Jake (and Spencer and Ali)
>
> On Mon, May 9, 2022 at 3:32 PM Roman Danyliw via Datatracker <
> noreply@ietf.org> wrote:
>
>> Roman Danyliw has entered the following ballot position for
>> draft-ietf-mops-streaming-opcons-10: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to
>> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
>> for more information about how to handle DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-mops-streaming-opcons/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> ** Section 5.4.
>>
>>    Ads may be inserted either with Client Side Ad Insertion (CSAI) or
>>    Server Side Ad Insertion (SSAI).  In CSAI, the ABR manifest will
>>    generally include links to an external ad server for some segments of
>>    the media stream, while in SSAI the server will remain the same
>>    during advertisements, but will include media segments that contain
>>    the advertising.  In SSAI, the media segments may or may not be
>>    sourced from an external ad server like with CSAI.
>>
>>          …
>>
>>    As a
>>    mitigation for concerns driven by those incidents, some SSPs have
>>    required the use of players with features like reporting of ad
>>    delivery, or providing information that can be used for user
>>    tracking.  Some of these and other measures have raised privacy
>>    concerns for end users.
>>
>> Thanks for starting the discussion about privacy.  The framing doesn’t
>> seem
>> completely accurate.  Whether there is ad fraud or not, user data of some
>> kind
>> is being sent off to ad exchanges (it’s the basis of the bidding
>> process), and
>> network level tracking is being facilitated through connects to CSAIs.
>> Please
>> provide some editorial construct to suggest that practically any kind of
>> targeted ads are going to entail some trade in privacy, and explain the
>> risks
>> specifically or with a reference.
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> ** Thanks for distilling a diverse ecosystem into a single document.  To
>> make
>> navigating this ecosystem easier, please provide definitions for terms
>> like
>> “media provider”, “streaming media provider”, “intermediary”,
>> “intermediate
>> streaming operators”, and “content provider”; and show a notional
>> architecture
>> between them.  If some of these terms or elements are interchangeable,
>> please
>> make it clear.  I’ll call out some of the places where I got confused
>> below.
>>
>> ** Section 3.5.  Is there are reference that can be provided to support
>> the
>> assertion that better codecs (which save bandwidth) can’t offset increased
>> video consumption.
>>
>> ** Section 4.  Is the definition of “ultra low-latency” used here the
>> same as
>> “ultra low latency caches” in Section 3.4?
>>
>> ** Section 4.2.  What is a “premium service to the delivery of live
>> video”?  Is
>> that “premium” in the sense of my ISP and associated provisioning? Or in
>> the
>> sense of my relationship with the content provider?
>>
>> ** Section 4.2.  This section lists HLS, DASH and a few other enabling
>> technologies.  Are the technologies for ultra low-latency applicable?
>>
>> ** Section 4.3.
>>
>>    This level
>>    of latency is often considered adequate for content like news or pre-
>>    recorded content.
>>
>> What is the difference between the “pre-recorded content” described here
>> and
>> the “on-demand” described in Section 4.4?
>>
>> ** Section 5.4
>>
>>    In general this is a rapidly developing space with many
>>    considerations, and media streaming operators engaged in advertising
>>    may need to research these and other concerns to find solutions that
>>
>> Who are “media streaming operators”?  Are those different than “media
>> providers”
>>
>> ** Section 6.1.
>>    … we have trusted UDP-based
>>    applications to limit their impact on other users
>>
>> Who is the “we”?  Can this “trust” please be clarified.  Same comment for
>> Section 6.2.
>>
>> ** Section 6.1.
>>
>>    Although it is
>>    possible to saturate a path between a DNS client and DNS server with
>>    DNS requests, in practice, that was rare enough that DNS included few
>>    mechanisms to resolve contention between DNS users and other users
>>    (whether they are also using DNS, or using other application
>>    protocols that share the same pathways).
