IETF Logo Mail Archive

Re: [Spud] New Version Notification for draft-hildebrand-spud-prototype-02.txt

Brian Trammell <ietf@trammell.ch> Tue, 17 March 2015 08:18 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A3B31A010F for <spud@ietfa.amsl.com>; Tue, 17 Mar 2015 01:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQYl7LasRtiF for <spud@ietfa.amsl.com>; Tue, 17 Mar 2015 01:18:39 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 53B6B1A0107 for <spud@ietf.org>; Tue, 17 Mar 2015 01:18:22 -0700 (PDT)
Received: from [IPv6:2001:470:26:9c2:7c22:2769:907:e4e2] (unknown [IPv6:2001:470:26:9c2:7c22:2769:907:e4e2]) by trammell.ch (Postfix) with ESMTPSA id 5AFEB1A0032; Tue, 17 Mar 2015 09:17:51 +0100 (CET)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_D8173D95-32D2-4DEA-BE54-510CB6F2AE92"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5b5
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <19F10DC6-ABB2-4990-996B-E30EE1811596@mnot.net>
Date: Tue, 17 Mar 2015 09:17:50 +0100
Message-Id: <8CBCE77C-9FF1-4967-8D73-3EDA0504C489@trammell.ch>
References: <20150303155825.32731.37010.idtracker@ietfa.amsl.com> <08728A73-ED15-4928-A5BB-A59EA9E6D785@cisco.com> <CA+9kkMDSMMUByAMOc8gSyMajyKj0ZtZzmFPg+J7bz-6AYkFYhw@mail.gmail.com> <CAOdDvNrRcMCnWMzBvL0Do16mmiajeR4OJRx36cxnppuaD7+81w@mail.gmail.com> <C0A46E88-A9C2-4EB3-B7B6-2DE20D0B957A@cisco.com> <CA+9kkMDaWrvZM3b7G8FyuiHL0nRO=kWLHjqxQjPjxqtoa1Dq=w@mail.gmail.com> <CAOdDvNq3NMP6ynqXmfoaVStFpRjVq70ZupVqt6ZmZutdg96SaA@mail.gmail.com> <6DC4AC2F-7279-4B18-8656-939E787E055D@trammell.ch> <5F294E01-B194-4969-8603-671D57569637@cisco.com> <A5F41169-7BB9-4F6D-8978-356A65E6093B@in-panik.de> <75723F2D-969C-4FBF-81D9-20EC106951EC@trammell.ch> <CAOdDvNqLPOB1DgNWJg5PsCN+bBmeeBs76dEt-XFU3UxzqYba5A@mail.gmail.com> <19F10DC6-ABB2-4990-996B-E30EE1811596@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/GHMI6986DPTRPlKcXu9rNG-Np_I>
Cc: Patrick McManus <mcmanus@ducksong.com>, Ted Hardie <ted.ietf@gmail.com>, "Philipp S. Schmidt" <phils@in-panik.de>, Joe Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] New Version Notification for draft-hildebrand-spud-prototype-02.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 08:18:51 -0000

> On 17 Mar 2015, at 06:01, Mark Nottingham <mnot@mnot.net> wrote:
> 
> Catching up...
> 
>> On 12 Mar 2015, at 1:52 am, Patrick McManus <mcmanus@ducksong.com> wrote:
>> 
>> On Wed, Mar 11, 2015 at 9:47 AM, Brian Trammell <ietf@trammell.ch> wrote:
>> 
>> Perhaps we can apply the question that led to the separation of TCP and IP in the first place: does the path need to see it / can the path do something universally useful with it? Put it in SPUD. Is it end-to-end? Stick it above SPUD, encrypt it, and hide the key from the path.
>> 
>> I like that as a guiding principle
> 
> +1 here too. Nice way to avoid this becoming an application services kitchen sink.

If we really want to build a nice expansive vocabulary for end to end metadata signaling, and we want to reuse chunks of the SPUD codebase to do so (maybe so the app can take the same signals and selectively expose them to the path or not) and we have a solution to the tube MTU problem which works so we know how many bits we can burn, and we believe we can restrict it to the point that it will ever interoperable -- this latter part is where I get skeptical -- then we can do this very simply, inside the crypto veil:

 +--------------------------+
 | addr addr ttl stuff      | IP
 +--------------------------+
 | port port csum len       | UDP
 +--------------------------+
 | magic tube flags cbor    | SPUD
 +--------------------------+             pathside
 | cbor 0: DTLS             | -----------------------
 +--------------------------+              appside
 | cbor                     | SPUD-lite
 +--------------------------+
 | cbor 0: payload          | your favorite transport
 +--------------------------+

Here SPUD-lite is *just* the CBOR part of SPUD.

I'm not sure this is a good idea -- though the diagram above looks a little less scary if you think of the goal of SPUD as a facility of reduced-profile, future DTLS -- but this arrangement would give us the flexibility to define things we want to say first then to freely move them between pathside and appside contexts. On the appside, the trust situation is easier because we presume we've solved the key-and-trust-management problem in a way that makes sense for a given application.

Cheers,

Brian


> --
> Mark Nottingham   https://www.mnot.net/
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

v2.23.0 | Report a Bug | By Email