IETF Logo Mail Archive

Re: [v6ops] draft-xie-v6ops-network-happyeyeballs

Mikael Abrahamsson <swmike@swm.pp.se> Tue, 27 November 2018 11:44 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D01CF129A87 for <v6ops@ietfa.amsl.com>; Tue, 27 Nov 2018 03:44:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmDDS3NbFMF5 for <v6ops@ietfa.amsl.com>; Tue, 27 Nov 2018 03:44:51 -0800 (PST)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5815712F295 for <v6ops@ietf.org>; Tue, 27 Nov 2018 03:44:50 -0800 (PST)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 199BDBA; Tue, 27 Nov 2018 12:44:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1543319088; bh=hMaObZ1Ei/02Qf+5y/HdegNRfCObTNfezfDei+SUTjo=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=sJhVbBZgTKslDMkfnFb6oqSWvRggc/jYzbetwKIU+RDrrVcEhjRA7tRsw9oU0GypK qjfufzlygVD0x5WuMv1/bEj1ayjmmNRyQ0r+IQ3LAQhNR/QMe3AeK8kYW9QFxMiiUK pexvwEZx74PtJxDBIPsyVr1amkj//1gp1RHdclik=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 17D3EB6; Tue, 27 Nov 2018 12:44:48 +0100 (CET)
Date: Tue, 27 Nov 2018 12:44:48 +0100
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Ron Bonica <rbonica@juniper.net>
cc: "v6ops@ietf.org list" <v6ops@ietf.org>
In-Reply-To: <BYAPR05MB42453683C869E9A5327DA903AED70@BYAPR05MB4245.namprd05.prod.outlook.com>
Message-ID: <alpine.DEB.2.20.1811271231060.7766@uplift.swm.pp.se>
References: <BYAPR05MB42453683C869E9A5327DA903AED70@BYAPR05MB4245.namprd05.prod.outlook.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/U-AcAXTrPI99C0If1w6zk4i2458>
Subject: Re: [v6ops] draft-xie-v6ops-network-happyeyeballs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 11:44:55 -0000

On Mon, 26 Nov 2018, Ron Bonica wrote:

> This week, please review and comment on 
> draft-xie-v6ops-network-happyeyeballs.

I think it's a great idea to tell the operator about problems, that kind 
of telemetry can really help in operating the network.

However, the proposed method of doing it (syslog) and the information it 
reports (IP addresses and domains the user is communicating with) has huge 
privacy implications. Also you have no idea who might be grabbing this 
information before it even makes it to the ISP).

I think at a minimum there needs to be an encrypted and verified mechanism 
(https perhaps?) for doing the reporting, so you know where the report 
goes.

I see three entities that have interest in this information, it's the ISP, 
the operating system manufacturer, and the web site which is having 
problems. If HE fails, I see very little harm (privacy) in telling the 
website about it using the address family that actually did work. So that 
could be included. For the device manufacturer, they have "send 
diagnostics information to vendor", so here customers can opt in. For the 
ISP, I have no idea. Here it might be better to define an API between the 
device vendor and the ISP, so that the device vendor can report problems 
seen, at an aggregate? I have personally been involved in getting 
operational people from my employer talking to device vendors to figure 
out what might be wrong, and automating this would be great.

Also, the DNSSEC implications are glossed over grossly. We should take for 
granted that end devices are running validating resolvers and handle that 
use-case.

So I'm supportive of the problem statement and it would help ISPs greatly 
if they could get telemetry from end devices, I just have great concerns 
over the method proposed in this draft.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email