Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 25 May 2022 20:30 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: mops@ietfa.amsl.com
Delivered-To: mops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AC5C19E87D; Wed, 25 May 2022 13:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDRPGYdxWC9f; Wed, 25 May 2022 13:30:38 -0700 (PDT)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com [IPv6:2607:f8b0:4864:20::e31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EDB7C14F72E; Wed, 25 May 2022 13:30:38 -0700 (PDT)
Received: by mail-vs1-xe31.google.com with SMTP id b7so22597382vsq.1; Wed, 25 May 2022 13:30:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pox21gEKQ5KWoIOXUQa1HKxn6eC93p3Ym+xJMqc77CQ=; b=IPVhMcCPGWhaboWce/eNpfx2PWBAuJUQCqnWFb5jz9BoYe5Avbn/MUncw0Hf19vgL4 +avoWScl4Bd/ju1BYYnI7KEAK/VUs+9OhnZ+G4GmDXRKA4/VrOu/MU9oHaGGULpRz97c TP01QVE///R1Tsu/FxcgKydKd4FGsxN23kKv5UCpyALMYsH6qGqMVsDyn57+u685XC9M VYsLQo1QxfWqKuVgahh6CQwKiJkSzbR1zpBH27bwfi1GArSMkOxvLwfrj/SCUMQ4K3HP dhBlz34EA2OOMYoFOWpOyy23jOD1wORDb8TXBy8jr2OFY6RpITPwjDJuH0KDnDUl2Z40 3mcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pox21gEKQ5KWoIOXUQa1HKxn6eC93p3Ym+xJMqc77CQ=; b=r9lCs4NPLKkQwTccCp0FCKrZzLuglEKBHM85ZPK/Gkn5Ikxu/H179kfDYxrm9O6fNt epWieO2irFsxP2QZ4K5fvmaHfSE8h68nkDbIdNxlaSp8uZp//ix3iRg9x48Ub1dV8oXa hRkbg+ErHiXdDJQtglkFH6jWskgb4BwRxINOLSG95unqUA/C9W2URGy6fBUz7zn576id kQTeTrX68ar20I8kKDFc9bP+Bk393T6O3YPN3S0sXUAFs4bGqDLY24tkeepQkTcNNo6r PU7SvMM/u+qbbzNqazI+rGA9Hp2eP49z9OBnAmuDTjMIoqTFxLc2PkrTQmoQvTGt9cai 7GJw==
X-Gm-Message-State: AOAM533eqqu1+WpDSavYoKxAnxGXBNfqBVPLEIawGwjITYZYploEvJCV jZv2E9JAD1pz588PSnX03bprsw1OPIuCwLw1CkY=
X-Google-Smtp-Source: ABdhPJxE+47+8cKE2p0fBbOO+zpGgn8UeX9EZte2bDVRjtnPGhCXE7ieMv1TSe7J8fH6RHfplak5h9NV5vk1rX9stGM=
X-Received: by 2002:a05:6102:e92:b0:335:bb5a:9d1 with SMTP id l18-20020a0561020e9200b00335bb5a09d1mr14265878vst.43.1653510637173; Wed, 25 May 2022 13:30:37 -0700 (PDT)
MIME-Version: 1.0
References: <165213552200.37320.14578434821075934922@ietfa.amsl.com> <CAGac5Ahb58EeNhtKyVoiX9wwTB7VLi3jhu53cU2fMXiUbV_tAA@mail.gmail.com>
In-Reply-To: <CAGac5Ahb58EeNhtKyVoiX9wwTB7VLi3jhu53cU2fMXiUbV_tAA@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 25 May 2022 15:30:11 -0500
Message-ID: <CAKKJt-eBQ_6zWuCCjQ71bxydT0eu-xJGXW7nUm_1EyOzbt-k7g@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mops-streaming-opcons@ietf.org, Jake Holland <jakeholland.net@gmail.com>, mops-chairs@ietf.org, MOPS Working Group <mops@ietf.org>, Sanjay Mishra <sanjay.mishra@verizon.com>, "Holland, Jake" <jholland@akamai.com>
Content-Type: multipart/alternative; boundary="000000000000293fd405dfdbf201"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mops/jUXL9keitejR2qykyc0-o909k18>
Subject: Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)
X-BeenThere: mops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Media OPerationS <mops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mops>, <mailto:mops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mops/>
List-Post: <mailto:mops@ietf.org>
List-Help: <mailto:mops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mops>, <mailto:mops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2022 20:30:42 -0000
Hi, Roman, (Top-posting) Did you have a chance to consider Jake's response about your Discuss ballot (below)? Best, Spencer On Wed, May 11, 2022 at 3:04 PM Jake Holland <jakeholland.net@gmail.com> wrote: > Hi Roman, > > We discussed this in an author's chat, and we're trying to pin down some > good text that would cover your DISCUSS. (We're separately considering > your other excellent comments as well, but wanted to focus on this first.) > > We think the points to make are: > - media operators, your media is part of an arms race aiming to track > users for more effective advertisers > - There are some efforts, such as [Topics]( > https://github.com/patcg-individual-drafts/topics), to get the ecosystem > to reduce its reliance on individual tracking while still achieving > targeted ads, which are worth a lot of money (pick out a reference or 2 > from e.g. [1] > https://www2012.universite-lyon.fr/proceedings/proceedings/p111.pdf ) > > As an initial idea, we're thinking perhaps to add a paragraph after the > first mention of targeting, and we're wondering if this is in the right > direction, and whether you can suggest any specific improvements?: > > https://htmlpreview.github.io/?https://github.com/ietf-wg-mops/draft-ietf-mops-streaming-opcons/blob/gh-pages/draft-ietf-mops-streaming-opcons.html#section-5.4-5 > : > > Traditionally, targeted ads have relied on user tracking, which involves a > relatively large privacy exposure for end users. At the time of this > writing some proposals such as [Topics]( > https://github.com/patcg-individual-drafts/topics) have been made in an > effort to reduce that exposure without losing the effects of targeting (ref > from [1] that measures a high impact). > > We found a few references touching on the risks, like: > - https://www.makeuseof.com/tag/targeted-ads-threat-privacy/ > - https://getterms.io/blog/the-risks-of-targeted-advertising/ > > But maybe you know a better reference? > > Thanks and regards, > Jake (and Spencer and Ali) > > On Mon, May 9, 2022 at 3:32 PM Roman Danyliw via Datatracker < > noreply@ietf.org> wrote: > >> Roman Danyliw has entered the following ballot position for >> draft-ietf-mops-streaming-opcons-10: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >> for more information about how to handle DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-mops-streaming-opcons/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> ** Section 5.4. >> >> Ads may be inserted either with Client Side Ad Insertion (CSAI) or >> Server Side Ad Insertion (SSAI). In CSAI, the ABR manifest will >> generally include links to an external ad server for some segments of >> the media stream, while in SSAI the server will remain the same >> during advertisements, but will include media segments that contain >> the advertising. In SSAI, the media segments may or may not be >> sourced from an external ad server like with CSAI. >> >> … >> >> As a >> mitigation for concerns driven by those incidents, some SSPs have >> required the use of players with features like reporting of ad >> delivery, or providing information that can be used for user >> tracking. Some of these and other measures have raised privacy >> concerns for end users. >> >> Thanks for starting the discussion about privacy. The framing doesn’t >> seem >> completely accurate. Whether there is ad fraud or not, user data of some >> kind >> is being sent off to ad exchanges (it’s the basis of the bidding >> process), and >> network level tracking is being facilitated through connects to CSAIs. >> Please >> provide some editorial construct to suggest that practically any kind of >> targeted ads are going to entail some trade in privacy, and explain the >> risks >> specifically or with a reference. >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> ** Thanks for distilling a diverse ecosystem into a single document. To >> make >> navigating this ecosystem easier, please provide definitions for terms >> like >> “media provider”, “streaming media provider”, “intermediary”, >> “intermediate >> streaming operators”, and “content provider”; and show a notional >> architecture >> between them. If some of these terms or elements are interchangeable, >> please >> make it clear. I’ll call out some of the places where I got confused >> below. >> >> ** Section 3.5. Is there are reference that can be provided to support >> the >> assertion that better codecs (which save bandwidth) can’t offset increased >> video consumption. >> >> ** Section 4. Is the definition of “ultra low-latency” used here the >> same as >> “ultra low latency caches” in Section 3.4? >> >> ** Section 4.2. What is a “premium service to the delivery of live >> video”? Is >> that “premium” in the sense of my ISP and associated provisioning? Or in >> the >> sense of my relationship with the content provider? >> >> ** Section 4.2. This section lists HLS, DASH and a few other enabling >> technologies. Are the technologies for ultra low-latency applicable? >> >> ** Section 4.3. >> >> This level >> of latency is often considered adequate for content like news or pre- >> recorded content. >> >> What is the difference between the “pre-recorded content” described here >> and >> the “on-demand” described in Section 4.4? >> >> ** Section 5.4 >> >> In general this is a rapidly developing space with many >> considerations, and media streaming operators engaged in advertising >> may need to research these and other concerns to find solutions that >> >> Who are “media streaming operators”? Are those different than “media >> providers” >> >> ** Section 6.1. >> … we have trusted UDP-based >> applications to limit their impact on other users >> >> Who is the “we”? Can this “trust” please be clarified. Same comment for >> Section 6.2. >> >> ** Section 6.1. >> >> Although it is >> possible to saturate a path between a DNS client and DNS server with >> DNS requests, in practice, that was rare enough that DNS included few >> mechanisms to resolve contention between DNS users and other users >> (whether they are also using DNS, or using other application >> protocols that share the same pathways). >> >> Can this observation please be restated? How is a DNS server to resolve >> contention for non-DNS traffic? >> >> ** Section 7. >> Media encrypted at the application layer, typically using some >> sort of Digital Rights Management (DRM) system, and typically >> remaining encrypted "at rest", when senders and receivers store >> it. >> >> Is this proposed scheme where the media remains encrypted even when at >> rest in >> fact just describing object encryption/security – that is, the security >> properties of the encrypted media hold and are independent of the >> communication >> mechanism transporting them? >> >> ** Section 7. >> >> The use of strong encryption does provide confidentiality for >> encrypted streaming media, from the sender to either an intermediary >> or the ultimate media consumer, and this does prevent Deep Packet >> Inspection by any intermediary that does not possess credentials >> allowing decryption. >> >> What is an intermediary here? Is it any on-path observer? >> >> ** Section 7.1. >> >> An intermediary that can identify an >> encrypted media stream without decrypting it, may be able to >> "fingerprint" the encrypted media stream of known content, and then >> match the targeted media stream against the fingerprints of known >> content. This protection can be lessened if a media provider is >> repeatedly encrypting the same content. >> >> -- I had trouble following the setup. I assumed the text was trying to >> abstractly describe the methodology in [CODASPY17]. Recommend: >> >> NEW >> An on-path observer that can identify that encrypted traffic contains a >> media >> stream, could “fingerprint” this encrypted media steam, and then compare >> it >> against “fingerprints” of known content. >> >> -- Per the last sentence, “[t]this protection …”, what protection is being >> lessened here? >> >> ** Section 7.1 >> >> If traffic analysis is successful at identifying encrypted content >> and associating it with specific users, this breaks privacy as >> certainly as examining decrypted traffic. >> >> Please be more precise on the security properties being lost rather than >> summarizing it has “privacy” >> >> ** Section 7.2. >> >> If a content provider does not actively work to avoid interception by >> intermediaries, the effect will be indistinguishable from >> "impersonation attacks", and endpoints cannot be assumed of any level >> of privacy. >> >> Please be precise on what security properties are in play from >> “impersonation >> attacks” and loss of “privacy”. In the situation described above, it >> seems to >> be both confidentiality (e.g., the intermediary can see the entirety of >> all >> communication between the end-point and the media provider) and >> authenticity >> (e.g., no party can trust the content received in fact came from the >> expected >> party) >> >> ** Section 7.2 >> >> Server And Network assisted DASH [MPEG-DASH-SAND] - this >> specification introduces explicit messaging between DASH clients >> and network elements or between various network elements >> >> Are “network elements” the same as “intermediaries?” >> >> ** Section 7.2 >> The choice of whether to involve intermediaries sometimes requires >> careful consideration. As an example, when ABR manifests were >> commonly sent unencrypted some networks would modify manifests during >> peak hours by removing high-bitrate renditions in order to prevent >> players from choosing those renditions, thus reducing the overall >> bandwidth consumed for delivering these media streams and thereby >> improving the network load and the user experience for their >> customers. >> >> -- Please be clear on who is deciding to involve the intermediaries. Is >> it the >> media provider? >> >> -- It isn’t clear who is operating these intermediaries – is it the media >> provider or the connectivity provider of the end user? I took to be the >> latter. Assuming that’s right, how is this a design choice by the media >> providers? Did the media providers