[Spud] PLUS charter rev. 23 June
Brian Trammell <ietf@trammell.ch> Thu, 23 June 2016 09:35 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3C312E1FC for <spud@ietfa.amsl.com>; Thu, 23 Jun 2016 02:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YeG4kH3ALIOp for <spud@ietfa.amsl.com>; Thu, 23 Jun 2016 02:35:50 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 4133812E050 for <spud@ietf.org>; Thu, 23 Jun 2016 02:30:06 -0700 (PDT)
Received: from [IPv6:2001:67c:10ec:2a49:8000::10d6] (unknown [IPv6:2001:67c:10ec:2a49:8000::10d6]) by trammell.ch (Postfix) with ESMTPSA id 79FC41A19C4 for <spud@ietf.org>; Thu, 23 Jun 2016 11:29:35 +0200 (CEST)
From: Brian Trammell <ietf@trammell.ch>
X-Pgp-Agent: GPGMail 2.6b2
Content-Type: multipart/signed; boundary="Apple-Mail=_43621D2A-46F1-4FF4-9FF3-5BA3A6E40A1D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Date: Thu, 23 Jun 2016 11:29:34 +0200
Message-Id: <32DC1941-126F-4513-801F-559617E85436@trammell.ch>
To: spud <spud@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/kW_dhKMqMxHSrQbCo9v4hk2bgcE>
Subject: [Spud] PLUS charter rev. 23 June
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2016 09:35:57 -0000
Greetings, all, We've updated the proposed PLUS charter based on outstanding issues (Christian's comment on threat modeling and mitigations) and added a list of things we believe to be out of scope based on list discussion. New charter, as always, at https://github.com/ietf-plus/charter/blob/master/charter-plus.txt, and inline below. Cheers, Brian Path Layer UDP Substrate (PLUS) =============================== The PLUS working group's goal is to define a common shim layer atop the User Datagram Protocol (UDP) to provide a transport-independent method to signal flow semantics under transport and application control, necessary to enable the deployment of new, encrypted transport protocols within the existing Internet. UDP provides compatibility with currently deployed middleboxes as well as ubiquitous support in endpoints, and supports userspace implementation of new transport protocols. The working group will not specify any new transport protocols. The current Internet protocol stack does not provide explicit, in-band, transport-independent signaling to on-path network devices. This has led to the deployment of devices which perform implicit discovery of transport semantics and traffic characteristics via inspection of protocol headers and payload, a practice made possible when these are sent in the clear. In order to support more ubiquitous deployment of encryption, and the encryption of transport headers to allow deployment of new transport protocols, explicit in-band signaling must be added to the stack. This signaling must be transport protocol independent, and the types of information signaled must be based on characteristics that can be independently verified by devices on path, or that can be usefully applied without requiring a trust relationship between endpoints and the path. Further, a feedback channel that provides information from on-path devices back to endpoints and applications, e.g. for error handling, is essential for the deployment and success of an explicit cooperation approach. While IP would seem to be the natural home for this facility, both IPv4 and IPv6 options and extensions have deployment problems on their own, which makes it hard to include any additional information in these protocols. The PLUS working group will specify a new protocol as a Path Layer UDP Substrate (PLUS), to support experimental deployment of explicit cooperation between endpoints and devices on path, with the following goals: - enable ubiquitous deployment of encrypted higher layer protocols by providing exposure of basic TCP-like semantics (e.g. SYN, FIN, RST flags) to devices on path (e.g. NATs and firewalls). - allow applications and transport protocols to explicitly provide limited information with integrity protection to devices on path - allow devices on path to provide unencrypted feedback and information about the path directly to sending endpoints, under sending endpoint control - allow devices on path to provide unencrypted information about the path to receiving endpoints, with encrypted feedback to the sending endpoint, under sending endpoint control This approach explicitly gives the control of information exposure back the application and/or transport layer protocol on the end host. It is the goal of PLUS to minimize the information exposed, to make information exposure transparent, and to limit the level of detail to that useful for network treatment, while encrypting everything else. Endpoint verification of signaling integrity, careful design of minimal data structures, and restrictive policies for registration of signals can help to meet this goal. This is important to avoid future implicit treatment and resulting ossification, as well as to minimize the privacy risks presented by explicit cooperation. Given that the primary goal of PLUS is to enable the deployment of transport protocols with encrypted headers, we assume that the higher-layer protocol can provide an encryption context that can be used by PLUS to provide authentication, integrity, and encryption where needed. The primary threat model to defend against will be modification or deletion of exposed information by middleboxes and other devices on path, by allowing a remote endpoint to detect modifications. The working group will start with an initial set of use cases (see draft- kuehlewind-spud-use-cases) and requirements (see draft-trammell-spud-req), taken from experience with the Substrate Protocol for User Datagrams (SPUD) prototype. The working group's main output will be an experimental protocol specification, together with an initial registry of types of information that can be exposed using PLUS, clearly aligned to the use cases determined by the working group. This specification will consider potential attacks against the protocol, both arising from the encapsulation chosen as well as new attacks made possible by the protocol, and propose mitigations for these attacks. The working group will close if it is not able to come to consensus on a protocol design to meet these requirements. The working group will additionally aim to identify and work with other working groups that could address parts of these requirements within existing protocols, e.g. by specifying new protocol extensions, or as input for on- going standardization work. It will aim to work with working groups defining encryption protocols (e.g. DTLS) which could be used for encryption of transport protocols running over PLUS. Out of scope for the working group are: - The design and specification of new transport protocols running over PLUS. - Mechanisms for signaling among multiple devices on path between two endpoints - Mechanisms for key exchange or cryptographic context establishment between endpoints and devices on path
- [Spud] 答复: PLUS charter rev. 23 June Youjianjie
- [Spud] PLUS charter rev. 23 June Brian Trammell
- Re: [Spud] PLUS charter rev. 23 June mls.ietf
- Re: [Spud] PLUS charter rev. 23 June Eggert, Lars
- Re: [Spud] PLUS charter rev. 23 June Martin Stiemerling