Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was Questions based on draft-trammell-spud-req-00))
Ted Hardie <ted.ietf@gmail.com> Mon, 10 August 2015 19:12 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A923E1B3CBF
for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 12:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id mOnbsbGos5ws for <spud@ietfa.amsl.com>;
Mon, 10 Aug 2015 12:12:14 -0700 (PDT)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com
[IPv6:2a00:1450:400c:c05::22f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8499C1B3CAA
for <spud@ietf.org>; Mon, 10 Aug 2015 12:12:13 -0700 (PDT)
Received: by wicne3 with SMTP id ne3so148249311wic.1
for <spud@ietf.org>; Mon, 10 Aug 2015 12:12:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=xxEldHxsbt/8QPKNWx3rDvvjcYrpEVN2gf2x0QGO6vw=;
b=OzXLpojj03vA6/fZ4iLTAMKZmVcSU3MJ7coPGfq0Ng0XHtUyiScubk7QMJtg0LsSKU
RQUMjTWwMk/lDgHK7RyblYYk+cu+mTpporpj/OdZAqw7z1diVgN8oD6AJkkP8oDcdAtR
ejqhV3/mV0a9Axvm6YqtRNzf1guS+rS6Z3BKl9yRyDVPMKtxOaHTegQmV86WcPTg56LB
8m60zIzRPZvInCP1bUlF+uvFnnbVaK6HAAtIeEm5yIrwNkchddSzOrzpvYu2P15qANwO
W17bPM0NMHAU7OfGQnFQ+ASAX6tZi64kmtjS1yaVm7f+NHkynUzK7FL3gB2jFmsvAkfT
/wcg==
MIME-Version: 1.0
X-Received: by 10.195.13.200 with SMTP id fa8mr47066563wjd.9.1439233932257;
Mon, 10 Aug 2015 12:12:12 -0700 (PDT)
Received: by 10.194.17.68 with HTTP; Mon, 10 Aug 2015 12:12:12 -0700 (PDT)
In-Reply-To: <20150810184147.GW1667@cisco.com>
References: <20150810184147.GW1667@cisco.com>
Date: Mon, 10 Aug 2015 12:12:12 -0700
Message-ID: <CA+9kkMCkaKJ8Bn8rVfDtAKwewWgRXdxJ_HOK+XioCu5FMZ7J+w@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Toerless Eckert <eckert@cisco.com>
Content-Type: multipart/alternative; boundary=047d7bb0417247f12b051cf9c322
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/RQUzbx2dD5T56QPg0m7t9-WMnBA>
X-Mailman-Approved-At: Mon, 10 Aug 2015 13:20:38 -0700
Cc: Eric Rescorla <ekr@rtfm.com>, "Black, David" <david.black@emc.com>,
=?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>,
Joe Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>,
Christian Huitema <huitema@microsoft.com>,
Ken Calvert <calvert@netlab.uky.edu>, Brian Trammell <ietf@trammell.ch>,
Jana Iyengar <jri@google.com>
Subject: Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was
Questions based on draft-trammell-spud-req-00))
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 19:12:15 -0000
Howdy, On Mon, Aug 10, 2015 at 11:41 AM, Toerless Eckert <eckert@cisco.com> wrote: > As a generic side thought based on Christians concern about privacy > (why would an app want to show a shared Tube-ID across multipath/mobile > flows for example). > > To me, the problem is best explained on the following workflow: > > "Here is your new ID card". > "Why would i want to have an ID card, everybody who checks ID cards is > evil" > "You do not have to show your ID card if you don't want to" > "Lets go to the bar" > "ID card please" > "Booze or anonymity... that's the question" > "Lets choose booze" > > You've just demonstrated a bad workflow. To drink booze in many jurisdictions, you need to be of a certain age. Associating that age with a token that can be shown (of-booze-consuming-age) is enough to meet the requirement; showing an identity is most assuredly not required. There are states that change your ID card when you pass that age, for example; it is a horizontal picture in one and a vertical in the other. When asked for proof of age, you can show just the picture and be granted entrance, without showing your name, home address, or other identifying characteristics. What we are looking for in SPUD is a set of declarative statements that can be made from the application to the network about the network treatment desired and from the network to the application about the network treatment provided. Anything beyond that is not just surplus to requirements, it's dangerous because you can end up subverting the security properties of the overlying protocol (which is what the application sees and is relying on). My two cents, in any case, Ted > So, whats missing in SPUD (or any prior endpoint<->network) signaling is > the > signaling element "If you do not show ID card, you will not get booze" or > "if you do not use a cross-subflow Tube-ID, your load-sharing, mobility or > multipath > performance will suck or not work". > > Using the same Tube-ID is just one example. This interaction really applies > to any possible signaling element: The anonymity freak will argue to his > death that he doesn't want to provide information to the network... unless > the network can persuade him that the benefit of showing outweights the > loss of anonymity. > > This is primarily a question of creating a data-model of what the network > can offer > and tie that to a data model for what to show to get it.... > > Cheers > Toerless >
- [Spud] Whats missing in SPUD (was: Re: Multipath/… Toerless Eckert
- [Spud] Whats missing in SPUD (was: Re: Multipath/… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Ted Hardie
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Ted Hardie
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Christian Huitema
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Daniel Kahn Gillmor
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD Daniel Kahn Gillmor
- Re: [Spud] Whats missing in SPUD Toerless Eckert