Re: [Spud] Questions based on draft-trammell-spud-req-00
Tom Herbert <tom@herbertland.com> Tue, 11 August 2015 16:56 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id C38451ACDA9
for <spud@ietfa.amsl.com>; Tue, 11 Aug 2015 09:56:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3,
RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id h193C0WqXYbm for <spud@ietfa.amsl.com>;
Tue, 11 Aug 2015 09:55:58 -0700 (PDT)
Received: from mail-ig0-f172.google.com (mail-ig0-f172.google.com
[209.85.213.172])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 94C611ACDA8
for <spud@ietf.org>; Tue, 11 Aug 2015 09:55:58 -0700 (PDT)
Received: by igfj19 with SMTP id j19so76342705igf.1
for <spud@ietf.org>; Tue, 11 Aug 2015 09:55:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type
:content-transfer-encoding;
bh=Zgpwz/FYfyIRz5qU/eMb6UKKYCfckp8wg/GvoGF4jug=;
b=IqZKCGIhgyeF4yIX2beDy7UllY2NsWzjUzM3AS+0hWY+GIonzegbkQGVaohCPKPT9m
wOqnm+R0DFqsft64w11BDXa1Bv+gG1dyOl1GwdjlwYiwhuXQ94SaQw5yHMTzDuTu8T73
0THH/qYhxPD6EkU1CN/n8RJq0E3pEBQyCofEv0tey/ouXPRVRVzecWagBMUtYBuehQqu
d3e96Lyx0nVrIIpvM/4WqZvrtxt5noqVLYEWSrwggvUX/+3phZu54Xya87+C9DCc5/sR
TLs1ngLSqZZnyUYwto2Bh47iQoUFhLz/J6cya+AP7mKioMG6ty9CaGvYi3JGpFHYzwl6
JESw==
X-Gm-Message-State: ALoCoQnoquUyIZKazPLim7OUKEEM+RCc4xG/j5YHjlf0NsS8iyZakpJ2IRnL1pHirEvvQQu2H/6J
MIME-Version: 1.0
X-Received: by 10.50.117.65 with SMTP id kc1mr20065513igb.94.1439312157659;
Tue, 11 Aug 2015 09:55:57 -0700 (PDT)
Received: by 10.107.200.195 with HTTP; Tue, 11 Aug 2015 09:55:57 -0700 (PDT)
In-Reply-To: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch>
References: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch>
Date: Tue, 11 Aug 2015 09:55:57 -0700
Message-ID: <CALx6S348ggxfi470iLDwKWKKmWFmwBahJeA6jfGmnGQ_Vmn37g@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: =?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/BAWKZXT6vEI_K58NkvypCG8BTok>
Cc: Ted Hardie <ted.ietf@gmail.com>, "Black,
David" <david.black@emc.com>, Eric Rescorla <ekr@rtfm.com>,
Joe Hildebrand <jhildebr@cisco.com>, spud@ietf.org,
Jana Iyengar <jri@google.com>, Ken Calvert <calvert@netlab.uky.edu>,
Brian Trammell <ietf@trammell.ch>
Subject: Re: [Spud] Questions based on draft-trammell-spud-req-00
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 16:56:00 -0000
Hi Mirja, A few comments in line... On Sat, Aug 8, 2015 at 2:16 AM, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> wrote: > Hi all, > > based on the discussion in section of draft-trammell-spud-req-00, we (the current group of authors) have phrased some questions we would like get further feedback from you! > > For some/most questions we already provided an answer which reflects part of the discussions we had on this so far. However, none of the provided answers are final and in a couple of cases we also don’t have consensus between the small group of us authors. To further proceed here we would like to get more input from the broader community to hopefully find a way to evolve! > > Please go ahead and provide feedback to some or all of the questions! If you want to further discuss only one aspect of the questions below, please think about changing the subject of your mail, such that we have a chance to separate different discussions. > > Thanks and have a nice weekend! > Mirja > > > ——————————————— > 1) Tradeoffs in tube identifiers > ---- > > a) What the scope of a tube? Is the tube scoped to the 5-tuple, 4-tuple, or even 3-tuple or can even two different flows have the same tube ID (privacy vs. mobility)? > —> 5-tuple, with unidirectional the default. Note that this means the tube-id itself cannot be used to do mobility. A return flow may use the same tube-id, if it wants to signal that it is part of the same exchange, but it is not required to do so. (5-tuple + tube id = 6-tuple; maybe 7-tuples for per-path-element communication as well?) > > b) Does SPUD need to send a start message for each tube (independent of the semantics or the overlying protocol)? > —> Yes, e.g. if you have multiple MPTCP subflows each has its own tube ID. However, maybe this is should only be aSHOULD. It's a useful message when you expect it to be used to start initiating state in middleboxes, but there may be conditions where the treatment requested for the flow means that this is not required. > > c) Can one packet have more than one tube ID? > —> No > > > 2) Property binding > --- > > a) Should it be possible to bind properties (only) to a tube or (also) to single packets? > —> Only to a tube. If you need to have a packet that should have different treatment, it needs a new tube-id. Therefore start new tube should be cheap. > > b) Can properties bound to a tube be changed later on during the connection? > -> Probably not. Also start a new tube in this case as new tube should be cheap. > > > 3) Tradeoffs in integrity protection > --- > a) Should SPUD provide support to use the authentication mechanism of the overlying transport for SPUD information provided by an endpoint to check the authenticity and integrity when the information arrive at the other endpoint? > —> Yes, if supported by the overlying protocol > Yes, but this seems independent of the overlying protocol. We should be able to secure the SPUD bits as needed regardless of overlay or underlay. > b) How can packet-mangling (middleboxes changing accidental or intentionally information provided by others, both middblebox and endpoints) by on-path ndes be detected? > -> Lying can potentially be detected if information can be verify over a different mechanism. However it might not be possible to detect who provided these wrong information. Off-path devices would need to know the tube id to provide wrong information which may be unlikely. > Authenticating the header should be an option in cases where we want to prevent any packet-mangling. > c) If a trust relationship already exists that would allow to authenticate information provided by a middlebox, does SPUD need to provided further support for this case? > -> Yes? (Similar as question a) > > d) Is there a value in SPUD having its own (encrypted) end-2-end channel? > -> Not