IETF Logo Mail Archive

Re: [Spud] network/middle boxes information

Brian Trammell <ietf@trammell.ch> Tue, 31 March 2015 08:23 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3F431A90F1 for <spud@ietfa.amsl.com>; Tue, 31 Mar 2015 01:23:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fL30IShaSMAd for <spud@ietfa.amsl.com>; Tue, 31 Mar 2015 01:23:06 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 55ADE1A90E8 for <spud@ietf.org>; Tue, 31 Mar 2015 01:23:06 -0700 (PDT)
Received: from [IPv6:2001:470:26:9c2:311b:a423:9727:554d] (unknown [IPv6:2001:470:26:9c2:311b:a423:9727:554d]) by trammell.ch (Postfix) with ESMTPSA id 168201A0161; Tue, 31 Mar 2015 10:23:05 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_3146ADB8-51C1-415F-A593-7F81AE8C9A3F"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5b6
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <B94157E1-4F6B-48ED-8F1A-703A84CEC180@ericsson.com>
Date: Tue, 31 Mar 2015 10:23:04 +0200
Message-Id: <30721F17-412D-4DD9-9E73-15B46BC08C29@trammell.ch>
References: <1FEB0782-16E8-4AE0-8FF5-2B824EF89F24@ericsson.com> <C91E2670-1664-4372-8B62-B919005CA44F@tik.ee.ethz.ch> <B94157E1-4F6B-48ED-8F1A-703A84CEC180@ericsson.com>
To: Salvatore Loreto <salvatore.loreto@ericsson.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/iiPC7d3pvjGowrk1czLziTcm4jI>
Cc: =?utf-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] network/middle boxes information
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 08:23:09 -0000

> On 31 Mar 2015, at 09:02, Salvatore Loreto <salvatore.loreto@ericsson.com> wrote:
> 
> Hi Mirja
> 
> thanks a lot for the answer.
> 
> I do agre that having some information is a better alternative that anything
> and I am happy to see finally SPUD happening
> 
> I am sure that we can find a common set of information that both, middle and end are
> willing to release without a trust relation and which could already improve the status quo
> My concern is that this set, the set middle and end are willing to release without a trust relation,
> end up to be so minimalistic that would be extremely difficult to include anything else then
> start and stop without at least a cryptographic protection

...and stop might need cryptographic protection, too (on which I'll reply once the jetlag subsides...)

> Anyway from your answer I understand that at moment in your view it wouldn't be possible
> to use (extend?) SPUD to share network information with endpoint like for example
> a "mobile throughput guidance" [1]
> or other net info that would help the endpoints but today are not available to them at all.
> 
> BTW I see a contradiction in the fact that we are focusing the SPUD on the ‘may trust but verify’
> assumption and at same time we are hoping that SPUD will help to get rid of DPI.
> I think that unfortunately if we relay on the ‘may trust but verify’ assumption
> the network will continue to make use of DPI at least to verify the declarative info.

This whole effort is, in essence, an exercise in balancing contradictions.

Let's be clear: SPUD isn't going to be what gets rid of DPI. End-to-end encryption with key management to detect and prohibit TLS MTIM is what gets rid of DPI, at the application layer and below. This is happening, and will happen, without SPUD, for reasons that are entirely unrelated to transport ossification.

Yes, SPUD makes it possible to encrypt the transport layer headers, as well, which in turn makes it possible for the transport protocols to make explicit the contract between the endpoints and the path, and to be explicit about the division between the endpoint's role in making transport work and the path's. Selective exposure within SPUD makes it possible to do some of the things we're doing with DPI now, for which DPI is a wholly inappropriate tool, without doing DPI.

I would strenuously warn against treating DPI as "ground truth" in today's environment, much less as verification in a more explicit environment such as that we hope to build with SPUD. We need to recognize that much of the DPI that's out there is by necessity pretty simple, and therefore reasonably easy for endpoints cooperating with each other to spoof. And much of what DPI can tell you *directly* is really not interesting from a traffic classification and engineering standpoint in an Internet context.

Cheers,

Brian

> [1] http://www.ietf.org/id/draft-sprecher-mobile-tg-exposure-req-arch-01.txt
> 
> br
> Sal
> 
>> On 30 Mar 2015, at 20:33, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> wrote:
>> 
>> Hi Salvatore,
>> 
>> we are currently focusing on use case where you ‚may trust but verify‘ (see constraints). If you want to establish an explicit trust relationship with the middlebox, I personally thing that is currently out of scope. I believe there is information that both, middle and end, are willing to release without a trust relation and which could already provide useful input to e.g. better support certain app requirements. Often these kind of information is already available today by DPI (or at least assumptions are taken based on DPI, which might or might not be true). Providing control which information should be exposed (while encrypting the rest) actually provides better control of information leakage and privacy than we often have today. Further, as these information are only declarative, you can anyway never rely on them: that means you should for all your action always take into account that the information might be wrong (or alter by another entity). However, having some information as a starting point is very often extremely useful, if the alternative is having no information at all.
>> 
>> That’s just my view on scoping.
>> 
>> Mirja
>> 
>> 
>>> Am 25.03.2015 um 12:27 schrieb Salvatore Loreto <salvatore.loreto@ericsson.com>om>:
>>> 
>>> 
>>> During the open discussion Andrew expressed the fact that the networks have a lot of information
>>> that can be of interest (or even useful) to the end points (we have seen a proof of this already in tsvwg yesterday).
>>> 
>>> I want make clear that privacy and security is also important the network not only for the endpoints.
>>> We have to make sure that the middle box that is requested to share some info with the endpoint
>>> can do that in a secure/encrypted way (i.e. be able to decide who will be able to see the info in clear)
>>> 
>>> br
>>> Salvatore
>>> _______________________________________________
>>> Spud mailing list
>>> Spud@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spud
>> 
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

v2.8.7 | Report a Bug | By Email