IETF Logo Mail Archive

Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was Questions based on draft-trammell-spud-req-00))

Toerless Eckert <eckert@cisco.com> Mon, 10 August 2015 20:13 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440351B3D7E for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 13:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jB8WfPuu9_0e for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 13:13:02 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CD601B3D82 for <spud@ietf.org>; Mon, 10 Aug 2015 13:13:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5552; q=dns/txt; s=iport; t=1439237582; x=1440447182; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=AOY2K+AVH37dWHZThmX/o0PLD8h4NwT3+3Kk5aVnl5s=; b=EmzQM9dgOLwAHkflxDQ/Xw6vkiUazJjZnxX8OJLtfPe2bRdGXG6RBNj2 byAZvy2pG10T2VjApsF727w7BKVU6oAjj/hDCmwdTwxNHLkp0/dLBmHU0 mKMlHJ7PXviQ5V4CVRZaeI1odIJjLaP6dukDNeQjFWLXKhkj4nkhhiK1V w=;
X-IronPort-AV: E=Sophos;i="5.15,647,1432598400"; d="scan'208";a="177323492"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-8.cisco.com with ESMTP; 10 Aug 2015 20:13:01 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t7AKD0f8016695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Aug 2015 20:13:01 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t7AKD0Js021950; Mon, 10 Aug 2015 13:13:00 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t7AKCxwm021948; Mon, 10 Aug 2015 13:12:59 -0700
Date: Mon, 10 Aug 2015 13:12:59 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Ted Hardie <ted.ietf@gmail.com>
Message-ID: <20150810201259.GY1667@cisco.com>
References: <20150810184147.GW1667@cisco.com> <CA+9kkMCkaKJ8Bn8rVfDtAKwewWgRXdxJ_HOK+XioCu5FMZ7J+w@mail.gmail.com> <20150810194018.GX1667@cisco.com> <CA+9kkMAg0Tn2Q8HMPfE4iitiXPkws4nQHtt2y8GxLSZamr9c8Q@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+9kkMAg0Tn2Q8HMPfE4iitiXPkws4nQHtt2y8GxLSZamr9c8Q@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/TKqoVdFsRyhmIwqVvMx8BFArWEY>
X-Mailman-Approved-At: Mon, 10 Aug 2015 13:20:38 -0700
Cc: Eric Rescorla <ekr@rtfm.com>, "Black, David" <david.black@emc.com>, Mirja =?iso-8859-1?Q?K=FChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, Joe Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>, Christian Huitema <huitema@microsoft.com>, Ken Calvert <calvert@netlab.uky.edu>, Brian Trammell <ietf@trammell.ch>, Jana Iyengar <jri@google.com>
Subject: Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was Questions based on draft-trammell-spud-req-00))
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 20:13:07 -0000

Counter example is when the presence of the advanced processing
that the app wants to have in the network would actually impact how the
application sends packets. For example if i can know at least one middlebox
can do advanced priority based packet dropping, then i'd do the video encoding
slightly different.

And i still contend that privacy advocats would think it is less intrusive
if you have the ability to signal your tokens only after figuring out why
what you get for it). Independent of whether the app would change it's behavior.

