Re: [Spud] network/middle boxes information
Salvatore Loreto <salvatore.loreto@ericsson.com> Tue, 31 March 2015 07:03 UTC
Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 873891B2AFF
for <spud@ietfa.amsl.com>; Tue, 31 Mar 2015 00:03:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Level:
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id cy8ZL5GPRL3X for <spud@ietfa.amsl.com>;
Tue, 31 Mar 2015 00:03:14 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0D1EE1B2AF7
for <spud@ietf.org>; Tue, 31 Mar 2015 00:02:33 -0700 (PDT)
X-AuditID: c1b4fb3a-f79146d0000070a3-58-551a46882b7e
Received: from ESESSHC019.ericsson.se (Unknown_Domain [153.88.253.124])
by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id
06.77.28835.8864A155; Tue, 31 Mar 2015 09:02:32 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.246]) by
ESESSHC019.ericsson.se ([153.88.183.75]) with mapi id 14.03.0210.002; Tue, 31
Mar 2015 09:02:31 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: =?utf-8?B?TWlyamEgS8O8aGxld2luZA==?= <mirja.kuehlewind@tik.ee.ethz.ch>
Thread-Topic: [Spud] network/middle boxes information
Thread-Index: AQHQZzHD+it0eZCqGUCsdpg+RDfRuZ01QDsAgADRKAA=
Date: Tue, 31 Mar 2015 07:02:31 +0000
Message-ID: <B94157E1-4F6B-48ED-8F1A-703A84CEC180@ericsson.com>
References: <1FEB0782-16E8-4AE0-8FF5-2B824EF89F24@ericsson.com>
<C91E2670-1664-4372-8B62-B919005CA44F@tik.ee.ethz.ch>
In-Reply-To: <C91E2670-1664-4372-8B62-B919005CA44F@tik.ee.ethz.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <51A946B0B333B24E96DC02DEDAE13E1E@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPLMWRmVeSWpSXmKPExsUyM+JvjW6Hm1SowYLvYhYbVk9hsVh04Smj
A5PHkiU/mTyOffjKFsAUxWWTkpqTWZZapG+XwJXR9/kve8E3lYptG3ewNDD+Ue5i5OSQEDCR
uH7tGyOELSZx4d56NhBbSOAoo8SEftMuRi4gewmjxNlvx5hAEmwCZhLPH25h7mLk4BAR8JL4
/CkQJMwsoCwxY+EusDnCQDPPLjzBAlFiKvHkhQtIWETASuJ/0092EJtFQFXi95eJLCA2r4C9
xObl+1kh1pZLXN6zEmwTp4CTxJ+5XWBxRqDTvp9awwSxSlzi1pP5TBAnC0gs2XOeGcIWlXj5
+B8rhK0ksWL7JUaQE5gFNCXW79KHMK0lpj1Xg5iiKDGl+yE7xAWCEidnPmGZwCg+C8mCWQjN
sxCaZyFpnoWkeQEj6ypG0eLU4uLcdCMjvdSizOTi4vw8vbzUkk2MwBg7uOW31Q7Gg88dDzEK
cDAq8fAu+C8ZKsSaWFZcmXuIUZqDRUmc1874UIiQQHpiSWp2ampBalF8UWlOavEhRiYOTqkG
xkXer+5VuX/r/fiowOOI37aojyVzomyznCp01+6af2XDszLOP2x55ddXqIr/zc+IWhIjerxZ
zndqQuikTWxrdhSck4x/v1bYo2Pj9tWx3++9u5biUB6/Vk7xLvf2hpvZN3lCKwu9t1QxXV7y
MdNXYHupGsucnhWb3tSIfs38XiZhuyHo56MKGSWW4oxEQy3mouJEAAI9jviSAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/8DAlGQKldAWwKSQzJSMKX_X-foM>
Cc: "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] network/middle boxes information
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 07:03:16 -0000
Hi Mirja thanks a lot for the answer. I do agre that having some information is a better alternative that anything and I am happy to see finally SPUD happening I am sure that we can find a common set of information that both, middle and end are willing to release without a trust relation and which could already improve the status quo My concern is that this set, the set middle and end are willing to release without a trust relation, end up to be so minimalistic that would be extremely difficult to include anything else then start and stop without at least a cryptographic protection Anyway from your answer I understand that at moment in your view it wouldn't be possible to use (extend?) SPUD to share network information with endpoint like for example a "mobile throughput guidance" [1] or other net info that would help the endpoints but today are not available to them at all. BTW I see a contradiction in the fact that we are focusing the SPUD on the ‘may trust but verify’ assumption and at same time we are hoping that SPUD will help to get rid of DPI. I think that unfortunately if we relay on the ‘may trust but verify’ assumption the network will continue to make use of DPI at least to verify the declarative info. [1] http://www.ietf.org/id/draft-sprecher-mobile-tg-exposure-req-arch-01.txt br Sal > On 30 Mar 2015, at 20:33, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> wrote: > > Hi Salvatore, > > we are currently focusing on use case where you ‚may trust but verify‘ (see constraints). If you want to establish an explicit trust relationship with the middlebox, I personally thing that is currently out of scope. I believe there is information that both, middle and end, are willing to release without a trust relation and which could already provide useful input to e.g. better support certain app requirements. Often these kind of information is already available today by DPI (or at least assumptions are taken based on DPI, which might or might not be true). Providing control which information should be exposed (while encrypting the rest) actually provides better control of information leakage and privacy than we often have today. Further, as these information are only declarative, you can anyway never rely on them: that means you should for all your action always take into account that the information might be wrong (or alter by another entity). However, having some information as a starting point is very often extremely useful, if the alternative is having no information at all. > > That’s just my view on scoping. > > Mirja > > >> Am 25.03.2015 um 12:27 schrieb Salvatore Loreto <salvatore.loreto@ericsson.com>om>: >> >> >> During the open discussion Andrew expressed the fact that the networks have a lot of information >> that can be of interest (or even useful) to the end points (we have seen a proof of this already in tsvwg yesterday). >> >> I want make clear that privacy and security is also important the network not only for the endpoints. >> We have to make sure that the middle box that is requested to share some info with the endpoint >> can do that in a secure/encrypted way (i.e. be able to decide who will be able to see the info in clear) >> >> br >> Salvatore >> _______________________________________________ >> Spud mailing list >> Spud@ietf.org >> https://www.ietf.org/mailman/listinfo/spud >
- [Spud] network/middle boxes information Salvatore Loreto
- Re: [Spud] network/middle boxes information Mirja Kühlewind
- Re: [Spud] network/middle boxes information Salvatore Loreto
- Re: [Spud] network/middle boxes information Brian Trammell