Re: [mpls] Benjamin Kaduk's No Record on draft-ietf-mpls-spring-entropy-label-11: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 03 July 2018 20:56 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27784130E0F; Tue, 3 Jul 2018 13:56:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwwaS0t-Osre; Tue, 3 Jul 2018 13:56:03 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E615130DE2; Tue, 3 Jul 2018 13:56:02 -0700 (PDT)
X-AuditID: 1209190c-eb5ff70000003cc8-4c-5b3be2e1f3cf
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 6E.C3.15560.1E2EB3B5; Tue, 3 Jul 2018 16:56:01 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w63Ku08P023123; Tue, 3 Jul 2018 16:56:00 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w63Ktu6k001462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 3 Jul 2018 16:55:58 -0400
Date: Tue, 03 Jul 2018 15:55:56 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Stewart Bryant <stewart.bryant@gmail.com>
Cc: The IESG <iesg@ietf.org>, mpls@ietf.org, mpls-chairs@ietf.org, draft-ietf-mpls-spring-entropy-label@ietf.org
Message-ID: <20180703205553.GS22125@kduck.kaduk.org>
References: <153054517797.16146.13971030585013220786.idtracker@ietfa.amsl.com> <dc574f50-4bc6-c32c-a18d-735f94a2e8e5@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <dc574f50-4bc6-c32c-a18d-735f94a2e8e5@gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphleLIzCtJLcpLzFFi42IRYrdT0X34yDraoP2VlMW2bmWLGX8mMlus u3yKzeLW0pWsFqceJDqweuycdZfdY8mSn0wBTFFcNimpOZllqUX6dglcGX23jrMXHJeqmHx9 JUsD43HRLkYODgkBE4ltt5y7GLk4hAQWM0lcPNXLDOFsYJT4+ukfE4RzhUli+cd1LF2MnBws AioSR/rmM4LYbEB2Q/dlZhBbREBXYs2v12wgNrNApcShvrNMILawQLbElMXfwWp4gba1dS1n gRjayCjxs+MqC0RCUOLkzCcsEM1aEjf+vWQCOY9ZQFpi+T8OkDCngK3ElN4TYHNEBZQl9vYd Yp/AKDALSfcsJN2zELoXMDKvYpRNya3SzU3MzClOTdYtTk7My0st0jXUy80s0UtNKd3ECApg TkmeHYxn3ngdYhTgYFTi4WWosI4WYk0sK67MPcQoycGkJMorvxEoxJeUn1KZkVicEV9UmpNa fIhRgoNZSYR3m6pVtBBvSmJlVWpRPkxKmoNFSZw3exFjtJBAemJJanZqakFqEUxWhoNDSYKX ARipQoJFqempFWmZOSUIaSYOTpDhPEDDux8C1fAWFyTmFmemQ+RPMepy/Hk/dRKzEEtefl6q lDjvB5AiAZCijNI8uDmgxCORvb/mFaM40FvCvBwg63iASQtu0iugJUxAS3q2WYIsKUlESEk1 MJbWnHt50vPdwlM7Pmqd7f55M/bqhuf3DddNCDLP8uhj553IoZQkvNTaLiQ9TSOMafaUKplQ yYC4aTZ/eEpdfbYuv5H8iXnnzndlD2ounOxjSDG/ZffxfP0Dnps6i8RD/K/J7hURdil/ef5X t8L7/Ls/uEQ3p/AuTVy6/7Rb7ieh7mupzz222imxFGckGmoxFxUnAgB5mkdrFwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/mBApgtI-TTTezKRL9bcw9eGbtzE>
Subject: Re: [mpls] Benjamin Kaduk's No Record on draft-ietf-mpls-spring-entropy-label-11: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 20:56:05 -0000
On Mon, Jul 02, 2018 at 07:35:22PM +0100, Stewart Bryant wrote:
>
>
> On 02/07/2018 16:26, Benjamin Kaduk wrote:
> > My worldview is not represented in RFC 6790 at all, though, so the desire
> > to maintain consistency over time would contraindicate any big changes to
> > this document. Perhaps in Section 1 "provide entropy" could be "make
> > entropy accessible", or similar, but I suspect I'm in the rough here and
> > the right answer is actually to do nothing.
>
> I do not understand the world view comment.
In my (security-minded) worldview, if we talk about adding or providing
"entropy", this involves adding actual cryptographic randomness into the
system. The prevailing worldview in RFC 6790 has it that "providing
entropy" means rearranging bits in the packet headers to make some bits
closer to the front of the packet more unpredictable, if you will forgive
the strained analogy. For the target audience of the document, trying to
talk about the "adding cryptographic randomness" perspective is actively
confusing (I assume), so I don't propose to make changes that increase
confusion.
> Regarding the latter comment, it depends on your perspective. It
> provides entropy
> in the MPLS layer where insufficient entropy otherwise existed. That entropy
> is otherwise accessible (see the Ethernet CW draft), but it is expensive in
> hardware terms and implementations make mistakes which give operators a
> difficult time.
>
> Providing entropy in the MPLS layer is how most MPLS engineers normally
> think
> about this feature. It is not BTW specified how that entropy is derived
> and that
> method may vary from packet to packet with the LSR not knowing how to
> find it in the
> payload, if indeed, it is all in the payload at all.
"entropy" is a notoriously sticky concept to nail down. Before I learned
about shannon entropy and information-theoretical entropy, I learned
thermodynamics and the statistical mechanics model for thermodynamic
entropy. This (well, and most definitions of entropy) only make sense in
the context of a distribution function, whether a probability distribution
of the thermodynamic state or a potential distribution of bits in packet
headers. The entropy relates to the various potential configurations and
the numbers of them that are "equivalent" in some sense; a key prerequisite
is to define which configuration variables are being considered.
Taking that to the immediate context, one could ask whether the "entropy"
in question is in the context of the entire packet contents, all packet
headers, just MPLS headers, just the first MSD MPLS headers, just the first
ERLD MPLS headers, etc. I have implicitly been assuming that we are
talking about all packet headers, in which case the TCP/UDP ports are
already in scope, so hashing those bits and appending the hash output does
not add any unpredictability ("new configurations", in statistical
mechanics speak).
> I therefore think "provide" is the correct term.
If, on the other hand, we're in the first-MSD or first-ERLD mindset, then
yes, the EL is "providing" entropy, since it's making available state
information that was not previously described in the list of possible
configurations.
I hope all the readers will forgive the rather tangential digression.
Thanks for reading this far,
-Benjamin
- [mpls] Benjamin Kaduk's No Record on draft-ietf-m… Benjamin Kaduk
- Re: [mpls] Benjamin Kaduk's No Record on draft-ie… Stewart Bryant
- Re: [mpls] Benjamin Kaduk's No Record on draft-ie… Benjamin Kaduk
- Re: [mpls] Benjamin Kaduk's No Record on draft-ie… stephane.litkowski
- Re: [mpls] Benjamin Kaduk's No Record on draft-ie… Benjamin Kaduk
- Re: [mpls] Benjamin Kaduk's No Record on draft-ie… stephane.litkowski