Cheers
    Toerless


On Mon, Aug 10, 2015 at 01:02:39PM -0700, Ted Hardie wrote:
> On Mon, Aug 10, 2015 at 12:40 PM, Toerless Eckert <eckert@cisco.com> wrote:
> 
> > ;-) Thanks for detailling the minimum requirements for the example
> > exchange. But my point was really about showing the <insert right token>
> > only after you know why you would have to show it.
> >
> 
> If i read your reply correctly, you are reconfirming
> > that the current goal in SPUD is to show tokens whether or not they are
> > needed
> > and without knowing what benefit you would get when you show them. Its like
> > carrying that vertical or hirozontal picture card openly without knowing
> > that you'll have a benefit from it.
> >
> > ???So, let's assume that the request is from an application like a WebRTC
> application working inside a browser.   It wants to tell the network that a
> specific set of packets are grouped together (they are a tube) even when
> there are other packets on the same five-tuple.  For the ones within the
> tube, it would prefer packet drop on delay, rather than buffering.  Sure,
> it could wait until every middlebox along the way reported its likely
> treatment of the tube before specifying what it wanted, but it is faster
> and more reasonable to make the declarative statement when the desire is
> expressed.
> 
> That's more like, "show the picture when you are entering bar, rather than
> waiting to see if a bouncer asks for your ID"???.  Yes, the bouncer might
> look at you and pass you based on inference, but why rely on that?
> 
> Ted
> 
> 
> 
> 
> > Thats what i think is one of the main reasons why we have this ongoing
> > discussion
> > between privacy and spud sides. If spud had the framework to tell
> > the how what to show and what benefit it would then get, i am arguing
> > the pushback would be a lot smaller.
> >
> > Cheers
> >     Toerless
> >
> > On Mon, Aug 10, 2015 at 12:12:12PM -0700, Ted Hardie wrote:
> > > Howdy,
> > >
> > > On Mon, Aug 10, 2015 at 11:41 AM, Toerless Eckert <eckert@cisco.com>
> > wrote:
> > >
> > > > As a generic side thought based on Christians concern about privacy
> > > > (why would an app want to show a shared Tube-ID across multipath/mobile
> > > > flows for example).
> > > >
> > > > To me, the problem is best explained on the following workflow:
> > > >
> > > > "Here is your new ID card".
> > > > "Why would i want to have an ID card, everybody who checks ID cards is
> > > > evil"
> > > > "You do not have to show your ID card if you don't want to"
> > > > "Lets go to the bar"
> > > > "ID card please"
> > > > "Booze or anonymity... that's the question"
> > > > "Lets choose booze"
> > > >
> > > >
> > > ???You've just demonstrated a bad workflow.  To drink booze in many
> > > jurisdictions, you need to be of a certain age.  Associating that age
> > with
> > > a token that can be shown (of-booze-consuming-age) is enough to meet the
> > > requirement; showing an identity is most assuredly not required.
> > >
> > > There are states that change your ID card when you pass that age, for
> > > example; it is a horizontal picture in one and ???a vertical in the
> > other.
> > > When asked for proof of age, you can show just the picture and be granted
> > > entrance, without showing your name, home address, or other identifying
> > > characteristics.
> > >
> > > What we are looking for in SPUD is a set of declarative statements that
> > can
> > > be made from the application to the network about the network treatment
> > > desired and from the network to the application about the network
> > treatment
> > > provided.  Anything beyond that is not just surplus to requirements, it's
> > > dangerous because you can end up subverting the security properties of
> > the
> > > overlying protocol (which is what the application sees and is relying
> > on).
> > >
> > > My two cents, in any case,
> > >
> > > Ted
> > >
> > >
> > >
> > >
> > >
> > > > So, whats missing in SPUD (or any prior endpoint<->network) signaling
> > is
> > > > the
> > > > signaling element "If you do not show ID card, you will not get booze"
> > or
> > > > "if you do not use a cross-subflow Tube-ID, your load-sharing,
> > mobility or
> > > > multipath
> > > > performance will suck or not work".
> > > >
> > > > Using the same Tube-ID is just one example. This interaction really
> > applies
> > > > to any possible signaling element: The anonymity freak will argue to
> > his
> > > > death that he doesn't want to provide information to the network...
> > unless
> > > > the network can persuade him that the benefit of showing outweights the
> > > > loss of anonymity.
> > > >
> > > > This is primarily a question of creating a data-model of what the
> > network
> > > > can offer
> > > > and tie that to a data model for what to show to get it....
> > > >
> > > > Cheers
> > > >     Toerless
> > > >

v2.8.7 | Report a Bug | By Email