Re: [Spud] updated PLUS charter
Brian Trammell <ietf@trammell.ch> Thu, 26 May 2016 08:06 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF6EC12D63C for <spud@ietfa.amsl.com>; Thu, 26 May 2016 01:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dql8RY2tDx-B for <spud@ietfa.amsl.com>; Thu, 26 May 2016 01:06:21 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 89AFB12D644 for <spud@ietf.org>; Thu, 26 May 2016 01:06:21 -0700 (PDT)
Received: from [IPv6:2001:67c:64:42:5846:5e08:bb92:e693] (unknown [IPv6:2001:67c:64:42:5846:5e08:bb92:e693]) by trammell.ch (Postfix) with ESMTPSA id 43E141A0C1D; Thu, 26 May 2016 10:06:20 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_C95386BB-2725-49F1-9F20-1BAFBD26CB06"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <F7783B9F-8D1D-4251-8DAF-2E9A3EA4D9A7@netapp.com>
Date: Thu, 26 May 2016 10:06:27 +0200
Message-Id: <DDC9AF24-FC64-4109-96E4-B07A3B1AE8F0@trammell.ch>
References: <D854766A-83D6-4605-8484-4ED06BB5F9CC@trammell.ch> <F7783B9F-8D1D-4251-8DAF-2E9A3EA4D9A7@netapp.com>
To: "Eggert, Lars" <lars@netapp.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/bpYjOGTrZEw3skQtKTbcQA4SNIM>
Cc: spud <spud@ietf.org>
Subject: Re: [Spud] updated PLUS charter
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 08:06:25 -0000
Hi, Lars, Thanks for the comments! Comment-comments inline, language mentioned has been added to the working copy of the draft charter. > On 25 May 2016, at 14:33, Eggert, Lars <lars@netapp.com> wrote: > > Hi, > > a few comments: > > On 2016-05-24, at 12:08, Brian Trammell <ietf@trammell.ch> wrote: >> Path Layer UDP Substrate (PLUS) >> =============================== >> >> The PLUS working group's goal is to enable the deployment of new, encrypted >> transport protocols, while providing a transport-independent method to signal >> flow semantics under transport and application control. > > Using the plural here ("new, encrypted transport protocols") sounds awfully broad. At the end of the charter, the text says "an experimental protocol specification" is the deliverable, which is much more constrained. Suggest to use similar wording here also. Hm; I see the point, it does set up the expectation that we're going to have lots of new transport protocols, as opposed to only the common substrate. How about: The PLUS working group's goal is to define a common substrate protocol for transport-independent of flow semantics under application and transport layer control and encryption of transport layer headers, therefore enabling the deployment of new transports in the Internet. >> The approach from >> which the working group will start is a shim layer based on the User Datagram >> Protocol (UDP), which provides compatibility with existing middleboxes in the >> Internet as well as ubiquitous support in endpoints, and provides for >> userspace implementation. >> >> The current Internet protocol stack does not provide explicit, transport- >> independent signaling of flow characteristics to on-path network devices. > > I think it's been pointed out that this broad statement is incorrect in several ways, since we have many explicit, transport-independent signaling protocols (RSVP, NSIS, etc.) They are neither in-band (which I think you want here) nor are they generally deployed or deployable (which is also what I think you want here), so I suggest that this text be tightened, so that folks like me don't overreact :-) Ah, oops... "in-band" fell back out here after the last rewrite of this paragraph. :/ >> This >> has led to the deployment of devices which perform implicit discovery of these >> characteristics, through inspection of protocol headers all they way up to the >> application layer, a practice made possible because these headers are sent in >> the clear. > > Another reason for DPI is that the network can't really in general trust what is signaled by the end points, and so it is attractive to try and obtain "the truth" by DPI (whether that is possible or not in all cases.) I'd like to raise that any new endpoint signaling method - i.e., the work proposed here - will have similar issues. It would be good to have some argument as to why PLUS will be different. Yep. So this becomes two paragraphs now IMO; how about: The current Internet protocol stack does not provide explicit, in-band, transport-independent signaling of transport semantics and flow characteristics to on-path network devices. This has led to the deployment of devices which perform implicit discovery of these characteristics, through inspection of protocol headers all they way up to the application layer, a practice made possible because these headers are sent in the clear. Current signaling approaches are not generally deployable across administrative domains, as they rely on out-of-band enforcement of honesty. There is no incentive to believe and act on an imperative signal sent by an untrusted endpoint or middlebox. By relying on a small signaling vocabulary in terms of declarations of intentions, tolerances, and explicit tradeoffs, PLUS aims to improve on this situation. > >> Inspection and modification of unencrypted protocol headers is a >> key cause of the ossification that makes it hard or impossible to deploy new >> protocols. >> >> In order to support more ubiquitous deployment of encryption, and the >> encryption of transport headers to allow deployment of new transport >> protocols, explicit signaling must be added to the stack, and it must be >> transport protocol independent. > > I again think you mean "in-band" signaling, since we have out-of-band signaling - well, at least many specs for it :-) Yep; will s/explicit signaling/explicit, in-band signaling/ >> While IP would seem to be the natural home for >> this facility, both IPv4 and IPv6 options and extensions have deployment >> problems on their own, which makes it hard to include any additional >> information in these protocols. Additionally, a feedback channel that provides >> information from on-path devices back to endpoints and applications, e.g. for >> error handling, is essential for the deployment and success of an explicit >> cooperation approach. >> >> The PLUS working group will specify a new protocol as a Path Layer >> User Substrate (PLUS), to support experimental deployment of >> explicit cooperation between endpoints and devices on path, with the following goals: >> >> - enable ubiquitous deployment of encrypted higher layer protocols >> by providing exposure of basic TCP-like semantics (e.g. SYN, FIN, >> RST flags) to devices on path (e.g. NATs and firewalls). >> >> - allow applications and transport protocols to explicitly provide >> limited information in cleartext to devices on path >> >> - allow devices on path to provide feedback and information about >> the path in cleartext to sending endpoints, under sending endpoint >> control >> >> - allow devices on path to provide information about the path in cleartext >> to receiving endpoints, with feedback to the sending endpoint, under >> sending endpoint control > > Can we find a better word than "cleartext"? At least my mind immediately jumps to think about unstructured ASCII data in protocol headers. Maybe "unencrypted" or "not integrity-protected"? Yep. Technically, it's "and", and we don't talk about integrity protection yet, so the last three become: - allow applications and transport protocols to explicitly provide limited information with integrity protection to devices on path - allow devices on path to provide unencrypted feedback and information about the path directly to sending endpoints, under sending endpoint control - allow devices on path to provide unencrypted information about the path to receiving endpoints, with encrypted feedback to the sending endpoint, under sending endpoint control >> Note that this approach explicitly gives the control of information >> exposure back the application and/or transport layer protocol on >> the end host. It is the goal of PLUS to minimize the information >> exposed at the level of detail that is useful for the network, >> while encrypting everything else. > > It would be good to add a half-sentence on how PLUS can achieve that goal (i.e., how can it limit what an app decides to signal)... > >> This is important to avoid future >> implicit treatment and the resulting ossification, as well as to >> leverage the principle of least exposure to minimize privacy risks >> presented by explicit cooperation. > > ...because as you say that is important. Yep. So adding a sentence and tweaking the para slightly, how about: Note that this approach explicitly gives the control of information exposure back the application and/or transport layer protocol on the end host. It is the goal of PLUS to minimize the information exposed, to make information exposure transparent, and to limit the level of detail to that useful for network treatment, while encrypting everything else. Endpoint verification of signaling integrity, careful design of minimal data structures, and restrictive policies for registration of signals can help to meet this goal. This is important to avoid future implicit treatment and resulting ossification, as well as to minimize the privacy risks presented by explicit cooperation. Thanks, cheers, Brian >> Given that the primary goal of PLUS is to enable the deployment of arbitrary >> transport protocols, encrypting transport protocol headers, we assume that >> the higher-layer protocol can provide an encryption context that can be used by >> PLUS to provide authentication, integrity, and encryption where needed. The >> primary threat model to defend against will be modification or deletion of >> exposed information by middleboxes and other devices on path, by allowing a >> remote endpoint to detect modifications. >> >> The working group will start with an initial set of use cases (see >> draft-kuehlewind-spud-use-cases) and requirements (see >> draft-trammell-spud-req), taken from experience with the Substrate >> Protocol for User Datagrams (SPUD) prototype. >> The working group's main output will be an experimental protocol >> specification, together with an initial registry of types of >> information that can be exposed using PLUS, clearly aligned to >> these use cases and requirements. The working group will close if >> it is not able to come to consensus on a protocol design to meet >> these requirements. >> >> The working group will additionally aim to identify other working >> groups that could or should address parts of these requirements >> within existing protocols, e.g. by specifying new protocol >> extensions or as input for on-going standardization work. It will >> aim to work with working groups defining encryption protocols (e.g. >> TLS) which could be used for encryption of transport protocols >> running over PLUS. > > Lars
- [Spud] updated PLUS charter Brian Trammell
- Re: [Spud] updated PLUS charter Eggert, Lars
- Re: [Spud] updated PLUS charter Aaron Falk
- Re: [Spud] Lars: updated PLUS charter Toerless Eckert
- Re: [Spud] updated PLUS charter Brian Trammell