Re: [Stackevo] draft-thomson-use-it-or-lose-it

Martin Thomson <martin.thomson@gmail.com> Fri, 03 August 2018 08:04 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C73130FB2 for <stackevo@ietfa.amsl.com>; Fri, 3 Aug 2018 01:04:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAySplPJpuP4 for <stackevo@ietfa.amsl.com>; Fri, 3 Aug 2018 01:04:11 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 646AB130DCE for <stackevo@iab.org>; Fri, 3 Aug 2018 01:04:11 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id j205-v6so8357544oib.4 for <stackevo@iab.org>; Fri, 03 Aug 2018 01:04:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=b9dFJ8k32jwOEZDfWHu/v/z9RQIwwoG7+MTH7qpOOfk=; b=SZr9Jks7hlQe/mcwdbnl27q/qjZi9ytVK5MZ1PGZyARZLJsw46KEHtYVNmCfkP7wS5 F8xHrZDniv9IsHlmp7voGTa/ICxynUOrcaLj2dwr8r+Mq0IK5/OPPuANkT1kFr5mRL2S V8Rl2gk0+AL3natQSHSHxNnittVUFHRZVhH0hTX1DI4c67FOw7ZGjdDXw6CVV0+/TWTP ddSDcBvEUtJ2+hyuR2P+Pit8RVtqZXi2azTWm1b3NBbFVLKlApzlA/YIMKu3qgzLqNlH QBGPfRtRlabQCAVPOb3yPRYtDKraUDpi7aDFq8LRYj7HvrfnXm3JrqbWhcZhxd/pQiV5 UJng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=b9dFJ8k32jwOEZDfWHu/v/z9RQIwwoG7+MTH7qpOOfk=; b=sI8iy6DMG7+GOs1mAL74g7+EgK0Z96GQ6vFgtl7HCV+MBd+uMYnLGaawwuFCkjE3Zz yUjEyuyk5/XdiwANjpFnUJ9uz1lDDVDzKeEjIV1enUlux7h31O/jo36V/vKvyNtWQgCs W4kPILV7rc8SxKer0cUc5kURaCLmcgeQ4CeytF7rQDge6/6P0KVb033deY38zZeXi2EB Y1Po0emtU/5Pr73lfom0n3VdowYvRKDwYCOoh9NFpRZfmVtjcueYdWeFMBqwtw6Tb+Q/ QHyi8wO7PitygPr1vjYu5Mbxr3htK/5D6WyjQQe+f1qZ23bN9WMWSeP3iF1LX3G3zT5g ndcw==
X-Gm-Message-State: AOUpUlE7KpfnK6pupiEg8qljFCbYvRX30BzC9vG4khrfrbX4cEmfOBqg ZWZPCBoGwf/sblLQ/Xh9HicSDAvF3sRkB/25CSTJPtU9
X-Google-Smtp-Source: AA+uWPwHN9j2CizvgBc7yhqJZ5n3VdCFgXJJBSbNBHQWEfW+hA8kCcWcSP6J+VOVZUiNhR0UbUyYOjq0mf09rD+gjqo=
X-Received: by 2002:aca:b208:: with SMTP id b8-v6mr2082638oif.144.1533283450511; Fri, 03 Aug 2018 01:04:10 -0700 (PDT)
MIME-Version: 1.0
References: <991AD90C-A84A-4302-BB25-C5FAB33C8E80@trammell.ch> <3C07107C-D373-4E4B-ABBA-B025AC3A7B2A@tik.ee.ethz.ch>
In-Reply-To: <3C07107C-D373-4E4B-ABBA-B025AC3A7B2A@tik.ee.ethz.ch>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 03 Aug 2018 18:03:59 +1000
Message-ID: <CABkgnnXyNAHHTCx_pWtuNdQmFkSjt2b+ytGr7G636-_VtG6mTA@mail.gmail.com>
To: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Cc: Stackevo <stackevo@iab.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/I2QlXCaZCM5dNKB6jvqxijjvmV0>
Subject: Re: [Stackevo] draft-thomson-use-it-or-lose-it
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2018 08:04:21 -0000

Thanks for reading Mirja,  Comments inline.

