Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)
Christian Huitema <huitema@microsoft.com> Mon, 10 August 2015 18:13 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 7A8361B3AE5
for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:13:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Usw7K8LwhuPS for <spud@ietfa.amsl.com>;
Mon, 10 Aug 2015 11:13:35 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com
(mail-bn1bon0707.outbound.protection.outlook.com
[IPv6:2a01:111:f400:fc10::1:707])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8CADE1B3ADF
for <spud@ietf.org>; Mon, 10 Aug 2015 11:13:34 -0700 (PDT)
Received: from DM2PR0301MB0656.namprd03.prod.outlook.com (10.160.96.18) by
DM2PR0301MB0783.namprd03.prod.outlook.com (10.160.97.154) with Microsoft SMTP
Server (TLS) id 15.1.207.19; Mon, 10 Aug 2015 18:13:30 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by
DM2PR0301MB0656.namprd03.prod.outlook.com (10.160.96.18) with Microsoft SMTP
Server (TLS) id 15.1.225.19; Mon, 10 Aug 2015 18:13:28 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by
DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id
15.01.0225.018; Mon, 10 Aug 2015 18:13:28 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Ted Hardie <ted.ietf@gmail.com>, Toerless Eckert <eckert@cisco.com>
Thread-Topic: [Spud] Multipath/Mobility (was Questions based on
draft-trammell-spud-req-00)
Thread-Index: AQHQ05Vw+WSYmKkHj06313z2YHHBGp4FhbrQ
Date: Mon, 10 Aug 2015 18:13:28 +0000
Message-ID: <DM2PR0301MB06551DB62FF49A99FD5843E9A8700@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com>
In-Reply-To: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [131.107.160.23]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0656;
5:Wn/3Ai/AIpq0HwH8w8+vgLBMKzQQovBKfHMTyGlUIejYbIIgl5Zj4yLorMLxkPZI2gClMpIedc8P85PoJUoPrTce3x/ga0dJTBYQnE7OsvnGG0bXlx75ETrfOC0zF1jK/zsCM+2Vmrt4jOzPhZAAlw==;
24:dWtwTeObpFP8q9akKIkgE3tMwpjKt08gSBmP+P/4hwsQVqx7WjFNBIHa9yUNIOUz5YmoNxYP1IQqLkjyCcK92NMkrRQbhFg+LEQoraSk09I=;
20:ffcQPTKs3I2t7bc//PTf2HIB9FnD00uQBWu27//t+DPDmFW6+vLQoAreDN5emDmlDuDJ7rtPW/WuaI9O6KfczA==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0656;
UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0783;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges
(Engineering ONLY)
x-microsoft-antispam-prvs: <DM2PR0301MB06561348AEAB57927FD1DB59A8700@DM2PR0301MB0656.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(601004)(2401001)(5005006)(3002001); SRVR:DM2PR0301MB0656; BCL:0; PCL:0;
RULEID:; SRVR:DM2PR0301MB0656;
x-forefront-prvs: 06640999CA
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(6009001)(24454002)(377454003)(189002)(199003)(74316001)(10290500002)(19580405001)(5003600100002)(5001770100001)(2900100001)(68736005)(97736004)(92566002)(19580395003)(81156007)(5002640100001)(86612001)(5001860100001)(10090500001)(2950100001)(5001960100002)(77156002)(8990500004)(189998001)(62966003)(76576001)(5005710100001)(10400500002)(101416001)(5001830100001)(77096005)(2656002)(105586002)(50986999)(54356999)(4001540100001)(106116001)(76176999)(122556002)(86362001)(33656002)(230783001)(87936001)(66066001)(102836002)(64706001)(106356001)(40100003)(99286002)(46102003)(7059030);
DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0656;
H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate
permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2015 18:13:28.3734 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0656
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0783;
