Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Sat, 06 August 2022 21:25 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: mops@ietfa.amsl.com
Delivered-To: mops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 371C4C14F741; Sat, 6 Aug 2022 14:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmKO2iXIyIHa; Sat, 6 Aug 2022 14:25:24 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48314C14F722; Sat, 6 Aug 2022 14:25:24 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id a2so4187633qkk.2; Sat, 06 Aug 2022 14:25:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=CuzE+C8OoPFZWJWt7x4iS8p1xNEsy0deddKIY7ewTGQ=; b=WmuOGeeTxLqd3kbSESQBw78fSg3oe86Qmig4mz45WCmePY5Y24udBxoDCaQDHVjKSP KAVBlAgHA+Vt4odM18xWVVzkH7wNIKX2eYQt30u5VQJe/RSYuL6oDUrDlRb1mv/xo6Vg 2wYxCwTZGSTIAqc9FIUyhWaptZZcCWXKfKPfK/VhaXRzRSK2HaxXFHdiXqzXeFoA2Q56 0lHvLzs2Th+8YM7fHobyxNtqEnmPHvYwRcaLImizihKt+a8uPAIuqqmUTdtsNGCFcsMB SQ/vxYOy1lnSZtsSVdKfyhhSjjekw62KbBLGwpHgKf87klUBAVG2fzpgnvb9iQdwSZAy 0+Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=CuzE+C8OoPFZWJWt7x4iS8p1xNEsy0deddKIY7ewTGQ=; b=y+1W1TbeE6fN+8vCsTckz9s+T6MqbIK5ELNBhqJg7dCcug06j4TCZRA2Ul9Z0bATEM wQeodT3sz22jbsTU3c+oU7Yxtnh7xbhc/GcBVgbdzNT3ZL1WwLC0M2wVBnnuoO5iIWMn K008TqcY9PcLckh7OgdbgLIxd6211D1WhvCY4m5v9hh3RJPjfPzrJagcIulZyYXSuH6W zDVSuCAzVGWCWGc1agr0/cGKjMhWetA0N4pM7ghkWRXnFOgAfqdWuA29hEkqjEK986iR Y6JpOcLgwk6nPjxr0gXxiOm+sgjZWDlAJMXhGLyGKqlGZ9nxnweHE2itCur3dmXsTldJ Sr1A==
X-Gm-Message-State: ACgBeo0F4AuelF75wt8ht0fdQToFR6JOgivAlYff/o/6A5jTGCeOvqMD UjDkLcezo1n6YYjju/IHCc7qUSPn6eIHrrN4jqI=
X-Google-Smtp-Source: AA6agR5b0mfecRLP2mLGkHnxRwX1KQjt/wworQKu9aQK/EEcXFozWX+9VVVJdvih87EoldBOqZ3DZejlypYvTaWz9eo=
X-Received: by 2002:a05:620a:298c:b0:6b9:123a:9267 with SMTP id r12-20020a05620a298c00b006b9123a9267mr6746203qkp.298.1659821122864; Sat, 06 Aug 2022 14:25:22 -0700 (PDT)
MIME-Version: 1.0
References: <165213552200.37320.14578434821075934922@ietfa.amsl.com> <CAGac5Ahb58EeNhtKyVoiX9wwTB7VLi3jhu53cU2fMXiUbV_tAA@mail.gmail.com> <CAKKJt-eBQ_6zWuCCjQ71bxydT0eu-xJGXW7nUm_1EyOzbt-k7g@mail.gmail.com> <BN2P110MB11077241D198D705D1E7181DDC9E9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB11077241D198D705D1E7181DDC9E9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Sat, 06 Aug 2022 16:24:57 -0500
Message-ID: <CAKKJt-dELefpxyNw07ceiD8jP3HULCZpt7n8wBwo_VT2jjc3UA@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Jake Holland <jakeholland.net@gmail.com>, The IESG <iesg@ietf.org>, "draft-ietf-mops-streaming-opcons@ietf.org" <draft-ietf-mops-streaming-opcons@ietf.org>, "mops-chairs@ietf.org" <mops-chairs@ietf.org>, MOPS Working Group <mops@ietf.org>, Sanjay Mishra <sanjay.mishra@verizon.com>, "Holland, Jake" <jholland@akamai.com>
Content-Type: multipart/alternative; boundary="0000000000006b4d8b05e59938d3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mops/oDF89LTrBqoBV0ScQUIaxsl1AWo>
Subject: Re: [Mops] Roman Danyliw's Discuss on draft-ietf-mops-streaming-opcons-10: (with DISCUSS and COMMENT)
X-BeenThere: mops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Media OPerationS <mops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mops>, <mailto:mops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mops/>
List-Post: <mailto:mops@ietf.org>
List-Help: <mailto:mops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mops>, <mailto:mops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 21:25:26 -0000
Hi, Roman, On Fri, Aug 5, 2022 at 11:33 AM Roman Danyliw <rdd@cert.org> wrote: > Hi Spencer and Jake! > > > > Thank you for the edits in -11 and your patience in the time it took me to > review it. It addresses my DISCUSS and primary COMMENT points, so I’ve > cleared my ballot. I saw a subsequent discussion/issue on saying more > about the security properties of DRM tied to one of my unaddressed COMMENTs > even after this document version. I deliberated on whether more needs to > be said. Yes, more would be helpful, but upon reflection, I worry that > this is a large topic to unpack and the residual benefit might not be > sufficient. There is a generic marker for it already. > > > > Bottom line, in my view this is ready to ship. Again, thanks for your > patience. > > Now that I've looked back at https://github.com/ietf-wg-mops/draft-ietf-mops-streaming-opcons/issues/153, which contains your ballot COMMENT points (as distinct from your DISCUSS points, I'm remembering that the editors did chat about responses, but we have not specifically addressed these