PLUS BoF Agenda Chairs: Aaron Falk, Natasha Rooney Responsible AD: Spencer Dawkins THURSDAY, July 21, 2016 1000-1230 Morning Session I Room: Potsdam I =============== AGENDA 1. Introduction: Chairs (10 mins) 2. Specific Problem Areas Presentations (45 min) Enterprise network viewpoint: Joe Hildebrand Mobile network viewpoint: Natasha Rooney Architectural viewpoint: Ted Hardie 3. Proposal & Relevant Discussion Summary: Brian Trammell (30 mins) 4. Charter review: Chairs (15 mins) 5. Charter Discussion: BoF attendees (60 mins) =============== Relevant drafts: Requirements for the design of a Substrate Protocol for User Datagrams ​https://tools.ietf.org/html/draft-trammell-spud-req-04 Use Cases for a Substrate Protocol for User Datagrams ​https://tools.ietf.org/html/draft-kuehlewind-spud-use-cases-01 =============== DRAFT CHARTER: Path Layer UDP Substrate (PLUS) The PLUS working group's goal is to define a common shim layer atop the User Datagram Protocol (UDP) to provide a transport-independent method to signal flow semantics under transport and application control, necessary to enable the deployment of new, encrypted transport protocols within the existing Internet. UDP provides compatibility with currently deployed middleboxes as well as ubiquitous support in endpoints, and supports userspace implementation of new transport protocols. The working group will not specify any new transport protocols. The current Internet protocol stack does not provide explicit, in-band, transport-independent signaling to on-path network devices. This has led to the deployment of devices which perform implicit discovery of transport semantics and traffic characteristics via inspection of protocol headers and payload, a practice made possible when these are sent in the clear. In order to support more ubiquitous deployment of encryption, and the encryption of transport headers to allow deployment of new transport protocols, explicit in-band signaling must be added to the stack. This signaling must be transport protocol independent, and the types of information signaled must be based on characteristics that can be independently verified by devices on path, or that can be usefully applied without requiring a trust relationship between endpoints and the path. Further, a feedback channel that provides information from on-path devices back to endpoints and applications, e.g. for error handling, is essential for the deployment and success of an explicit cooperation approach. While IP would seem to be the natural home for this facility, both IPv4 and IPv6 options and extensions have deployment problems on their own, which makes it hard to include any additional information in these protocols. The PLUS working group will specify a new protocol as a Path Layer UDP Substrate (PLUS), to support experimental deployment of explicit cooperation between endpoints and devices on path, with the following goals: - enable ubiquitous deployment of encrypted higher layer protocols by providing exposure of basic TCP-like semantics (e.g. SYN, FIN, RST flags) to devices on path (e.g. NATs and firewalls). - allow applications and transport protocols to explicitly provide limited information with integrity protection to devices on path - allow devices on path to provide unencrypted feedback and information about the path directly to sending endpoints, under sending endpoint control - allow devices on path to provide unencrypted information about the path to receiving endpoints, with encrypted feedback to the sending endpoint, under sending endpoint control This approach explicitly gives the control of information exposure back the application and/or transport layer protocol on the end host. It is the goal of PLUS to minimize the information exposed, to make information exposure transparent, and to limit the level of detail to that useful for network treatment, while encrypting everything else. Endpoint verification of signaling integrity, careful design of minimal data structures, and restrictive policies for registration of signals can help to meet this goal. This is important to avoid future implicit treatment and resulting ossification, as well as to minimize the privacy risks presented by explicit cooperation. Given that the primary goal of PLUS is to enable the deployment of transport protocols with encrypted headers, we assume that the higher-layer protocol can provide an encryption context that can be used by PLUS to provide authentication, integrity, and encryption where needed. The primary threat model to defend against will be modification or deletion of exposed information by middleboxes and other devices on path, by allowing a remote endpoint to detect modifications. The working group will start with an initial set of use cases (see draft- kuehlewind-spud-use-cases) and requirements (see draft-trammell-spud-req), derived from experience with the Substrate Protocol for User Datagrams (SPUD) prototype. These documents are the source of the broad goals of the PLUS effort described in this charter. Detail changes to the requirements are in scope for the working group. The working group's main output will be an experimental protocol specification, together with an initial registry of types of information that can be exposed using PLUS, clearly aligned to use cases determined by the working group. This specification will consider potential attacks against the protocol, both arising from the encapsulation chosen as well as new attacks made possible by the protocol, and propose mitigations for these attacks. The working group will close if it is not able to come to consensus on a protocol design to meet its goals. Discussion and reports of implementations and deployments of the PLUS specification, and discussion and reports of implementations and deployments of transport protocols running over PLUS, will be in-scope for the working group, to evaluate the progress of the experiment. The working group will additionally aim to identify and work with other working groups that could address its goals within existing protocols, e.g. by specifying new protocol extensions, or as input for on- going standardization work. It will aim to work with working groups defining encryption protocols (e.g. DTLS) which could be used for encryption of transport protocols running over PLUS. It will aim to work with working groups defining transport protocols (e.g. QUIC) whose development efforts could act as sources of requirements for PLUS. Out of scope for the working group are: - The design and specification of new transport protocols running over PLUS - Mechanisms for signaling among multiple devices on path between two endpoints - Mechanisms for key exchange or cryptographic context establishment between endpoints and devices on path Initial milestones: - Chartering + 4 mo: WGLC on use cases and requirements for a PLUS protocol; this milestone may be fulfilled as an Informational document to be published as an RFC, or its content may be incorporated into the protocol specification document described by the following milestone - Chartering + 12 mo: Submit an Experimental protocol specification for the PLUS protocol to the IESG - Chartering + 18 mo: Submit initial contents of registry of signals to be exposed using PLUS to the IESG