fully clear yet, maybe not; Encrypted end-2-end infos can either be handled by the overlying (encrypted) protocol, or an encryption boundery within SPUD to provided end-2-end information we can be commonly used by multiple protocols. However (encrypted) end-2-end information might be an own overlying protocol (maybe even another shim layer) and not SPUD itself. > > > 4) Return routability and feedback > —- > > a) 2WHS vs. 3WHS? > —> SPUD should/must (?) provide a 2WHS, that means an ACK in response to the initial packet should be generated by SPUD even if the overlying protocol does not support this semantic. Note this mean the ACK may only have a SPUD header but no overlying protocol data. This would make all SPUD flows/tubes bidirectional. Further SPUD should also provided the semantics for an 3WHS but may only send a third packet if the overlying protocol implements it or there is another reason for the application to explicitly request a SPUD-only 3WHS. > I believe 3WHS is essential to deal with "syn" attacks and this includes synchronizing on unique random values generated by both endpoints. 2WHS may be performed if a receiver has other means to authenticate the sender, or the communication is something like request/response. > > b) Does the semantics of the SPUD protocol need to provide an explicit start signal as well as start/ack signal? > -> Yes, start is needed to distinguish start and middle of a tube; ack is needed to finally set up state. However, not clear yet if all SPUD tubes MUST send a start signal or only SHOULD. If a start was received, however, a ACK must be sent…? > > c) Should it be possible to send multiple START signal on the same tube (e.g to re-initiate state)? > -> Not clear if this is really needed > I think one goal of SPUD should be to eliminate the motivation for sending keep-alives. Hosts should not be rewarded for sending otherwise useless packets into the network, and these are known to be bad for battery consumption on mobile devices. To accomplish this, it seems like the states for eviction from a middlebox state could be chosen at random. An evicted state can be reconstructed with new packets seen in both directions that indicate the tube is still open at both endpoints. > c) Is a stop flag needed/useful? > —> Yes (faster state tear-down), but the overlying protocol must be resilient to it not being sent, not being received. > > > 5) In-band, out-of-band, piggybacked, and interleaved signaling > —- > > a) Do all packets of a flow (where one packet already has a spud header) need to have a SPUD header or could there be single packets in an spud-enabled flow that don’t have one? > -> Not clear; maybe not and packets on the five-tuple that don't have a tube identifier aren't assigned any tube. > > b) Do all SPUD packets need to have overlying protocol data? > —> No, e.g. start packet > > c) Do all SPUD information have to fit into one packet? > —> probably yes (and other should be out-of-band using an overlying transport) but not clear yet > > d) Can a middlebox generate SPUD packets? > -> not clear yet, alternative is that the endpoint provides a place-holder that can be filled by middlebox (and reflected by the receiving endpoint) which implies all middlebox information need to be requested by the sending endpoint; probably doesn’t work for e.g. error messages and therefore the system must allow them to generate them, but we also have to recognize that they may be consumed by the path before reaching their intended destination. Further it makes it difficult to do async signaling of changes. > > We at least need the ability for path elements to send pdec's when they've got the capability. > > e) Can a middlebox request application declaration information from an endpoint and/or provide unrequested path declaration information? > -> Not clear yet, to avoid amplification attacks maybe apply the packet conservation principle here, e.g. a middlebox can generate a packet/an error message if it drops a packet..? > > f) Should middlebox information be reflected over the receiver or can they also be send directly to the sender (and might take a different route)? > -> Maybe there should be a possibility to sent directly to the sender; for unidirectional flows the receiver may not have a bearer flow to carry the message back and thus would generate spud-only packets which maybe quite a bit overhead. However reflection over the receiver should be preferred. > Middleboxes often have a locality associated with them, e.g. home router, enterprise firewall. In such cases, it seems like returning information directly is a better use of resources and limits the exposure of the data. For example, if your firewall wants to provide the client with it's connection timeout, it can send that back directly rather than forwarding this to some server halfway around the world and expecting the them to properly reflect the information when they should not care about this. To the server this is just extra work and extra memory that needs to be allocated for each flow (possibly millions of them). > g) Must SPUD information be provided reliably or are those information always unreliable? > -> hopefully unreliable is enough as we want an incrementally deployable solution > > > _______________________________________________ > Spud mailing list > Spud@ietf.org > https://www.ietf.org/mailman/listinfo/spud
- [Spud] Questions based on draft-trammell-spud-req… Mirja Kühlewind
- Re: [Spud] Questions based on draft-trammell-spud… Toerless Eckert
- Re: [Spud] Return routability and feedback (was: … Roland Bless
- Re: [Spud] Return routability and feedback (was: … Mirja Kühlewind
- Re: [Spud] Return routability and feedback Bless, Roland (TM)
- Re: [Spud] Questions based on draft-trammell-spud… Tom Herbert
- [Spud] Authentication and packet reflection [was:… Mirja Kühlewind
- Re: [Spud] Return routability and feedback (was: … Jana Iyengar
- Re: [Spud] Return routability and feedback (was: … Ted Hardie
- Re: [Spud] Authentication and packet reflection [… Tom Herbert
- Re: [Spud] Return routability and feedback Joe Touch