comments (yet - we had two open issues when MOPS met at IETF 114, and that was only from lack of time). Some were on text that was changed due to other reviewer and ballot comments, so I'm checking to see what's left. If you're "it's ready to ship", no further action is needed on your part, and the editors will Do The Right Thing. So, for the editors, and the MOPS community, I'll respond here on the mailing list, and put my proposed changes in Github for review. DEAR FELLOW EDITORS, CHAIRS, AND WORKING GROUP MEMBERS: I'm comparing the -10 text Roman pointed to in his comments to what's already in the post-11 Editor's Copy in Github (for anyone following along at home, I'm using this URL: https://www.ietf.org/rfcdiff?url1=draft-ietf-mops-streaming-opcons-10&url2=https://github.com/ietf-wg-mops/draft-ietf-mops-streaming-opcons/raw/gh-pages/draft-ietf-mops-streaming-opcons.txt), and proposing text where that seemed appropriate. As a general characterization, Roman identified a LOT of uses of inconsistent terminology. I'm suggesting these changes because, in my experience, he was asking about things that the RFC Editor would also ask about, except that the RFC Editor would be asking after we've forgotten what we meant ... 🤔 Comments here, or in Github, are welcome. My suggestion to Eric and the chairs was for us to look the draft over between now and this coming Friday, have the editors submit the Editor's Copy in Github as -12, and invite Eric to send -12 off to the RFC Editor as approved. Do The Right Thing, of course. Best, Spencer ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Thanks for distilling a diverse ecosystem into a single document. To make navigating this ecosystem easier, please provide definitions for terms like “media provider”, “streaming media provider”, “intermediary”, “intermediate streaming operators”, and “content provider”; and show a notional architecture between them. If some of these terms or elements are interchangeable, please make it clear. I’ll call out some of the places where I got confused below. I did add selected terms to Section 1.1. I'm happy to consider others. I do think that at least some of the confusion from -10 is lessened, because I've worked to use the same terms consistently, rather than using multiple synonyms in text from different authors. ** Section 3.5. Is there are reference that can be provided to support the assertion that better codecs (which save bandwidth) can’t offset increased video consumption. I see why Roman was reading this text as predicting the future, but it was intended as a statement of past performance. I changed "could not have offset" to "did not offset". I'm betting that trend continues, but I don't need to say that in a WG-consensus document. ** Section 4. Is the definition of “ultra low-latency” used here the same as “ultra low latency caches” in Section 3.4? I'm not seeing "ultra low latency caches" in the draft (either -10 or the current editor's copy). I did see that there was one occurence of "ultra low-latency", among the occurrences of "ultra-low-latency", so I changed that one to match, for clarity. ** Section 4.2. What is a “premium service to the delivery of live video”? Is that “premium” in the sense of my ISP and associated provisioning? Or in the sense of my relationship with the content provider? My understanding is that we're talking about my relationship with the content provider, which may reflect the relationship between the content provider and my ISP (for example, placing CDN nodes in the ISP's network). I'm not sure there's a specific text change that would be helpful here (we're talking about business relationships, which may vary a lot from case to case). ** Section 4.2. This section lists HLS, DASH and a few other enabling technologies. Are the technologies for ultra low-latency applicable? (Speaking only for myself) Media providers targeting low-latency applications are typically planning to exploit HTTP caching infrastructure, which doesn't handle RTP-based media. So, I'd say ultra-low-latency technologies are not applicable to low-latency applications. ** Section 4.3. This level of latency is often considered adequate for content like news or pre- recorded content. What is the difference between the “pre-recorded content” described here and the “on-demand” described in Section 4.4? Nice catch 😉. Keeping in mind that there's not a bright line between non-low-latency live media and on-demand