2:paLoipge0ZHTqMPcQcUrRgTxqvA+UKBSwOdZMowOd87ctdewCzK5mjj8UcU3f+qd;
3:N9epN2GW6XEW277C4PFXUfpdUxrmdRlmT9A3tQORwL8HcN76jcI7MijmGzQyPFpRGQbDktyDiQwlQNCDMqjxFaAT8zkB1a7xAF0A+gEHiNMNi003gsj+vd6x1oateJh80VRAymsFVbJXGLTxg1wG1Q==;
25:qiTagXsCfSiONpF+b82HqbSD72IzT0Ht5L+WQ84teLxNaxjnircbnGhUQK0Zwa/QiZ6rLd8e4tXBFcr7TWuIlFun4Hd0JSIDzIodNk40wunfpTgMgPJ9oRedMzm6UIyvgfBDPnZ//mOEgAbeupeb15gzBGmxG6tAXS/xyaefr6vCMZe+OXwPYjbfyzamrLADqvHM9CRU7dvae9boOCXoeGKKtUqWV253F/QifSBtbQgTCq67m6Ft7721sgjzJ5AHfbmtoU1eG8TNmbSbGeTRdw==;
23:nqS2fDvscID+hrb+owW6T+qeCE+uSxVgl39MiuUmqHf1MFGhzGhlWWj6Em7K2Z5U1KgorK5L9opJlU/UMSScxh+IjJ2uz7LtbhhCxsnGFD8Lhtukao1LDmVqJtIL54DqnOF9OFuxDYk0JsuIov0K5/upFh8TyHKbRBT1ojWztNdADeE1yM/cIqeUCjIxoR1XTCdNUhJFk5l4CJDfojzTAWvnie+w+W9DaSXY56MSBEBjusE0FjH5KTLJpHZNj0fn
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/MaYet3GfyO1v0xd0zU72-FOL3lA>
X-Mailman-Approved-At: Mon, 10 Aug 2015 13:20:38 -0700
Cc: Eric Rescorla <ekr@rtfm.com>, "Black, David" <david.black@emc.com>,
=?utf-8?B?TWlyamEgS8O8aGxld2luZA==?= <mirja.kuehlewind@tik.ee.ethz.ch>, Joe
Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>, Jana
Iyengar <jri@google.com>, Ken Calvert <calvert@netlab.uky.edu>, Brian
Trammell <ietf@trammell.ch>
Subject: Re: [Spud] Multipath/Mobility (was Questions based on
draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 18:13:37 -0000
On Monday, August 10, 2015 10:53 AM, Ted Hardie wrote: > ... > I've split off a small chunk here to focus on the multipath/mobility question. > > On Mon, Aug 10, 2015 at 12:28 AM, Toerless Eckert <eckert@cisco.com> wrote: > >> My preference for Tube-ID is to identify a single bidirectional multipath or >> mobile transport connection consisting of one or more 5-tuple flows between >> two endpoints. > > First, I'm guessing that you want a single tube-id for multiple flows because you > want to tell the network that they are part of a single, multipath whole. If I have > guessed that wrong and you have a different view, can you please explain? I don't know what Toerless really means, but I am a bit concerned by the use of a "unique identifier" here. Specifically, I am concerned with the privacy implications of using unique identifiers. If the same identifier is used with multiple 5 tuples, then it can be used to tie together these tuples. There are cases when it doesn't matter too much, e.g. when just the client port changed, presumably after a NAT remapping. But if the client IP address changes, the unique identifier provides a neat way to track successive locations of a mobile device. I understand that using a unique identifier simplifies the device greatly. For example, a load balancer can use the unique identifier to ensure that packets are always routed to the "right" context. But we can do better than that. In fact, we should, because without a good alternative protocol designers will just pick the simple design, without worrying too much about privacy. The alternative is to design a privacy preserving way to bind two contexts together. That shouldn't be too hard. For example, the client could send a "tying" parameter encrypted with the server public key, tying the new context to a previous one. But we probably want to start this kind of design sooner rather than later, especially if we care about privacy. -- Christian Huitema
- [Spud] Multipath/Mobility (was Questions based on… Ted Hardie
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Christian Huitema
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Mirja Kühlewind
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert