Re: [Secdispatch] Multicast architectures for the web
"Holland, Jake" <jholland@akamai.com> Tue, 09 November 2021 20:46 UTC
Return-Path: <jholland@akamai.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6476D3A10FD; Tue, 9 Nov 2021 12:46:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u2cx8iIJ681c; Tue, 9 Nov 2021 12:46:15 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93E4B3A10FA; Tue, 9 Nov 2021 12:46:15 -0800 (PST)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1A9KiM0n022651; Tue, 9 Nov 2021 20:46:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=0OQOrxGKhZe6KD5rCnCIsRXQBTUMGbp0hXMl4gjnoDc=; b=d2qFCT9edStvcx5Xg+vEBYfNWSmS4YAdWSZAd5o0zMLsN1E1JewbQr8z7hE4tt7lO+zk jtwOIOWl7ZZ+DOaxAZ3vskp876ycSjCwzlJDdMQW9muge9McYJ0UljtvxvCFPF+BMjOw PSOkVLhni6Ki4mf5vWz/vhVm5JeZecC5R6W1LEFT3cjI3qYGxOXZuQXq7KlWCdMJfiRX MHux93NvVttII8TCJ1xBQNrYKq1c8pyPzG3ACERIpDjYb06W6KnKiabMB2GVrQHGRsHd Hk3O88KfRL+zkn43Hp8pCcfu4hxXEyVUoWfTJtY54gOSOIBWaGhyIfcU6tdiAnyuANlV yQ==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3c7sxareus-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Nov 2021 20:46:11 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 1A9KZWF9013402; Tue, 9 Nov 2021 15:46:10 -0500
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint3.akamai.com with ESMTP id 3c6707jrj9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 09 Nov 2021 15:46:10 -0500
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.165.122) by USTX2EX-DAG3MB3.msg.corp.akamai.com (172.27.165.127) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Tue, 9 Nov 2021 14:46:09 -0600
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.165.122]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.165.122]) with mapi id 15.00.1497.024; Tue, 9 Nov 2021 14:46:09 -0600
From: "Holland, Jake" <jholland@akamai.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>
CC: "Rose, Kyle" <krose@akamai.com>
Thread-Topic: [Secdispatch] Multicast architectures for the web
Thread-Index: AQHX1YMTTXvGHTpXyEqt1Y7PyTFyRKv7iRiA
Date: Tue, 09 Nov 2021 20:46:09 +0000
Message-ID: <9BF82FF9-0D63-4F78-BB68-9E8CD35FABB9@akamai.com>
References: <CAHbrMsCRPyKfqChUF4wAT=9XgGBASS18x-2f92+MzwF5ypheQg@mail.gmail.com>
In-Reply-To: <CAHbrMsCRPyKfqChUF4wAT=9XgGBASS18x-2f92+MzwF5ypheQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.53.21091200
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: multipart/alternative; boundary="_000_9BF82FF90D634F78BB689E8CD35FABB9akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-11-09_06:2021-11-08, 2021-11-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 suspectscore=0 mlxlogscore=891 phishscore=0 adultscore=0 malwarescore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111090114
X-Proofpoint-GUID: tbkLpEyuvB6KLdAXat42HFrrO9sB_Jts
X-Proofpoint-ORIG-GUID: tbkLpEyuvB6KLdAXat42HFrrO9sB_Jts
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-09_06,2021-11-08_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=842 spamscore=0 clxscore=1011 bulkscore=0 malwarescore=0 priorityscore=1501 impostorscore=0 mlxscore=0 lowpriorityscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111090114
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/89OkP0dxWGwbL8g5OQ8kHgC2zaE>
Subject: Re: [Secdispatch] Multicast architectures for the web
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 20:46:21 -0000
Hi Ben, Thanks for clarifying this point, I think I might have misunderstood what you meant during the rush at the end of the session, and now I think I can see better where you’re coming from with this suggestion. I agree running some experimental pages with unmodified browsers to identify bottlenecks in datagram processing on the client side for emulating the handling of worthwhile multicast use cases through webtransport is a very fine idea as an incremental step toward an eventual IP multicast solution. That’s a helpful suggestion and thank you! As worthwhile solutions in their own right, I think without IP multicast there is probably zero value proposition for this kind of application level multicast as far as I can tell (my money would even be on “at least slightly negative” for most applications since there’s no network offload to offset the added challenges), and my response during the session was meant as a response to that. But as a stepping stone for easy experimentation that will translate well to a multicast transport, this seems very likely to be a good idea, and I’ll look at how to work it into my plans. Thanks and regards, Jake From: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> Date: Tue,2021-11-09 at 8:01 AM To: "secdispatch@ietf.org" <secdispatch@ietf.org> Cc: "Rose, Kyle" <krose@akamai.com> Subject: [Secdispatch] Multicast architectures for the web Regarding draft-krose-multicast-security, I think the most productive step would be to start with an architecture that sits on top of WebTransport in unmodified browsers. WebTransport's support for unreliable datagrams opens up a lot of novel possibilities for application-layer multicast (e.g. holding less state at the splitter, backfiling lost segments directly from the origin), and raises some interesting questions about how to implement content security most naturally. This can all be done without browser changes. If a system like this can be clearly defined, deployed, and measured, I think that greatly increases the likelihood of some of this functionality being moved down into the web itself. There's a long history of page-layer innovations being moved into the browser (e.g. crypto in JS -> WebCrypto, asm.js -> WebAssembly), and experiments with solutions within the page can help us to identify the bottlenecks that really need to be alleviated. --Ben Schwartz
- [Secdispatch] Multicast architectures for the web Ben Schwartz
- Re: [Secdispatch] Multicast architectures for the… Holland, Jake