media, there may not be a huge difference, if (for example) you're using the same segments for on-demand and for non-low-latency live media, but the media player does not adapt the requested bitrate to measured network conditions. But I do think it's fair to remove "or pre-recorded content" from section 4.3. ** Section 5.4 In general this is a rapidly developing space with many considerations, and media streaming operators engaged in advertising may need to research these and other concerns to find solutions that Who are “media streaming operators”? Are those different than “media providers” No, they're not different. I'm rephrasing "media providers" as "streaming media operators" throughout the document. ** Section 6.1. … we have trusted UDP-based applications to limit their impact on other users Who is the “we”? Can this “trust” please be clarified. Same comment for Section 6.2. Section 6 has been significantly re-written as a result of INTDIR and TSVART reviews - this text went away in -11. ** Section 6.1. Although it is possible to saturate a path between a DNS client and DNS server with DNS requests, in practice, that was rare enough that DNS included few mechanisms to resolve contention between DNS users and other users (whether they are also using DNS, or using other application protocols that share the same pathways). Can this observation please be restated? How is a DNS server to resolve contention for non-DNS traffic? Section 6 has been significantly re-written as a result of INTDIR and TSVART reviews - this text went away in -11. ** Section 7. Media encrypted at the application layer, typically using some sort of Digital Rights Management (DRM) system, and typically remaining encrypted "at rest", when senders and receivers store it. Is this proposed scheme where the media remains encrypted even when at rest in fact just describing object encryption/security – that is, the security properties of the encrypted media hold and are independent of the communication mechanism transporting them? Yes, and if that's not clear to a SEC AD, I should make it clearer. I'm proposing "- Media encrypted at the application layer, typically using some sort of Digital Rights Management (DRM) system or other object encryption/security mechanism, and typically remaining encrypted at rest, when senders and receivers store it." ** Section 7. The use of strong encryption does provide confidentiality for encrypted streaming media, from the sender to either an intermediary or the ultimate media consumer, and this does prevent Deep Packet Inspection by any intermediary that does not possess credentials allowing decryption. What is an intermediary here? Is it any on-path observer? Not quite. It's on-path, with credentials allowing decryption, and often, it's not just observing - a streaming media operator may provide an intermediary to perform some sort of inspection or transformation. I'll rephrase this to make that clearer. I'm proposing "The use of strong encryption does provide confidentiality for encrypted streaming media, from the sender to either the ultimate media consumer, or to an intermediary that possesses credentials allowing decryption. This does prevent Deep Packet Inspection by any on-path intermediary that does not possess credentials allowing decryption." ** Section 7.1. An intermediary that can identify an encrypted media stream without decrypting it, may be able to "fingerprint" the encrypted media stream of known content, and then match the targeted media stream against the fingerprints of known content. This protection can be lessened if a media provider is repeatedly encrypting the same content. -- I had trouble following the setup. I assumed the text was trying to abstractly describe the methodology in [CODASPY17]. Recommend: NEW An on-path observer that can identify that encrypted traffic contains a media stream, could “fingerprint” this encrypted media steam, and then compare it against “fingerprints” of known content. This proposed text looks fine to me (I'll add it to the editor's copy). And just calling out the reference doesn't add clarity - I provided the title ("Identifying HTTPS-Protected Netflix Videos in Real-Time") in this paragraph. -- Per the last sentence, “[t]this protection …”, what protection is being lessened here? I'm proposing "The protection provided by strong encryption can be further lessened if a streaming media operator is repeatedly encrypting the same