Re: [Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)
Tommy Pauly <tpauly@apple.com> Mon, 11 December 2023 20:58 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4CEAC151086 for <taps@ietfa.amsl.com>; Mon, 11 Dec 2023 12:58:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QLoVtnoMC1_c for <taps@ietfa.amsl.com>; Mon, 11 Dec 2023 12:57:59 -0800 (PST)
Received: from rn-mailsvcp-mx-lapp01.apple.com (rn-mailsvcp-mx-lapp01.apple.com [17.179.253.22]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9C2C151078 for <taps@ietf.org>; Mon, 11 Dec 2023 12:57:59 -0800 (PST)
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by rn-mailsvcp-mx-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S5I00XLOSWJCF10@rn-mailsvcp-mx-lapp01.rno.apple.com> for taps@ietf.org; Mon, 11 Dec 2023 12:57:59 -0800 (PST)
X-Proofpoint-ORIG-GUID: VnE0bCGMgfLgRyojJEdFRBXnH4EIHKXY
X-Proofpoint-GUID: VnE0bCGMgfLgRyojJEdFRBXnH4EIHKXY
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.997 definitions=2023-12-06_16:2023-12-05, 2023-12-06 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 adultscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 phishscore=0 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2312060141
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=zS8wAqpJnOou8IwsDIE7amr70vdWJ68ANJpH+rSlZIA=; b=thu+RmPkZd/eoJnUeo387xODywGyNdb0H379o8iGmlxQZYlrlh+l8xnMIrvDklXg+9JD dbukCP9ysGMcMOZQe+mgU/2GITTVYDPkI+UKHXuTZ/4Wy/JCRbIvPTABxZQ18wA+laM1 DeAd9pQhyvNNeLVq56FsWnzt+97co2k91772BfwW3oz1APu3R4IYq6+l3Th+KOPb/t35 De3vu9T10uoFoNtYWfquWzumvwoa6+RYoI1t+v4qlaWJ3HIFNgTL8a1PJ/loNwnXZSWu WgTNb1I3CB0nmhJFJMz8hX/Hj/HLdCSVW2OXEXSSsodySD0z5AvrPhuGI9OhctgjJVbe dQ==
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S5I00CQLSWEX1Y0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Mon, 11 Dec 2023 12:57:50 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S5I00300STSD000@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Mon, 11 Dec 2023 12:57:50 -0800 (PST)
X-Va-A:
X-Va-T-CD: 3d0d89805bde6761e6cb0171911f2e73
X-Va-E-CD: cdfa155b13dfca1bed04b0b22ed17b7d
X-Va-R-CD: a3f0a7f49d0fe7cccdb8609b2d14eae2
X-Va-ID: 2eec707b-1b77-43d7-a507-958b00b39b5d
X-Va-CD: 0
X-V-A:
X-V-T-CD: 3d0d89805bde6761e6cb0171911f2e73
X-V-E-CD: cdfa155b13dfca1bed04b0b22ed17b7d
X-V-R-CD: a3f0a7f49d0fe7cccdb8609b2d14eae2
X-V-ID: 04701afc-e02a-43e2-ac72-f208cb0079be
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.997 definitions=2023-12-11_09:2023-12-07, 2023-12-11 signatures=0
Received: from smtpclient.apple ([17.11.230.175]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S5I00UBRSVMX100@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Mon, 11 Dec 2023 12:57:50 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <97800D81-C2B2-4516-B65F-6EF769300170@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_9CAE6F69-7EE4-48EC-AC37-16E9F507BE21"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\))
Date: Mon, 11 Dec 2023 12:57:39 -0800
In-reply-to: <FAE5EBC2-026D-4A2A-A5F5-FFC6E08CD8B4@trammell.ch>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-taps-interface@ietf.org" <draft-ietf-taps-interface@ietf.org>, "taps-chairs@ietf.org" <taps-chairs@ietf.org>, "taps@ietf.org" <taps@ietf.org>, "anna.brunstrom@kau.se" <anna.brunstrom@kau.se>
To: Paul Wouters <paul@nohats.ca>, Roman Danyliw <rdd@cert.org>
References: <169393624961.57527.10448223141659236366@ietfa.amsl.com> <02AC9951-CD5A-46AB-9B82-01B434FC5131@trammell.ch> <BN2P110MB1107DF28382D392A4FDBB281DCC1A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <FAE5EBC2-026D-4A2A-A5F5-FFC6E08CD8B4@trammell.ch>
X-Mailer: Apple Mail (2.3774.300.61.1.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/HDKOexqM0348TH_EQqTS85U4dX0>
Subject: Re: [Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2023 20:58:00 -0000
Hi Roman, Paul, Thanks again for your reviews — just a quick reminder to please take a look at the updates, and let us know if there’s anything else that needs to be addressed to clear your DISCUSS. Best, Tommy > On Nov 14, 2023, at 8:22 AM, Brian Trammell (IETF) <ietf@trammell.ch> wrote: > > hi Roman, > > (inline per tradition) > >> On 28 Sep 2023, at 23:01, Roman Danyliw <rdd@cert.org> wrote: >> >> Hi Brian! >> >> Thanks for the response and sorry for the delay. More inline ... >> >>> -----Original Message----- >>> From: iesg <iesg-bounces@ietf.org <mailto:iesg-bounces@ietf.org>> On Behalf Of Brian Trammell (IETF) >>> Sent: Thursday, September 7, 2023 7:29 AM >>> To: Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>> >>> Cc: The IESG <iesg@ietf.org <mailto:iesg@ietf.org>>; draft-ietf-taps-interface@ietf.org <mailto:draft-ietf-taps-interface@ietf.org>; taps- >>> chairs@ietf.org <mailto:chairs@ietf.org>; taps@ietf.org <mailto:taps@ietf.org>; anna.brunstrom@kau.se <mailto:anna.brunstrom@kau.se> >>> Subject: Re: [Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: >>> (with DISCUSS and COMMENT) >>> >>> hi Roman! >>> >>> Thanks for the questions. Points not addressed inline below will be tracked at >>> https://github.com/ietf-taps/api-drafts/issues, but there’s a DISCUSS here, so >>> let’s discuss. :) >>> >>>> On 5 Sep 2023, at 