Re: [Spud] SPUD Scope?
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 June 2015 19:25 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8B6301A8978
for <spud@ietfa.amsl.com>; Thu, 4 Jun 2015 12:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xX9dtj1HSCc6 for <spud@ietfa.amsl.com>;
Thu, 4 Jun 2015 12:25:19 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
by ietfa.amsl.com (Postfix) with ESMTP id 2259C1A8977
for <spud@ietf.org>; Thu, 4 Jun 2015 12:25:19 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130])
by che.mayfirst.org (Postfix) with ESMTPSA id 988E9F984;
Thu, 4 Jun 2015 15:25:14 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
id 4658A20358; Thu, 4 Jun 2015 15:24:52 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Szilveszter Nadas <Szilveszter.Nadas@ericsson.com>,
"spud\@ietf.org" <spud@ietf.org>
In-Reply-To: <EA4C43BE752A194597B002779DF69BAE23D47A3E@ESESSMB303.ericsson.se>
References: <EA4C43BE752A194597B002779DF69BAE23D47A3E@ESESSMB303.ericsson.se>
User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1
(x86_64-pc-linux-gnu)
Date: Thu, 04 Jun 2015 15:24:52 -0400
Message-ID: <87h9qn1dkr.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/2F1Ftqmv6DrFgaWNEe36B7L0EDs>
Subject: Re: [Spud] SPUD Scope?
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 19:25:21 -0000
On Thu 2015-06-04 12:28:34 -0400, Szilveszter Nadas wrote:
> The rage looked like this to me on a high level:
>
> a) only start/stop, hide everything in DTLS
>
> b) Some declarative, safe to ignore, trust but verify markings are OK,
> but it shall be minimized.
>
> c) "common, middlebox friendly connection/packet signaling layer",
> extensibility, any communication and behavior is OK as long as it is
> explicit.
[...]
> However I do not really see problems with one of the end-point
> accepting an offer of a middlebox and communicating with the middlebox
> with a proprietary vocabulary. SPUD is clearly a good way to offer
> these improvements to end-hosts. Whether the follow up communication
> is using SPUD as a sub-transport for the signaling conversation or not
> is a question. Also this communication (when accepted) might have
> consequences, e.g. some change in charging. Obviously some kind of
> security solution is needed to authenticate the middlebox and the
> end-point, which is far from trivial.
This far-from-trivial authentication mechanism, combined with the UI/UX
concern about helping people to understand exactly who they are leaking
their metadata to, presents a really serious obstacle to deploying
something like this in a way that is safe for end users.
We need to be *reducing* the amount of metadata that our protocols leak,
not providing new channels to leak more of it.
> If we provide possibility to achieve a functionality in an explicit
> way is not it better than making network vendors to invent their own
> not so transparent solutions for the same?
We can explicitly discourage network vendors from trying to coax
arbitrary metadata out of the traffic that passes across their network.
While there are certainly some network vendors that want to do this for
purely benevolent reasons, there are far too many middleboxes that would
do this for malicious reasons, and there is no clear way that a
real-world user can be expected to tell the two apart.
Even if the users *could* distinguish "good" middleboxes from "bad" ones
(of course, different perspectives means different users will not agree
about who is "good" and who is "bad"), there are circumstances where the
user has only one network path available to them. Providing
arbitrarily-sophisticated metadata-leakage mechanisms provides a way for
that network operator to (in an IETF-blessed fashion) demand arbitrary
metadata from the user as a precondition to the use of the network. I
think that's not something the IETF should be supporting.
> Assuming something like c) is not happening in SPUD where do you think
> it could/should happen?
I don't think something like (c) is a good idea. let's try to keep the
smarts (and the knowledge of both content and metadata) at the edges of
the network, and avoid blessing mechanisms that facilitate centralized
surveillance.
Regards,
--dkg
- [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Christian Huitema
- Re: [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Ken Calvert
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Mirja Kühlewind
- Re: [Spud] SPUD Scope? FOSSATI, Thomas (Thomas)
- Re: [Spud] SPUD Scope? Szilveszter Nadas
- Re: [Spud] SPUD Scope? Daniel Kahn Gillmor
- Re: [Spud] SPUD Scope? Tom Herbert