content." ** Section 7.1 If traffic analysis is successful at identifying encrypted content and associating it with specific users, this breaks privacy as certainly as examining decrypted traffic. Please be more precise on the security properties being lost rather than summarizing it has “privacy” I'm proposing "If traffic analysis is successful at identifying encrypted content and associating it with specific users, this tells an on-path observer what resource is being streamed, and by who, as certainly as examining decrypted traffic." ** Section 7.2. If a content provider does not actively work to avoid interception by intermediaries, the effect will be indistinguishable from "impersonation attacks", and endpoints cannot be assumed of any level of privacy. Please be precise on what security properties are in play from “impersonation attacks” and loss of “privacy”. In the situation described above, it seems to be both confidentiality (e.g., the intermediary can see the entirety of all communication between the end-point and the media provider) and authenticity (e.g., no party can trust the content received in fact came from the expected party) I'm proposing text based on Roman's comment - "If a streaming media operator does not actively work to avoid interception by on-path intermediaries, the effect will be indistinguishable from "impersonation attacks," and endpoints cannot be assured of any level of confidentiality, and cannot trust that the content received came from the expected sender." ** Section 7.2 Server And Network assisted DASH [MPEG-DASH-SAND] - this specification introduces explicit messaging between DASH clients and network elements or between various network elements Are “network elements” the same as “intermediaries?” No, and the phrase "network elements" accurately reflects the MPEG-DASH-SAND specification, but is very unclear in this document. I'm proposing "- Server And Network assisted DASH {{MPEG-DASH-SAND}} - this specification introduces explicit messaging between DASH clients and DASH-aware network elements or among various DASH-aware network elements, for the purpose of improving the efficiency of streaming sessions by providing information about real-time operational characteristics of networks, servers, proxies, caches, CDNs, as well as DASH client’s performance and status." ** Section 7.2 The choice of whether to involve intermediaries sometimes requires careful consideration. As an example, when ABR manifests were commonly sent unencrypted some networks would modify manifests during peak hours by removing high-bitrate renditions in order to prevent players from choosing those renditions, thus reducing the overall bandwidth consumed for delivering these media streams and thereby improving the network load and the user experience for their customers. -- Please be clear on who is deciding to involve the intermediaries. Is it the media provider? It's the (checks current terminology) streaming media operator. I proposed "A streaming media operator's choice of whether to involve intermediaries requires careful consideration." Note that I removed "sometimes" - in 2022, I don't think careful consideration is a special case. -- It isn’t clear who is operating these intermediaries – is it the media provider or the connectivity provider of the end user? I took to be the latter. Assuming that’s right, how is this a design choice by the media providers? Did the media providers explicitly choose to use an unencrypted protocol to support these network operators; or did the network operators exploit this design choice without coordination? The intermediaries are operated by - or, perhaps, better stated as "authorized by" - streaming media operators. In 2022, we're talking about historical practice here, but when streaming media operators provided unencrypted media, network operators took advantage of that to modify the media, and even the transport protocol (e.g. "split-TCP", etc), in order to provide better performance. With encrypted media, network operators can't insert an intermediary without coordinating with the streaming media operator. I think Roman's confusion was based on how unclear this text was - now that we've clarified that streaming network operators must authorize intermediaries when they use strong encryption, I don't think we need additional text changes here. ** Section 7.2 Now that ubiquitous encryption typically prevents this kind of modification, in order to maintain