On Fri, Aug 3, 2018 at 12:42 AM Mirja Kühlewind
<mirja.kuehlewind@tik.ee.ethz.ch> wrote:
>
> Hi Martin,
>
> I finally reviewed the doc completely and I really like the „use-it-or-lose-it“ message and the background explanations. However, I’m less sure about the migration techniques you propose (sec 4).
>
> First section 4.1. (Active Use), I think, could be more concrete: does it make sense to specify two versions in parallel just to use this mechanism? Or just make sure you actually have a plan to specify a next version soon. And does it also mean that you should not have a versioning mechanism if you don’t plan to specify another version soon?

I don't think that we know the answer to this question just yet.  So
I'm not confident in writing anything concrete.

I seriously doubt that deploying two versions from day 0 would be
effective.  There were cases of TLS extension points that shipped with
a small set of options, which ultimately ossified: though each of
those values would work, new values couldn't be deployed.  That
happened because the entire set remained unchanged over a fairly long
period.  Greasing revealed and ultimately fixed those, hence some of
the enthusiasm for that mechanism - but you might easily argue that
this was something that could be found by other means (and I would
agree with you).

TLS version negotiation is another example of this as well.  SSLv3,
TLS 1.0 through 1.2 could all be negotiated, but even attempting to
advertise TLS 1.3 caused enough things to break that deployment was
untenable.  And TLS version negotiation couldn't be greased.  Moving
to a new mechanism means that it can be greased now, but we don't know
how effective that will be.

So my guess is that shipping with any small N isn't effective.  What
we know is effective is continual addition of new values.  That plan
you have for v2 isn't useful until you ship v2.  And you don't know
that v3 can be shipped until you ship v3.  As long as N is small, I
don't think that you can ever be confident that N+1 will work.  I
don't know what the value of N is when you can be confident in the
success of N+1 either.  Maybe the only measure of defense is velocity
- any sufficiently stable target will be nailed down, but a moving
target evades capture.

There is talk now about shipping new TLS versions every few months.
Not major revisions, but revisions that rearrange the protocol in
different ways that exercise various capabilities that we might like
to preserve.  It's still essentially grease, so apply the same
skepticism, but the idea is that you can't just say that x&0x0f0f ==
0x0a0a is safe to ignore because everything changes.  For instance,
one change might add 13 to all extension codepoints, another might
reorder the fields in some messages.

> Then I’m really not sure about section 4.2. Maybe I’m just not a full believer in greasing but I really think it worked „well" for TLS because you used it as a mechanism to detect deployed brokenness afterwards. I really don’t think you will have the same result if you reserve something for greasing at the time of the first specification, because then people will implement this as an extra case (even if it would be easier to just implement the versioning mechanism correctly, because this is just how people work).

I tried hard to capture some of this skepticism, because I share your
view.  That it sort of worked for TLS isn't a great proof that the
general technique is effective.  As it says "Incorrect implementations
might still be able to correctly identify these code points and ignore
them."  I've added some more negative language as well :)

> Also section 4.3: I have the feeling that the middlebox problem is a bit a different question. It’s a good note to spell out that middleboxes are protocol participants (as done in section 2.2), however, explicitly only exposing what should be expose is rather the message of the path-signals and wire-image drafts and I think I would rather refer to these drafts instead.

I will do that.  That document had rather uncertain status when this
was first written.  That no longer true :)

> Not sure if section 4.4. should be rather an own section because it is something additional and not really a migration technique/design principle for protocols, is it?

It's a separate concept, but Section 4 is more broadly about
strategies, and while Section 4.4 isn't a strategy on its own, it's
complementary to the other strategies.  I've made this clearer in the
lead-in to prevent there from being any misapprehension about why that
section is there.  (I was originally going to put this with grease,
because it's so essential there, but it's really a separate
technique.)