19:50, Roman Danyliw via Datatracker <noreply@ietf.org> >>> wrote: >>>> >>>> ---------------------------------------------------------------------- >>>> DISCUSS: >>>> ---------------------------------------------------------------------- >>>> >>>> ** Section 6.3. I’m having trouble understanding the level of >>>> abstraction used to specify the SecurityParameter API if the desired >>>> outcome is an interoperable solution. My top-line concern is around >>>> what are the defined security parameters are where are they formally >>>> defined. The API examples seem to suggest they are “identity, >>>> server-certificate, client-certificate, key-pair, supported-group, ciphersuite, >>> signature-algorithm, and pre-shared-key.” >>> >>> This is an artifact of trying to balance between two sometimes-opposing goals >>> with the TAPS interface work: >>> >>> (1) The interface specification has to be malleable enough to fit with the >>> existing “built environment” of the platforms that will implement it; concepts >>> that are ancillary to a transport services implementation should be left >>> undefined so that system implementors can build TAPS into their platforms >>> without completely changing how the platform works. IOW we’re not going to >>> define your PKI for you, or your interfaces for managing protocol selection >>> policy, because you should already have these things, because it’s not useful for >>> the purposes of application interoperability to do so, and because we need to >>> set the boundaries of scope somewhere if we want to be done in the ‘20s. >>> >>> (2) The interface specification has to be rigid enough to be usefully >>> interoperable; i.e., two different applications of TAPS on the same platform >>> using the interface in the same way should result in indistinguishably- >>> equivalent communications, while an application using TAPS on one platform >>> that is minimally ported to a different platform should result in unsurprisingly- >>> equivalent communications (the distinction here being that different Transport >>> Services system implementations might differ in meaningful-to-the-platform >>> ways, i.e. in terms of the policy priorities in racing or indeed in the set of >>> underlying stacks implemented). >>> >>> Basically what we’re doing here is guessing (educatedly, but still) about the >>> minimum-interference shape with how existing systems do X (in this case, >>> security property management), under the assumption that these platforms get >>> it right. I think we got this balance mostly right everywhere, but security is the >>> hardest place to do so, precisely because of the rigidity and the formality >>> required in the security space pushes toward an imbalance on the latter. >> >> Thanks for explaining the goal and the intent. The tensions between those goals is clear. >> >> [snip] >> >>> I do think we need to make some changes to the doc to address these points. >>> I’d suggest the following: >>> >>> - Define the highest usable level of abstraction for these parameters >>> - Reiterate the principle that the exact set of values for available enumerations >>> and the exact data formats for each security parameter are platform- >>> dependent. >>> >>> If this would be an acceptable resolution to the DISCUSS, I’ll file the issue and >>> put together the PR. >> >> The above plan makes sense. Thanks for laying out. I would also recommend that the text calibrate the expectations of an "abstract API" and degree of expected interoperability. Inspirationally, the abstract notes that this API is "intended to replace the BSD sockets API as the common interface to the transport layer, in an environment where endpoints could select from multiple interfaces and potential transport protocols." That's a very helpful touchstone. If I squint at the BSD socket API, I see two key differences from what's presented in the current text. Because one could read the .h file, the BSD sockets interface was clear on: >> >> (a) data structures and data types. This draft introduces complicated abstractions with limited definition or underlying representation (e.g., "identity", "ciphersuite"). Additionally, there is no sense of where enumerated values would come from. >> >> (b) function prototypes. This draft has illustrative examples of pseudo-code, but the canonical list of functions and their associated prototypes isn't clear. >> >> Per the goals you outlined in (1) and (2) above, it is clear how this ambiguity serves goals (1), but it seems to impede (2). > > I believe that the changes in -23 (just submitted), among (many) other things, implement this (specifically https://github.com/ietf-tapswg/api-drafts/pull/1430); please take a look. > > (+Paul — this change also addresses the points you raised in your DISCUSS re: security properties) > > Thanks, cheers, > > Brian
- [Taps] Roman Danyliw's Discuss on draft-ietf-taps… Roman Danyliw via Datatracker
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Brian Trammell (IETF)
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Brian Trammell (IETF)
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Tommy Pauly