IETF Logo Mail Archive

[Spud] updated draft PLUS charter, rev. 1 June

Brian Trammell <ietf@trammell.ch> Wed, 01 June 2016 10:44 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F0CD12B059 for <spud@ietfa.amsl.com>; Wed, 1 Jun 2016 03:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgfVtaaswiCk for <spud@ietfa.amsl.com>; Wed, 1 Jun 2016 03:44:51 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id 98ACC12B027 for <spud@ietf.org>; Wed, 1 Jun 2016 03:44:49 -0700 (PDT)
Received: from [IPv6:2001:67c:10ec:2a49:8000::10d6] (unknown [IPv6:2001:67c:10ec:2a49:8000::10d6]) by trammell.ch (Postfix) with ESMTPSA id 9AC241A04E8 for <spud@ietf.org>; Wed, 1 Jun 2016 12:44:48 +0200 (CEST)
From: Brian Trammell <ietf@trammell.ch>
X-Pgp-Agent: GPGMail 2.6b2
Content-Type: multipart/signed; boundary="Apple-Mail=_8BE5DFB4-25A0-43C9-A59A-69815B0A2EE0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Date: Wed, 01 Jun 2016 12:44:47 +0200
Message-Id: <85E24D9D-F666-49C3-A022-2F207227A153@trammell.ch>
To: spud <spud@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/ymBYzNywI1KibgpTOMNODJfCKkM>
Subject: [Spud] updated draft PLUS charter, rev. 1 June
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2016 10:44:53 -0000

Greetings, all,

We've taken another editing pass to tighten the charter; results inline below at on GitHub (https://github.com/ietf-plus/charter). We think this is getting close to something it would be useful to discuss and wordsmith at a BoF.

Further comments welcome.

Thanks, cheers,

Brian and Mirja


Path Layer UDP Substrate (PLUS)
===============================

The PLUS working group's goal is to define a common shim layer atop the User
Datagram Protocol (UDP) to provide a transport-independent method to signal
flow semantics under transport and application control, necessary to enable
the deployment of new, encrypted transport protocols within the existing
Internet. UDP provides compatibility with currently deployed middleboxes as
well as ubiquitous support in endpoints, and supports userspace implementation
of new transport protocols. The working group will not specify any new
transport protocols.

The current Internet protocol stack does not provide explicit, in-band,
transport-independent signaling to on-path network devices. This has led to
the deployment of devices which perform implicit discovery of transport
semantics and traffic characteristics via inspection of protocol headers and
payload, a practice made possible when these are sent in the clear.

In order to support more ubiquitous deployment of encryption, and the
encryption of transport headers to allow deployment of new transport
protocols, explicit in-band signaling must be added to the stack. This
signaling must be transport protocol independent, and the types of information
signaled must be based on characteristics that can be independently verified
by devices on path, or that can be usefully applied without requiring a trust
relationship between endpoints and the path. Further, a feedback channel that
provides information from on-path devices back to endpoints and applications,
e.g. for error handling, is essential for the deployment and success of an
explicit cooperation approach.

While IP would seem to be the natural home for this facility, both IPv4 and
IPv6 options and extensions have deployment problems on their own, which makes
it hard to include any additional information in these protocols.

The PLUS working group will specify a new protocol as a Path Layer
UDP Substrate (PLUS), to support experimental deployment of
explicit cooperation between endpoints and devices on path, with the following goals:

- enable ubiquitous deployment of encrypted higher layer protocols
  by providing exposure of basic TCP-like semantics (e.g. SYN, FIN,
  RST flags) to devices on path (e.g. NATs and firewalls).

- allow applications and transport protocols to explicitly provide
  limited information with integrity protection to devices on path

- allow devices on path to provide unencrypted feedback and information
  about the path directly to sending endpoints, under sending endpoint
  control

- allow devices on path to provide unencrypted information about the
  path to receiving endpoints, with encrypted feedback to the
  sending endpoint, under sending endpoint control

This approach explicitly gives the control of information exposure back the
application and/or transport layer protocol on the end host. It is the goal of
PLUS to minimize the information exposed, to make information exposure
transparent, and to limit the level of detail to that useful for network
treatment, while encrypting everything else. Endpoint verification of
signaling integrity, careful design of minimal data structures, and
restrictive policies for registration of signals can help to meet this goal.
This is important to avoid future implicit treatment and resulting
ossification, as well as to minimize the privacy risks presented by explicit
cooperation.

Given that the primary goal of PLUS is to enable the deployment of transport
protocols with encrypted headers, we assume that the higher-layer protocol can
provide an encryption context that can be used by PLUS to provide
authentication, integrity, and encryption where needed. The primary threat
model to defend against will be modification or deletion of exposed
information by middleboxes and other devices on path, by allowing a remote
endpoint to detect modifications.

The working group will start with an initial set of use cases (see draft-
kuehlewind-spud-use-cases) and requirements (see draft-trammell-spud-req),
taken from experience with the Substrate Protocol for User Datagrams (SPUD)
prototype. The working group's main output will be an experimental protocol
specification, together with an initial registry of types of information that
can be exposed using PLUS, clearly aligned to the use cases determined by the
working group. The working group will close if it is not able to come to
consensus on a protocol design to meet these requirements.

The working group will additionally aim to identify and work with other
working groups that could address parts of these requirements within existing
protocols, e.g. by specifying new protocol extensions, or as input for on-
going standardization work. It will aim to work with working groups defining
encryption protocols (e.g. DTLS) which could be used for encryption of
transport protocols running over PLUS.

v2.23.0 | Report a Bug | By Email