IETF Logo Mail Archive

Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Dino Farinacci <farinacci@gmail.com> Fri, 06 January 2023 20:41 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2F28C15171D; Fri, 6 Jan 2023 12:41:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPBbTW-45iuT; Fri, 6 Jan 2023 12:41:28 -0800 (PST)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45FA0C1377E6; Fri, 6 Jan 2023 12:40:43 -0800 (PST)
Received: by mail-pj1-x1036.google.com with SMTP id cp9-20020a17090afb8900b00226a934e0e5so6338043pjb.1; Fri, 06 Jan 2023 12:40:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6/NSi//Cd9HiMqg7SG6SZDWHsLhNzIzQIuKbB3fjuRE=; b=pvbXun8rTElNdwjzOL3JjJiNAp2J7o91E28QllAvugI9lyN4GXP/uIoB6MD6TWWsS4 DVk9u9+97yF4W/H3gKGsN++xQ5FDQQzlnZH0PV6M/Fd154j2hx023xbDA494fynIi/fN qhsFiQ0k2mbLiYJDCv9Y6auSbpC1lCL7oEUTTg89sE3kvw1FP/q/mcGdjaIsFIkL/hm3 fsA4sd2JYteeAnNhqlFTFPQb1FiYFUp+2PJQl9W4h2ndPtPZe/sXWL7TsKtLX3Qt/NeZ grbO3lMy9GEVLxXqP4On4zYSn7xIAiuvUS6YGsCTIWluk9HD2DnmBnntFcBE/BGl1ytr FbYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/NSi//Cd9HiMqg7SG6SZDWHsLhNzIzQIuKbB3fjuRE=; b=WfIZzmH2MadoNoBFshl81PBFG3lWIUZGHo9843cGr+wQ884DrK3bVbhhl22axFH2bi ash8zW/HJlCmySelPIlGu9QFRVG2xgjOn7oWjRy9xNBZbqHgljujDFUV0Nz2A0z3D0qI GEebPYuTDdGyuvLBhLAn3YZS81dUMMiCjyLpg0iAsXg3BAGA6OPPogAVYlcJbqyUkwt8 /sP+y7JE7LylN91Cs0NYQkz/Jc+TrGMerVOTl9no+lDXP5GQjLEjlIBXEogLAvXkhuJI n73Y4hDdENpP4dEm7WiMIDFLY8ZNCU1ucIwJY1Boqv8tN2f/4eSjQvQIufQlCRnK3eDw xttg==
X-Gm-Message-State: AFqh2krOjDvazGuOBH5C9LOlCUvGL138ladmJryl2J2oX3C0cKWGM7Y0 9yj08FqWeEu5rPXvdta7ups=
X-Google-Smtp-Source: AMrXdXsn37eNQtqSEQKTthqlaOFSqKCTGRaxL1jq6KT6GTRPmTxnLWcuKaFwpDmWM7fUCkrfJA0stQ==
X-Received: by 2002:a05:6a21:328b:b0:af:76da:1462 with SMTP id yt11-20020a056a21328b00b000af76da1462mr82451374pzb.40.1673037642510; Fri, 06 Jan 2023 12:40:42 -0800 (PST)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id n15-20020a170902d2cf00b0018963b8e131sm1256606plc.290.2023.01.06.12.40.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Jan 2023 12:40:41 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAMm+Lwhe31gfb_Uhx+eFL4tZbJjbusJt1+yjq14wGqd1qenUaQ@mail.gmail.com>
Date: Fri, 06 Jan 2023 12:40:40 -0800
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, hrpc@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <90BDB002-4222-4DE9-A64C-66E0C73D6EFA@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com> <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com> <EFCEFAA6-3638-4CE0-91DD-3E38FE00DF29@gmail.com> <1F71EB99-3657-4A20-8B28-2AFB743A9762@gmail.com> <1B0A222E-21E5-413E-8B2C-9C0CBCDB0773@gmail.com> <CAMm+LwgdmHkA3PKrXb85Dt+pUg-Q5mJwY4kdktgvhB5Twwv3Ww@mail.gmail.com> <36BA0408-2523-440F-A011-7921A1868A66@gmail.com> <CAMm+Lwhe31gfb_Uhx+eFL4tZbJjbusJt1+yjq14wGqd1qenUaQ@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/VtzW65-IUAmzSmUdNqR9hyoTHjg>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2023 20:41:31 -0000

> I was trying to be polite. Folk who have been peddling a technology which meets a need faced by essentially all Internet users that is being utilized by essentially none of them after 30+ years should be willing to take the win and move on.

My intent wasn't to be dismissive. I am not sure why you thought that.

> The people who are choosing not to use multicast are serious engineers who are fully aware of the existence of multicast. They are doing things differently for a reason and being dismissive about their engineering choices as clearly unfounded and incorrect is not the way to persuade them.

Yes, and I was just stating a conceptual optimization. It has been clear that people are *willing* to pay the cost for head-end replication at the app source. They do that because they have more control. Its understandable.

> Ditto above comment.
> 
> Again, seems like you are better at dismissing different ideas than explaining your position.

I did explain my position. It has proven work that distributed replication (in routers) scales better. But it comes at a different cost than doing head-end-replication. Engineers decide on that tradeoff.

> From my point of view as an application protocol developer, multicast is essentially useless because I have to do my own work to provide a reliable transport and that in turn means I can't make use of WebRTC libraries and the like.

For UDP applications, its simpler for the app to send 1 packet on a UDP socket when they want that packet to get to multiple recipients.

> I was rather annoyed to be watching the Times Square new years eve celebrations on You Tube TV with a 15 second delay. That could have been avoided if multicast had been a part of the distribution technology. But I can understand why it wasn't.

Yes, right.

> The only way I can see multicast being useful in the context of Internet broadcast events is as one component in a hybrid scheme which looks like QUIC to the receiving endpoint application with a multicast stream from the data source being supplemented by a separate branching control channel providing authentication and reliability.

Multicast being useful is getting off topic from this thread. Unless you believe to remove source addresses from a packet and not satify the multicast requirement, than that is a side to argue.

> Such a scheme would have to address security differently from the handling in QUIC because it is the nature of AEAD/MAC schemes that anyone who can authenticate the data can inject fake data. Thus it is necessary to either use public key or to provide each recipient with their own authentication feed.

It is well-known how complex multicast key management is and KEK doesn't scale with the number of receivers. But that state (for multiple receipients) has to be stored somewhere, at one layer or the other. So an engineer needs to make their own tradeoffs.

> But no, go on. Perhaps we should give it another 30 years. Lets just keep doing what we are doing and maybe things will change.

This is not a binary success or fail argument. And the argument should be taken offline since its off topic. If you want to discuss privately, would love to. Thanks.

Dino

v2.23.0 | Report a Bug | By Email