IETF Logo Mail Archive

Re: [Spud] updated draft PLUS charter, rev. 1 June

Aaron Falk <aaron.falk@gmail.com> Tue, 07 June 2016 17:40 UTC

Return-Path: <aaron.falk@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F148012D185 for <spud@ietfa.amsl.com>; Tue, 7 Jun 2016 10:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9Pdf6fCNdsl for <spud@ietfa.amsl.com>; Tue, 7 Jun 2016 10:40:24 -0700 (PDT)
Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 942F212D5A2 for <spud@ietf.org>; Tue, 7 Jun 2016 10:40:24 -0700 (PDT)
Received: by mail-vk0-x236.google.com with SMTP id c66so99361614vkb.3 for <spud@ietf.org>; Tue, 07 Jun 2016 10:40:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=8Suc9k8OWOqx9n4WVwqD/feEy4palXYGMcx9du4Ckdo=; b=Ils4oZilbYa+NJ2KzTJO/RIRM9qyEjOieuin/4i2UpsE9vrEFv8lePcBuI+Y/SX47/ yUQy7BOdI5XtkVczEthOQCBilysAztyoITlDwGFzP+RzY+mjeepYVODMk64CVc547PgC MBXzaH+j6SN6D7DH+gRoR/YFuGh1LWtfPjlrzsnAihF3if8/8GPBfUUOiNbDVGryCf60 8qmoFfq28PjEwgK8Gh4sVmQG2C2lUH4YQ1iLgOmuPAwpgEZer4z2aPRZbaqr3gNPnUuo h1OHSINHSVG0x53sUFIu8izqG6p3YHji1SFKCRxNwZL8kHhz5I8NoBXv5yh7ijeRjnHp fevw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=8Suc9k8OWOqx9n4WVwqD/feEy4palXYGMcx9du4Ckdo=; b=GsUSj7iUX4zTa19oeOz9Jfbjkt0EyY+pUdlMYE45eQFV/uEHenpEXi4vKmkPGv+sky C0RZnM86Yfd1kifjZmDQDJLpvgBoTnfjLpY8OmN9dDCNNe7NE7jYFJzDzKJI98LGiJ/E 05M7Gx3Afi+iGsa1R06TyjY78E0aTFHdgOdvBPOuW1iHDtf0NoX9/1qUPRQDI0F1RoXP KLvLC1iyw8dzKmBW11SjLuqPWklEAjZoebuFg3JlSV4/rXkJHLt0eIGhNGOBMNzNUMMe KtYHczC39nzwA/ylv4HzdhM/UBB742Uv59zsTlAuHwm3oP6twbSLlwWxlah8QdB17lmM HjcA==
X-Gm-Message-State: ALyK8tJToYWoBdqFEZP5ESZm3k6sqr4ZLaEcyt4y2BnGiEy/H66n1t8IYUUUnO903zEO+jLIu+C23Bs6Awg2DQ==
X-Received: by 10.159.36.174 with SMTP id 43mr308401uar.134.1465321223513; Tue, 07 Jun 2016 10:40:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.1.150 with HTTP; Tue, 7 Jun 2016 10:40:22 -0700 (PDT)
In-Reply-To: <85E24D9D-F666-49C3-A022-2F207227A153@trammell.ch>
References: <85E24D9D-F666-49C3-A022-2F207227A153@trammell.ch>
From: Aaron Falk <aaron.falk@gmail.com>
Date: Tue, 07 Jun 2016 13:40:22 -0400
Message-ID: <CAD62q9UiLi1ffGPm=xEXOSH=sqZPv7hYiNBTGvAX52a9dhV8yg@mail.gmail.com>
To: Brian Trammell <ietf@trammell.ch>, spud <spud@ietf.org>
Content-Type: multipart/alternative; boundary="001a1142f1d0026d310534b3af3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/DFelikNQ4Dq_MxCh7MKwhs7AVNw>
Subject: Re: [Spud] updated draft PLUS charter, rev. 1 June
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 17:40:27 -0000

Apologies for being behind on the list and maybe repeating points that have
been made.  A few comments based on my review of the BoF proposal & charter:


   - 1st para of the charter says “The working group will not specify any
   new transport protocols.” and the 5th para says “The PLUS working group
   will specify a new protocol”.  I think the latter statement is correct.
   - I’d like to see a comment on PLUS re-enabling ICMP functionality
   - There’s the obvious & unaddressed question about the relation to QUIC
   - The PLUS Bof description should start something like “This BoF is to
   discuss the proposed PLUS working group.  The wg’s goal is to…”
   - No discussion of wg anti-goals.  I had heard some interest in ruling
   middlebox to middlebox signaling as out of scope.
   - (To ADs:) Would like to see the QUIC and PLUS BoFs scheduled
   back-to-back.  While I think the topics are mostly separable, if the
   discussion gets out of sync it will be a headache.

HTH,

--aaron


On Wed, Jun 1, 2016 at 6:45 AM Brian Trammell <ietf@trammell.ch> wrote:

> Greetings, all,
>
> We've taken another editing pass to tighten the charter; results inline
> below at on GitHub (https://github.com/ietf-plus/charter). We think this
> is getting close to something it would be useful to discuss and wordsmith
> at a BoF.
>
> Further comments welcome.
>
> Thanks, cheers,
>
> Brian and Mirja
>
>
> Path Layer UDP Substrate (PLUS)
> ===============================
>
> The PLUS working group's goal is to define a common shim layer atop the
> User
> Datagram Protocol (UDP) to provide a transport-independent method to signal
> flow semantics under transport and application control, necessary to enable
> the deployment of new, encrypted transport protocols within the existing
> Internet. UDP provides compatibility with currently deployed middleboxes as
> well as ubiquitous support in endpoints, and supports userspace
> implementation
> of new transport protocols. The working group will not specify any new
> transport protocols.
>
> The current Internet protocol stack does not provide explicit, in-band,
> transport-independent signaling to on-path network devices. This has led to
> the deployment of devices which perform implicit discovery of transport
> semantics and traffic characteristics via inspection of protocol headers
> and
> payload, a practice made possible when these are sent in the clear.
>
> In order to support more ubiquitous deployment of encryption, and the
> encryption of transport headers to allow deployment of new transport
> protocols, explicit in-band signaling must be added to the stack. This
> signaling must be transport protocol independent, and the types of
> information
> signaled must be based on characteristics that can be independently
> verified
> by devices on path, or that can be usefully applied without requiring a
> trust
> relationship between endpoints and the path. Further, a feedback channel
> that
> provides information from on-path devices back to endpoints and
> applications,
> e.g. for error handling, is essential for the deployment and success of an
> explicit cooperation approach.
>
> While IP would seem to be the natural home for this facility, both IPv4 and
> IPv6 options and extensions have deployment problems on their own, which
> makes
> it hard to include any additional information in these protocols.
>
> The PLUS working group will specify a new protocol as a Path Layer
> UDP Substrate (PLUS), to support experimental deployment of
> explicit cooperation between endpoints and devices on path, with the
> following goals:
>
> - enable ubiquitous deployment of encrypted higher layer protocols
>   by providing exposure of basic TCP-like semantics (e.g. SYN, FIN,
>   RST flags) to devices on path (e.g. NATs and firewalls).
>
> - allow applications and transport protocols to explicitly provide
>   limited information with integrity protection to devices on path
>
> - allow devices on path to provide unencrypted feedback and information
>   about the path directly to sending endpoints, under sending endpoint
>   control
>
> - allow devices on path to provide unencrypted information about the
>   path to receiving endpoints, with encrypted feedback to the
>   sending endpoint, under sending endpoint control
>
> This approach explicitly gives the control of information exposure back the
> application and/or transport layer protocol on the end host. It is the
> goal of
> PLUS to minimize the information exposed, to make information exposure
> transparent, and to limit the level of detail to that useful for network
> treatment, while encrypting everything else. Endpoint verification of
> signaling integrity, careful design of minimal data structures, and
> restrictive policies for registration of signals can help to meet this
> goal.
> This is important to avoid future implicit treatment and resulting
> ossification, as well as to minimize the privacy risks presented by
> explicit
> cooperation.
>
> Given that the primary goal of PLUS is to enable the deployment of
> transport
> protocols with encrypted headers, we assume that the higher-layer protocol
> can
> provide an encryption context that can be used by PLUS to provide
> authentication, integrity, and encryption where needed. The primary threat
> model to defend against will be modification or deletion of exposed
> information by middleboxes and other devices on path, by allowing a remote
> endpoint to detect modifications.
>
> The working group will start with an initial set of use cases (see draft-
> kuehlewind-spud-use-cases) and requirements (see draft-trammell-spud-req),
> taken from experience with the Substrate Protocol for User Datagrams (SPUD)
> prototype. The working group's main output will be an experimental protocol
> specification, together with an initial registry of types of information
> that
> can be exposed using PLUS, clearly aligned to the use cases determined by
> the
> working group. The working group will close if it is not able to come to
> consensus on a protocol design to meet these requirements.
>
> The working group will additionally aim to identify and work with other
> working groups that could address parts of these requirements within
> existing
> protocols, e.g. by specifying new protocol extensions, or as input for on-
> going standardization work. It will aim to work with working groups
> defining
> encryption protocols (e.g. DTLS) which could be used for encryption of
> transport protocols running over PLUS.
>
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud
>

v2.23.0 | Report a Bug | By Email