Re: [Pearg] Measuring latency in IP privacy architectures

Antoine FRESSANCOURT <> Wed, 10 November 2021 13:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E42F43A0FC5 for <>; Wed, 10 Nov 2021 05:21:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RVlB-fsrmu1l for <>; Wed, 10 Nov 2021 05:21:29 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A887F3A0FCC for <>; Wed, 10 Nov 2021 05:21:28 -0800 (PST)
Received: from (unknown []) by (SkyGuard) with ESMTP id 4Hq58K3fBgz67yPg; Wed, 10 Nov 2021 21:21:05 +0800 (CST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.15; Wed, 10 Nov 2021 14:21:25 +0100
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Wed, 10 Nov 2021 13:21:24 +0000
Received: from ([]) by ([]) with mapi id 15.01.2308.015; Wed, 10 Nov 2021 13:21:24 +0000
From: Antoine FRESSANCOURT <>
To: Tommy Pauly <>, "" <>
Thread-Topic: Measuring latency in IP privacy architectures
Thread-Index: AQHX1jRmebVL9vKAJ0Gx9gFJt5ZMIKv8vNlQ
Date: Wed, 10 Nov 2021 13:21:24 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4a572a6067b841d5809b9cda9e8315b6huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [Pearg] Measuring latency in IP privacy architectures
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Nov 2021 13:21:34 -0000

Hello Tommy,

As I am the author for this slide, I feel I am best suited to answer you.

My perception of the latency of the solutions I am presenting is for now rather theoretical. As Private relay and Gnatcatcher use public key cryptography algorithms, I made the assumption that the computation time dedicated to cryptographic operation is larger in this case that in TOR which uses symmetric key cryptography.

Yet, I agree with you that presenting this as latency while I can’t present figures might be misleading. To address this point, I propose to replace “latency” with “cryptographic load” in this schema to be more accurate with regards to what I really mean. Would you be OK with this change?

I agree with you on the performance / latency methodology we should agree on.

Best regards,


From: Tommy Pauly []
Sent: Wednesday, November 10, 2021 2:11 PM
To:; Antoine FRESSANCOURT <>
Subject: Measuring latency in IP privacy architectures


I was looking at the slides for one of the PEARG talks for tomorrow, and had some questions about one of the graphs. (I likely won’t be able to attend the meeting due to a conflict, so I thought I’d ask here!).

There’s a slide titled “Positioning SoA projects on a map”, with two axes—“attack class” and “latency”. While the “class” is a relatively subjective measurement, the latency metric should be pretty straightforward. I assume that the latency axis goes from lowest-latency on the left, and highest-latency on the right. There weren’t any numbers provided, but I was very surprised to see that both Gnatcatcher and iCloud Private Relay were listed further to the right than TOR! In the case of iCloud Private Relay, which I work on, our overall metrics show that the average page load time for the browser going through the relays is actually faster than going direct for most parts of world. To that end, our effective latency is quite good. Can anyone share insight into what the methodology was behind this graph?

More generally, if we’re discussing latency for IP privacy solutions, it would be good to agree on what methodology is appropriate across very different technologies. IP-tunnelling can end up requiring more round trips for typical workflows (due to DNS and TCP handshakes over the tunnel) than CONNECT-style proxying (which can end up doing DNS+TCP+TLS in one round trip). That changes the experience of latency, in addition to the actual round-trip-time between hops.