explicitly choose to use an unencrypted >> protocol to support these network operators; or did the network operators >> exploit this design choice without coordination? >> >> ** Section 7.2 >> >> Now that ubiquitous encryption typically prevents this >> kind of modification, in order to maintain the same level of network >> health and user experience across networks whose users would have >> benefitted from this intervention a media streaming operator >> sometimes needs to choose between adding intermediaries who are >> authorized to change the manifests or adding significant extra >> complexity to their service. >> >> There is an implicit architectural assumptions being made that I’m not >> following. This text suggests that the media streaming operators are >> operating >> the intermediaries. Are these intermediaries in a network controlled by >> the >> media streaming operator? Before, intermediaries were modifying >> manifests, and >> now due to encryption more intermediaries are needed? >> >> ** Section 7.3. >> >> Unfortunately, as noted in [RFC7258], there is no way to prevent >> pervasive monitoring by an "attacker", while allowing monitoring by a >> more benign entity who "only" wants to use DPI to examine HTTP >> requests and responses in order to provide a better user experience. >> >> s/Unfortunately//. Keeping "unfortunately" is a value judgement. Some >> users >> might be quite pleased by this development. >> >> ** Section 7.3. What is an “Intermediary streaming operator”? How is >> that >> different than a “media provider” or “media streaming provider”? >> >> Editorial >> >> ** Section 1. Consider if you can simplify the first sentence, “This >> document >> examines …”. It is dense. >> >> ** Section 1. Typo. s/availability,but/availability, but/ >> >> ** Section 3.2. Typo. s/contraints/constraints/ >> >> ** Section 3.2. s/bandwith/bandwidth/ >> >> ** Section 3.2. Typo. s/occuring/occurring/ >> >> ** Section 3.4 Per the paragraph starting with “Caching and pre-loading >> …”, >> consider if this can be simplified. It’s exactly one sentence long with >> multiple “especially …” clauses. >> >> ** Section 3.4. Editorial >> >> And as with other parts of the ecosystem, new technology brings new >> challenges. For example, with the emergence of ultra-low-latency >> … >> Consider if the first sentence is needed. This who paragraph seems to be >> related to caches Perhaps just start this paragraph with “With the >> emergence >> of …” >> >> ** Section 3.5. Consider defining “mobile data.” >> >> ** Section 4.1. >> >> This introduces new challenges relative to less- >> restricted levels of latency requirements because this latency is the >> same scale as commonly observed end-to-end network latency variation >> (for example, due to effects such as bufferbloat ([CoDel]), Wi-Fi >> error correction, or packet reordering). >> >> This sentence doesn’t parse. >> >> ** Section 4.1. >> >> These effects can make it >> difficult to achieve this level of latency for the general case, and >> may require tradeoffs in relatively frequent user-visible media >> artifacts. >> >> The wording isn’t right here –- “… may require tradeoffs ...” Does this >> text >> mean “... may require accepting relatively frequent user-visible media >> artifacts.” >> >> ** Section 5.5.3. Typo. s/detction/detection/ >> >> ** Section 6.1. Per “In recent times”, please restate this as this >> phrase is >> not precise and is unlikely to age well. >> >> ** Section 6.1. Typo. s/tansport/transport/ >> >> ** Section 6.3. Per “… without melting the Internet”, consider a less >> colloquial expression. >> >> ** Section 6.3. Per “As noted in [RFC8312], both the CUBIC congestion >> controller and its predecessor …”, consider re-writing this sentence for >> readability. The double “and both were ...” clauses makes this text very >> dense. >> >> ** Section 7.3. The opening paragraph of this section appears to be a >> restatement of the opening paragraph of Section 7.1. >> >> >> >>
- [Mops] Roman Danyliw's Discuss on draft-ietf-mops… Roman Danyliw via Datatracker
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Jake Holland
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Spencer Dawkins at IETF
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Eric Vyncke (evyncke)
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Eric Vyncke (evyncke)
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Spencer Dawkins at IETF