panrg / path-properties

A Vocabulary of Path Properties
Other
1 stars 3 forks source link

(Colin's Review): select a path based on the application being used or the user making the request #80

Closed boucadair closed 1 year ago

boucadair commented 1 year ago

Some systems might want to select a path based on the application being used or the user making the request. There may be reasons to do this, but there are also privacy and fairness concerns with such behaviour. Should the draft say anything about this?

Med: This is an invittaion to discuss, not a request to make changes.

cyrill-k commented 1 year ago

I think we could highlight the potential privacy concerns of revealing path preferences of an endpoint (although I would assume that in most cases, compared to other information leakage such as leaking the addresses of the communicating entities, this will not have a strong impact on the user's privacy). Maybe we could mention this privacy aspect in the security considerations?

Regarding a potential fairness problem, in my opinion this might be too specific to be discussed in the path properties document since it depends on various factors, such as the billing model of path selection (if path selection is not free), availability of diverse (or useful) paths to certain users, etc.

renghardt commented 1 year ago

I'm fine with mentioning potential privacy concerns in the Security considerations, but I'm not sure what exactly the concern is - I agree that leaking addresses is likely to have a stronger impact.

For fairness, I think it would be appropriate to add a sentence about fairness after the "Also, there may be trade-offs between path properties […]", as we are already talking about meeting target properties and already mention caveats with regards to outdated data and trade-offs. Here, we could mention that if many entities are all trying to fulfill their target using the same network resources, this may lead to fairness concerns or a situation where nobody can actually fulfill their target.

csperkins commented 1 year ago

Path selection based on a signalled user identifier has obvious privacy implications.

Path selection based on the application can also leak personal information (e.g., knowing the identity of the application might be sensitive if it's a dating app focused on a particular community, or an app helping to manage a specific health condition). It could also allow operators to block or re-prioritise traffic for users of certain types of application.

I don't think this document needs to go into masses of detail, but it would be useful to highlight that there are issues to consider.

renghardt commented 1 year ago

addressed by #84