Re: [Stackevo] [IAB] draft-hardie-path-signals and draft-trammell-wire-image

Martin Thomson <martin.thomson@gmail.com> Wed, 04 April 2018 23:58 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC089126C2F; Wed, 4 Apr 2018 16:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BlWtPzgAZmtX; Wed, 4 Apr 2018 16:58:02 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A211200A0; Wed, 4 Apr 2018 16:58:02 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id t16-v6so20913682oih.3; Wed, 04 Apr 2018 16:58:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rOqUpu8rVp90zM22SxHE+IMjiE8tWsx2212LcwzbMx0=; b=ppgAWibavaYoHH8uO5uZUenSQvnSPqjs4/5a9MyZHgMf3rx2pJXr0DLwn43m3vFNqQ 7hl/XjINu7Mdb/yMRqS2DjRIr0MtuvkuqygVh5n+Do5/RSB814Tpe0kmcuSsRRZC3/4N g8lKx3aZwd52sP9kjz3KbJaqE6+oL9fGkPYNlBdPCf0Sbm+n6SJXG9LgdWSIwjEdZA7X gvlyeJ9xvzSgCGeW6w/M+ev4hb3SRJ0LZLG+Us8YRP9wRF9fpOczfZ21VYIG8+7NWS2P 3R13A0qTVQkjmrnI9tBfGvANX5/xIGKY9HsuhcOzwqiWSzgmRu43SbmAh8AaqlwpK0vd Bufw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rOqUpu8rVp90zM22SxHE+IMjiE8tWsx2212LcwzbMx0=; b=R4l+wJcc3jFcuxSRYSOfFKTG+zYLQNeS1pWAsx23LCxMNXkctQliU3rsz+BXVV0pEa P7HEr7mbW5EipaMmYtdz+DfvjLDVxPiuFqJ2/ESpzmMUQwNeDRgnmJochdOYTOtJMPpi pV4d4vVhUgu1/xDEDvRiVnh2gXEtO0vEZsNkJyPsKdaA/I/nzLYilVlFruTlmOWeN0+d y8ceL7kKhOeAyrKnJBoaHp1zfkFtr98a5TyOhlfeH2dFGxfFMtwGHjIFEBJPU4Eu4DUT zsoP7p36gQS0WZ14L5OLwzXjZ6Alpb0G7RS7q6Cy63dzjiDPuiupGYqVZ0m+qAsy1vKC KQRQ==
X-Gm-Message-State: ALQs6tCG8m7LyCyXKV90uEggjek5lR45TIb+mcg17MD7bvo9d49RMXbR ugkp+Jn3iQWC0ewmkIHDkQBTa71Tut8NLuT3NySNrp3b
X-Google-Smtp-Source: AIpwx4+DmcAh6SadItUnfLyn9t+n1/98iRGw+YsU76C76uj9MnNG5vbybA1aZQIrWqPrOEHzY3Q2hLweII/3xqs9tcE=
X-Received: by 2002:aca:ab44:: with SMTP id u65-v6mr11721820oie.272.1522886281716; Wed, 04 Apr 2018 16:58:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Wed, 4 Apr 2018 16:58:01 -0700 (PDT)
In-Reply-To: <C986EAB5-CFE3-49AF-A19A-B087E63EE365@trammell.ch>
References: <C986EAB5-CFE3-49AF-A19A-B087E63EE365@trammell.ch>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 05 Apr 2018 09:58:01 +1000
Message-ID: <CABkgnnW8v3SpXPG2HKSCYTfT3QGFVyMeygG6g2iuSmjsceR6UQ@mail.gmail.com>
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: IAB IAB <iab@iab.org>, Stack Evolution Program <stackevo@iab.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/Uvyq9_UJckzg7vNqkal5DU7sU7Q>
Subject: Re: [Stackevo] [IAB] draft-hardie-path-signals and draft-trammell-wire-image
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 23:58:05 -0000

These look mostly good, and I think that it's a worthwhile thing to publish.

Some nits.

On wire-image:

I think that "Invariants" as a bare phrase is a little too close to
jargon.  Maybe "Declaring protocol invariants" works in the two places
that Invariants is capitalized (title and second sentence).

On path-signals:

That first paragraph of the introduction is a pretty large mouthful.
I also think that it doesn't need to say this, which might avoid
controversy:

   This document recommends
   that explict signals be used by transports which encrypt their state
^^^ typo here
  mechanics.

How about:

   Protocol operation generates signals that are seen by on-path elements.
   Though many such signals are intended for consumption by a peer, network
   elements might also consume or alter these signals.  For example,
   TCP operates entirely in the clear, making its signals available to
path elements.
   Signals that are visible to network elements on the path between
   communicating endpoints can be used as signals by those network elements.

   This document explores the consequences of exposing signals to
   network elements.  It recommends the use of confidentiality
   protection for protocol signaling.  It recommends that protocols that
   expose signals to network elements only do so explicitly and with the intent
   that the signals are available to network elements on the path.

There's an errant "(" in Section 3.1.2.  Please provide a citation for
"Endpoint-Independent Mapping/Endpoint-Independent Filtering" as well.

Extra period at the end of 3.1.3.

In security considerations: divergence is not detectable by on-path
devices -> ... might not be ....  Don't assume that we're that good at
avoiding leakage.

On Wed, Apr 4, 2018 at 6:50 PM, Brian Trammell (IETF) <ietf@trammell.ch> wrote:
> Greetings,
>
> After discussion at our Friday morning London meeting (and thanks, all, on the program for your remarkable  Stack Evolution Program would like the IAB to consider two documents for publication on the IAB stream:
>
> https://tools.ietf.org/html/draft-trammell-wire-image-03
>
> https://tools.ietf.org/html/draft-hardie-path-signals-03
>
> The wire image draft describes what a protocol's wire image is, and explores the situations that arise when a protocol splits its visible wire image from the information it uses for its own operation. (It started as a draft I wrote during the extended Singapore plenary discussion on encryption of protocols, riffing off Ted's observation from the dais that protocols with explicit wire images were a completely new thing, in part to describe what I mean when I use the term.)
>
> The path signals draft recommends that protocol machinery be confidentiality protected, and that any signal exposed to on-path devices (outside confidentiality protection) be *explicitly* so exposed and integrity protected. It reiterates that metadata injection is considered harmful.
>
> Thanks, cheers,
>
> Brian (stackevo lead hat)