SPUD – The IETF's anti-snooping protocol that will never be used

Applications and paths

Something else the people working on the project would like is to make it easier for applications to understand what's happening in the path over the Internet.

Here, he said, the kernels running a TCP/IP stack know what's going on, but that's not easily available to application developers.

And it's tougher than it looks, because you can't change the millions of kernels that already exist, you have to deploy this across lots of operating systems, and you have to do it without giving the application root access anywhere.

“I know this sounds an obvious set of requirements, but it's semi radical thinking for a lot of people”, Hildebrand said.

To explain why this could be required, he pointed to TCP retransmissions.

“The stack knows when a chunk of data has arrived – there's an ACK – so it knows 'I can drop it'.”

That basic information, however, is hard to get from the kernel to the application. “I sent this, and the socket closed”, Hildebrand said, “but I don't know if it made it”.

For most application developers, the solution is duplication: they create their own ACK on top of TCP.

A solid library that implements the basics of a protocol – and exposes that information upwards – would be useful to developers, Hildebrand said. “You don't want every app developer to do all the timers and math for retransmission and guaranteed delivery.

“It also means application developers could get access to information we've been screaming for, but there's no convenient way to get that in existing APIs.”

“What's enabling the discussion is getting people with a background in transport layer protocols, and people familiar with application protocols like XMPP and HTTP.”

They can say to each other things like “no, that won't work” or “we tried that before” or “have you tried this?”, hopefully to get to a place where everyone is humming.

“This is the best of the IETF – people learning from each other, changing their minds,” he said.

Privacy (again)

Before readers call it out: yes, the boffins are aware that a SPUD-like protocol could create new privacy exposures.

That's a concern Hildebrand said the architecture bods are aware of: “making sure we don't expose too much information, or that we don't have a mechanism that would allow info exposure that we didn't intend.

“We're still exploring those issues. There are people scared of what SPUD might do if we're not careful.”

However, he said, this is “the right time” to address such concerns, “way before we get to engineering, because it's hard to bolt privacy onto a protocol afterwards” (as anyone trying to do so in the IETF would probably attest).

The IAB's attitude to stack evolution is to “think about the protocol architecture; decide what the requirements are; and then start the engineering”, he said.

And no, there isn't a timeline for the project: “This is a big enough change that it's worth not rushing it.”

There isn't even a timeline for when Hildebrand hopes SPUD will be ripped up.

“I am intending to throw every byte of code away, and every document,” he said. Its purpose is to create “the requirements for what we end up doing”.

“We could, for example, end up with a new set of requirements for DTLS [Datagram Transport Layer Security – editor] or [Google's] QUIC.

“Because all the people behind those protocols are participating in the conversation in a collaborative way, we could end up redoing other protocols, changing their intent, changing security the model.

“There's a lot of work still ahead. But the absolute intent is that we throw this protocol away”. ®