>>
>> Can this observation please be restated?  How is a DNS server to resolve
>> contention for non-DNS traffic?
>>
>> ** Section 7.
>>       Media encrypted at the application layer, typically using some
>>       sort of Digital Rights Management (DRM) system, and typically
>>       remaining encrypted "at rest", when senders and receivers store
>>       it.
>>
>> Is this proposed scheme where the media remains encrypted even when at
>> rest in
>> fact just describing object encryption/security – that is, the security
>> properties of the encrypted media hold and are independent of the
>> communication
>> mechanism transporting them?
>>
>> ** Section 7.
>>
>>    The use of strong encryption does provide confidentiality for
>>    encrypted streaming media, from the sender to either an intermediary
>>    or the ultimate media consumer, and this does prevent Deep Packet
>>    Inspection by any intermediary that does not possess credentials
>>    allowing decryption.
>>
>> What is an intermediary here?  Is it any on-path observer?
>>
>> ** Section 7.1.
>>
>>    An intermediary that can identify an
>>    encrypted media stream without decrypting it, may be able to
>>    "fingerprint" the encrypted media stream of known content, and then
>>    match the targeted media stream against the fingerprints of known
>>    content.  This protection can be lessened if a media provider is
>>    repeatedly encrypting the same content.
>>
>> -- I had trouble following the setup.  I assumed the text was trying to
>> abstractly describe the methodology in [CODASPY17].  Recommend:
>>
>> NEW
>> An on-path observer that can identify that encrypted traffic contains a
>> media
>> stream, could “fingerprint” this encrypted media steam, and then compare
>> it
>> against “fingerprints” of known content.
>>
>> -- Per the last sentence, “[t]this protection …”, what protection is being
>> lessened here?
>>
>> ** Section 7.1
>>
>>    If traffic analysis is successful at identifying encrypted content
>>    and associating it with specific users, this breaks privacy as
>>    certainly as examining decrypted traffic.
>>
>> Please be more precise on the security properties being lost rather than
>> summarizing it has “privacy”
>>
>> ** Section 7.2.
>>
>>    If a content provider does not actively work to avoid interception by
>>    intermediaries, the effect will be indistinguishable from
>>    "impersonation attacks", and endpoints cannot be assumed of any level
>>    of privacy.
>>
>> Please be precise on what security properties are in play from
>> “impersonation
>> attacks” and loss of “privacy”.  In the situation described above, it
>> seems to
>> be both confidentiality (e.g., the intermediary can see the entirety of
>> all
>> communication between the end-point and the media provider) and
>> authenticity
>> (e.g., no party can trust the content received in fact came from the
>> expected
>> party)
>>
>> ** Section 7.2
>>
>>       Server And Network assisted DASH [MPEG-DASH-SAND] - this
>>       specification introduces explicit messaging between DASH clients
>>       and network elements or between various network elements
>>
>> Are “network elements” the same as “intermediaries?”
>>
>> ** Section 7.2
>>    The choice of whether to involve intermediaries sometimes requires
>>    careful consideration.  As an example, when ABR manifests were
>>    commonly sent unencrypted some networks would modify manifests during
>>    peak hours by removing high-bitrate renditions in order to prevent
>>    players from choosing those renditions, thus reducing the overall
>>    bandwidth consumed for delivering these media streams and thereby
>>    improving the network load and the user experience for their
>>    customers.
>>
>> -- Please be clear on who is deciding to involve the intermediaries. Is
>> it the
>> media provider?
>>
>> -- It isn’t clear who is operating these intermediaries – is it the media
>> provider or the connectivity provider of the end user?  I took to be the
>> latter.  Assuming that’s right, how is this a design choice by the media
>> providers? Did the media providers explicitly choose to use an unencrypted
>> protocol to support these network operators; or did the network operators
>> exploit this design choice without coordination?
