Re: [Stackevo] draft-thomson-use-it-or-lose-it

"Brian Trammell (IETF)" <ietf@trammell.ch> Tue, 07 August 2018 08:26 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36435126CC7 for <stackevo@ietfa.amsl.com>; Tue, 7 Aug 2018 01:26:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mb42ikqTpC1u for <stackevo@ietfa.amsl.com>; Tue, 7 Aug 2018 01:26:34 -0700 (PDT)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 898FC130DCA for <stackevo@iab.org>; Tue, 7 Aug 2018 01:26:32 -0700 (PDT)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 25B7F340E9C; Tue, 7 Aug 2018 10:26:31 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6030.9391); Tue, 7 Aug 2018 10:26:30 +0200 (CEST)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Tue, 7 Aug 2018 10:26:30 +0200 (CEST)
Received: from [195.176.111.10] (account ietf@trammell.ch HELO public-docking-cx-4089.ethz.ch) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 63435136; Tue, 07 Aug 2018 10:26:30 +0200
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Message-Id: <2394AB68-7548-4B8E-82C6-527E42B88121@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_B3FF7C59-0FC4-48B2-B52A-AAAFAC381799"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Tue, 07 Aug 2018 10:26:29 +0200
In-Reply-To: <7e79337f-ab27-91b7-44c1-a836ef6dad43@cisco.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Stackevo <stackevo@iab.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>
References: <991AD90C-A84A-4302-BB25-C5FAB33C8E80@trammell.ch> <3C07107C-D373-4E4B-ABBA-B025AC3A7B2A@tik.ee.ethz.ch> <CABkgnnXyNAHHTCx_pWtuNdQmFkSjt2b+ytGr7G636-_VtG6mTA@mail.gmail.com> <4FD6FAB0-8C32-4FB8-8836-3538A6B463BF@tik.ee.ethz.ch> <CABkgnnVFZwvztZc9Qy=oJ0+pvchSoiVShKd1AhEJVD5G9UU_XA@mail.gmail.com> <2c74043e-ee37-694e-b850-ee52c9336453@cisco.com> <CABkgnnXHUEqVckcaHKSPEakdHSawUXW7XSSZ1Ah_9ReheH+Tcw@mail.gmail.com> <7e79337f-ab27-91b7-44c1-a836ef6dad43@cisco.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/7MU9_9I2aVa_aUoO1fDcUH51uyI>
Subject: Re: [Stackevo] draft-thomson-use-it-or-lose-it
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2018 08:26:37 -0000

hi all,

One thing that strikes me both about the 240/4 space (and, indeed, other below-the-application examples like IP options and TCP options) is that the ossification here took a *very* long time to happen. It seems to me that this document should try to capture that somehow, but I'm not sure how.

Digging into this example:

All that 791 (September 1981, 36+ years ago) says about Class D/E space is:

"The extended addressing mode is undefined.  Both of these features are reserved for future use."

988 (July 1986, 32 years ago) updates this with the equally useful:

"Class E IP addresses, i.e. those with "1111" as their high-order four bits, are reserved for future addressing modes."

Neither 1519 nor 4632 (CIDR) mention class E addresses at all.

An open question here: at what point would it have been possible to revise this "reserved for future use" in a meaningfully deployable way? Much of the discussion on ossification and greasing in QUIC assumes "never", essentially that undefined and unexercised bits (like all 0xfXXXXXXX IPv4 addresses) are dangerously underspecified and will accrue middleboxes (I still like that image) as quickly as an unpatched Win98 machine would get owned on the open Internet during the Age of the Great Worms.

For class E, it seems to me that there was probably a window (before most of the core routers were primarily ASIC-based) that a change in use could have been rolled out in an uncoordinated way. And much of the difficulty of doing anything with the space now is linked to the fact that the implementations of packet forwarding that will choke on class E addresses are (1) often implemented in hardware and (2) replaced on a 10-year depreciation cycle, if (as is the case with lots of end-network NAT boxes) ever.

(An academic digression into economics: the current value of the class E space at open market rates sold off in /24 blocks is on the order of 3GUSD, ignoring the effects that releasing about a million /24s into the market would have on the dynamics of the market. The unfixability of the "class E problem" is therefore a matter of (1) the total marginal cost of fixing implementations to the point that class E becomes saleable being higher than three billion, which is almost certainly the case and/or (2) an inability to allocate or distribute the proceeds of an auction of said space to the entities that would need to deploy the changes, which is definitely the case. It's a shame that other "stuck migrations" don't map so neatly onto a market to which codepoints can be assigned values, but I suspect the outcome would largely be the same if they did...)

In any case, shipping a protocol with underspecified bits is definitely unsafe, and to be avoided, but we should probably explore the dynamics of how this unsafety actually unfolds. Different layers have different timescales and different amounts of reversibility.

I might swing back around on this and send a PR with something hopefully insightful after I burn down my queue...

Cheers,

Brian


> On 7 Aug 2018, at 08:18, Eliot Lear <lear=40cisco.com@dmarc.ietf.org> wrote:
> 
> Signed PGP part
> Hi Martin,
> 
> I'm just delving into Radius and EAP, but what I like is how opacity was
> used early on for privacy purposes.   So for instance, perhaps the
> largest federated network in the world is Eduroam, and it is built on
> Radius and EAP.  Proper layering has made it possible for there to be
> inner and outer identities that allow for IdPs to manage their user
> bases independently and to keep some amount of privacy.  Klaas Wierenga
> at GEANT was the principal designer.
> 
> We are trying to expand out AAA for IoT use cases, and in that context.
> Some of that work was done with EAP-TEAP, but a little bit more is
> needed.  A key insight there is that it is sort of in between routing
> and application, in that it is multi-party, but not to the insane extent
> of a routing system.
> 
> At the Internet layer, of course, we have a big fat wasteland called
> 240/4, which is just sad.  Vince Fuller, Dave Meyer, and I wanted to
> free up that space, but there were serious concerns that using it would
> cause harm to systems not expecting it to be used, or simply would be
> ineffective.  That was a while ago.
> 
> Eliot
> 
> 
> On 07.08.18 02:24, Martin Thomson wrote:
>> On Mon, Aug 6, 2018 at 11:22 PM Eliot Lear <lear@cisco.com> wrote:
>>> In short, my suggestion is to first decide on what applicability you
>>> want to have, and if broad, then let's explore some other cases.
>> Brian made a similar comment.  I would really like to hear more about
>> broader experience with this.  It seems like TLS is uniquely crappy
>> when it comes to these issues (investigating why would be another
>> valuable research subject...), but I can't believe for a moment that
>> the implementation ecosystem of other protocols is pristine and
>> blemish-free.
>> 
>> If your experience with the AAA protocols reveals anything, I'd be
>> very interested.  My understanding of RADIUS, having used it many
>> years ago, was that it was a great example of the active use thing I
>> advocate for.  That is, the mechanism you use to extend the protocol
>> is so fundamental to the protocol that you cannot avoid correctness in
>> extension handling.  Even having a stronger reaffirmation of that
>> would be helpful.
>> 
> 
> 
> 
>