the same level of network health and user experience across networks whose users would have benefitted from this intervention a media streaming operator sometimes needs to choose between adding intermediaries who are authorized to change the manifests or adding significant extra complexity to their service. There is an implicit architectural assumptions being made that I’m not following. This text suggests that the media streaming operators are operating the intermediaries. This should be clearer, because of previous text changes. Are these intermediaries in a network controlled by the media streaming operator? Before, intermediaries were modifying manifests, and now due to encryption more intermediaries are needed? I think Roman is correct about the architectural assumptions being implicit (and unclear). My understanding here is that "before", access network operators could add intermediaries to modify manifests without coordinating with streaming media operators, and "now", the streaming media operators must either add intermediaries that they control, or find some other way to address peak hour traffic. There are various ways to accomplish this ("adding some other form of complexity"), but they are all more complex than providing manifests to media players with media renditions that the access network operators can't support, and saying "you figure it out, ok?". Off the top of my head, I can imagine a streaming media operator saying "I'm going to use strong encryption, and I don't want the complexity of adding intermediaries that I operate, so I'll ask the access network operators to tell me when they are in peak hour traffic loads, and *I'll remove the media reinditions myself*". That's almost certainly a bad plan, but it would involve added complexity for the streaming media operator, and I can't think of any other way to handle peak traffic loads in someone else's network that *doesn't *involve added complexity for the streaming operator. If someone can suggest ways that don't involve added complexity for the streaming operator, please send text! ** Section 7.3. Unfortunately, as noted in [RFC7258], there is no way to prevent pervasive monitoring by an "attacker", while allowing monitoring by a more benign entity who "only" wants to use DPI to examine HTTP requests and responses in order to provide a better user experience. s/Unfortunately//. Keeping "unfortunately" is a value judgement. Some users might be quite pleased by this development. This is "However" in -11. I may have made that change because I remembered reading Roman's review, but "unfortunately" has gone away. ** Section 7.3. What is an “Intermediary streaming operator”? How is that different than a “media provider” or “media streaming provider”? For reference, the text Roman is referring to is "If a modern encrypted transport protocol is used for end-to-end media encryption, intermediary streaming operators are unable to examine transport and application protocol behavior." I believe I wrote this text, and I almost certainly intended to say (so, my proposed text is) "If a modern encrypted transport protocol is used for end-to-end media encryption, unauthorized on-path intermediaries are unable to examine transport and application protocol behavior." Editorial ** Section 1. Consider if you can simplify the first sentence, “This document examines …”. It is dense. This was substantially rewritten when synchronizing the abstract and introduction. ** Section 1. Typo. s/availability,but/availability, but/ Text was previously replaced. ** Section 3.2. Typo. s/contraints/constraints/ Text was previously replaced. ** Section 3.2. s/bandwith/bandwidth/ Text was previously replaced. ** Section 3.2. Typo. s/occuring/occurring/ Text was previously replaced. ** Section 3.4 Per the paragraph starting with “Caching and pre-loading …”, consider if this can be simplified. It’s exactly one sentence long with multiple “especially …” clauses. Yes, it is. My proposed text is "Caching and pre-loading can also reduce exposure to peering point congestion, since less traffic crosses the peering point exchanges if the caches are placed in peer networks. This is especially true when the content can be pre-loaded during off-peak hours, and if the transfer can make use of "Lower-Effort Per-Hop Behavior (LE PHB) for Differentiated Services" {{RFC8622}}, "Low Extra Delay Background Transport (LEDBAT)" {{RFC6817}}, or similar mechanisms." ** Section 