>>
>> ** Section 7.2
>>
>> Now that ubiquitous encryption typically prevents this
>>    kind of modification, in order to maintain the same level of network
>>    health and user experience across networks whose users would have
>>    benefitted from this intervention a media streaming operator
>>    sometimes needs to choose between adding intermediaries who are
>>    authorized to change the manifests or adding significant extra
>>    complexity to their service.
>>
>> There is an implicit architectural assumptions being made that I’m not
>> following.  This text suggests that the media streaming operators are
>> operating
>> the intermediaries.   Are these intermediaries in a network controlled by
>> the
>> media streaming operator?  Before, intermediaries were modifying
>> manifests, and
>> now due to encryption more intermediaries are needed?
>>
>> ** Section 7.3.
>>
>> Unfortunately, as noted in [RFC7258], there is no way to prevent
>>    pervasive monitoring by an "attacker", while allowing monitoring by a
>>    more benign entity who "only" wants to use DPI to examine HTTP
>>    requests and responses in order to provide a better user experience.
>>
>> s/Unfortunately//.  Keeping "unfortunately" is a value judgement.  Some
>> users
>> might be quite pleased by this development.
>>
>> ** Section 7.3.  What is an “Intermediary streaming operator”?  How is
>> that
>> different than a “media provider” or “media streaming provider”?
>>
>> Editorial
>>
>> ** Section 1.  Consider if you can simplify the first sentence, “This
>> document
>> examines …”.  It is dense.
>>
>> ** Section 1.  Typo. s/availability,but/availability, but/
>>
>> ** Section 3.2.  Typo. s/contraints/constraints/
>>
>> ** Section 3.2. s/bandwith/bandwidth/
>>
>> ** Section 3.2.  Typo. s/occuring/occurring/
>>
>> ** Section 3.4  Per the paragraph starting with “Caching and pre-loading
>> …”,
>> consider if this can be simplified.  It’s exactly one sentence long with
>> multiple “especially …” clauses.
>>
>> ** Section 3.4.  Editorial
>>
>>    And as with other parts of the ecosystem, new technology brings new
>>    challenges.  For example, with the emergence of ultra-low-latency
>> …
>> Consider if the first sentence is needed.  This who paragraph seems to be
>> related to caches   Perhaps just start this paragraph with “With the
>> emergence
>> of …”
>>
>> ** Section 3.5. Consider defining “mobile data.”
>>
>> ** Section 4.1.
>>
>>    This introduces new challenges relative to less-
>>    restricted levels of latency requirements because this latency is the
>>    same scale as commonly observed end-to-end network latency variation
>>    (for example, due to effects such as bufferbloat ([CoDel]), Wi-Fi
>>    error correction, or packet reordering).
>>
>> This sentence doesn’t parse.
>>
>> ** Section 4.1.
>>
>>    These effects can make it
>>    difficult to achieve this level of latency for the general case, and
>>    may require tradeoffs in relatively frequent user-visible media
>>    artifacts.
>>
>> The wording isn’t right here –- “… may require tradeoffs ...”  Does this
>> text
>> mean “... may require accepting relatively frequent user-visible media
>> artifacts.”
>>
>> ** Section 5.5.3.  Typo. s/detction/detection/
>>
>> ** Section 6.1.  Per “In recent times”, please restate this as this
>> phrase is
>> not precise and is unlikely to age well.
>>
>> ** Section 6.1.  Typo. s/tansport/transport/
>>
>> ** Section 6.3.  Per “… without melting the Internet”, consider a less
>> colloquial expression.
>>
>> ** Section 6.3.  Per “As noted in [RFC8312], both the CUBIC congestion
>> controller and its predecessor …”, consider re-writing this sentence for
>> readability.  The double “and both were ...” clauses makes this text very
>> dense.
>>
>> ** Section 7.3.  The opening paragraph of this section appears to be a
>> restatement of the opening paragraph of Section 7.1.
>>
>>
>>
>>

v2.23.0 | Report a Bug | By Email