3.4. Editorial And as with other parts of the ecosystem, new technology brings new challenges. For example, with the emergence of ultra-low-latency … Consider if the first sentence is needed. This who paragraph seems to be related to caches Perhaps just start this paragraph with “With the emergence of …” Agreed, and I made this change. ** Section 3.5. Consider defining “mobile data.” I agree. I expanded this as "mobile data usage in cellular access networks". ** Section 4.1. This introduces new challenges relative to less- restricted levels of latency requirements because this latency is the same scale as commonly observed end-to-end network latency variation (for example, due to effects such as bufferbloat ([CoDel]), Wi-Fi error correction, or packet reordering). This sentence doesn’t parse. (see next comment) ** Section 4.1. These effects can make it difficult to achieve this level of latency for the general case, and may require tradeoffs in relatively frequent user-visible media artifacts. The wording isn’t right here –- “… may require tradeoffs ...” Does this text mean “... may require accepting relatively frequent user-visible media artifacts.” This entire paragraph wasn't easy to read, and when I fixed it, the result made the following paragraph superfluous. My proposed text is "Some media content providers aim to achieve this level of latency for live media events. This introduces new challenges when compared to the other latency categories described in this section, because ultra-low-latency is on the same scale as commonly observed end-to-end network latency variation, often due to bufferbloat ({{CoDel}}), Wi-Fi error correction, or packet reordering. These effects can make it difficult to achieve ultra-low-latency for many users, and may require accepting relatively frequent user-visible media artifacts. However, for controlled environments that provide mitigations against such effects, ultra-low-latency is potentially achievable with the right provisioning and the right media transport technologies." ** Section 5.5.3. Typo. s/detction/detection/ Text was previously replaced. ** Section 6.1. Per “In recent times”, please restate this as this phrase is not precise and is unlikely to age well. Text was previously replaced. ** Section 6.1. Typo. s/tansport/transport/ Text was previously replaced. ** Section 6.3. Per “… without melting the Internet”, consider a less colloquial expression. My proposed text is :without causing massive congestion events for the Internet". ** Section 6.3. Per “As noted in [RFC8312], both the CUBIC congestion controller and its predecessor …”, consider re-writing this sentence for readability. The double “and both were ...” clauses makes this text very dense. I agree. My proposed text is "As noted in {{RFC8312}}, both the CUBIC congestion controller and its predecessor BIC have significantly different behavior from Reno-style congestion controllers such as TCP NewReno {{RFC6582}}, both were added to the Linux kernel to allow experimentation and analysis, and both were then selected as the default TCP congestion controllers in Linux, and both were deployed globally." ** Section 7.3. The opening paragraph of this section appears to be a restatement of the opening paragraph of Section 7.1. I agree. Because Section 7.1 is overarching, I propose starting Section 7.2 this way "Hop-by-hop media encryption offers the benefits described in {{gen-encrypt}} between the streaming media operator and authorized intermediaries, among authorized intermediaries, and between authorized intermediaries and the ultimate media consumer, but does not provide these benefits end-to-end. The streaming media operator and ultimate media consumer must trust the authorized intermediaries, and if these intermediaries cannot be trusted, the benefits of encryption are lost." and starting Section 7.3 this way: "End-to-end media encryption offers the benefits described in {{gen-encrypt}} from the streaming media operator to the ultimate media consumer."
- [Mops] Roman Danyliw's Discuss on draft-ietf-mops… Roman Danyliw via Datatracker
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Jake Holland
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Spencer Dawkins at IETF
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Eric Vyncke (evyncke)
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Eric Vyncke (evyncke)
- Re: [Mops] Roman Danyliw's Discuss on draft-ietf-… Spencer Dawkins at IETF