Re: On the passive measurability of QUIC
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Tue, 06 June 2017 04:33 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77FF4126BFD for <quic@ietfa.amsl.com>; Mon, 5 Jun 2017 21:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmCh2WewctKe for <quic@ietfa.amsl.com>; Mon, 5 Jun 2017 21:32:58 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05C9E1201F8 for <quic@ietf.org>; Mon, 5 Jun 2017 21:32:58 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id l14so63501496ywk.1 for <quic@ietf.org>; Mon, 05 Jun 2017 21:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=y85Os/9LsNTjba2wGbnWHDAHc3MQA2ab5cB5P8QPxAw=; b=jsbTzxFw9pHy3fnL1evzkVMBVqYSHdY1etk0h9GH+3jnLnVJ8MYwSvFrOiT3Ctb5Ip FOobVOh/34K9qmC822trJqgk3VYRgIOhCbmiu5CriF7Oebt9f0cvQoPz4zmhrf4SRMoN sGwREAlLTR4/ACfsESqvr3JwTzlstuynFf5EuG7oncqMyviSK7dFlWFa4v5YUaJLecOB 5rsg4jLuGVYS6Cxep6kHe74zy75sUVpUB6dSe1vuAmobCDtAekbtxxj1O2sJEDu86vfU YYSoe589OLUYT7+6C0oR6f2jinrz7C/4oEAZtXFWcZWpKMCg3YKxcxk3MY4gmli8rlEy biXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=y85Os/9LsNTjba2wGbnWHDAHc3MQA2ab5cB5P8QPxAw=; b=VXFtGXPA8UWYoJSDVWeuHDRNnrp5lkGQYt6Xxo74ua+NVbcxDMOpX5iY1NQ5hBcaA+ hg01PIiPQlnrdiIj2oluz4oA5zyc2IDLPAuAnxeFvXGcRSLPQduPkxBgjit0zWTwbx6A 5WuIP4sAxCbghj1Honf4/zoN/9NW+Ppwmm+8yAombD9Lx3TZJdIZYliVwJSCb5s/TkX1 Lmrt21TNbl1NqSGBHh/BXls2iGC0Nz2sDxew/lA+Hsmz8K4VFeGQd86M9DwjzY6qdX9u yxVITgusymUjYKUGfQ3OZhXcm9hy/k8187HejLjLRY3wrS+as3tTeXC+ohP7zNRPbekU i8QQ==
X-Gm-Message-State: AODbwcA1hn9FLTdhMPpAAvUCdsZMvEvp1nQVwnuSJMglS2fXPCFbJLH1 20oFxPMb3/D8EwBgtPFtDKUPD74Aug==
X-Received: by 10.129.78.84 with SMTP id c81mr1271708ywb.289.1496723577194; Mon, 05 Jun 2017 21:32:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.195.194 with HTTP; Mon, 5 Jun 2017 21:32:56 -0700 (PDT)
Received: by 10.37.195.194 with HTTP; Mon, 5 Jun 2017 21:32:56 -0700 (PDT)
In-Reply-To: <ADD9E4FC-C337-42F4-A5DD-517B4BCF15BF@trammell.ch>
References: <FCCAC281-BC7B-4E4B-AC34-9517FD336A65@trammell.ch> <CABcZeBPZR2+YjN6TGP=GJqGqJS4p9-LVi=-KWkSA8+USkJ1VfA@mail.gmail.com> <ADD9E4FC-C337-42F4-A5DD-517B4BCF15BF@trammell.ch>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 05 Jun 2017 23:32:56 -0500
Message-ID: <CAKKJt-cDUOkcGVshxv9930comdue0FA2=jS23rg1L0Q50T5bSQ@mail.gmail.com>
Subject: Re: On the passive measurability of QUIC
To: Brian Trammell <ietf@trammell.ch>
Cc: IETF QUIC WG <quic@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="001a114d2278255ca70551431dc0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/LQ73_q4rsBpEhjtF3LW05_je_Ko>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 04:33:00 -0000
So a couple of things, while wearing a couple of hats. On Jun 1, 2017 10:07, "Brian Trammell (IETF)" <ietf@trammell.ch> wrote: hi ekr, > On 01 Jun 2017, at 15:55, Eric Rescorla <ekr@rtfm.com> wrote: > > I like the general framing of these questions, but it's pretty hard to address them in > the abstract. Rather, I think it would be more useful to start not with the specific properties > but rather with the *services* that collecting these measurements is intended to facilitate > and then work forward to the various baskets of measurements you would need to > support said services and from that try to make a cost/benefit analysis [0]. Do you or > someone else have such a list of services? Sure. Here are the ones I know about off the top of my head. Note here, for "services", I understand "higher-level measurement activities", or what would be called "solutions" on the marketing-heavy websites of the vendors who build these boxes. Please correct me if I'm wrong here. "Service" is unfortunately so overloaded a term as to be unclear in many cases, even with context. As AD: this thread, like the spoofing thread, is the type of discussion on the management deliverable I was hoping the working group would have, when I agreed to approve the QUIC charter. Thank you. I know this conversation isn't easy, and so does the rest of the IESG, and so does the IAB. We had high level discussions in this space on the joint IAB-IESG day of our retreat a couple of weeks ago, and the ADs continued that discussion during both days of the IESG retreat. 1. Access network performance measurement. This is largely the problem the LMAP WG is chartered to address, using IPPM metrics. Here, peak achievable throughput (of an access link), loss, latency, and (sometimes) jitter are the metrics of interest, both in controlled testing (active measurement) as well as passive measurement of user traffic, on the theory both that accidental and intentional differential treatment of measurement traffic will make active measurement unreliable, as well as to reduce network load due to unproductive active measurement traffic. Loss/congestion and latency are the primary passively measurable metrics of interest here. This measurement activity is used by network operators for capacity planning and troubleshooting purposes, as well as by national and supranational regulatory agencies to hold network operators within their jurisdictions accountable. The deployment location changes depending on who's performing the measurements, but it's generally run as close as possible to the access link (for broadband access) or on the handset itself (for mobile measurements). 2. Interdomain troubleshooting of network performance issues. See https://github.com/quicwg/base-drafts/issues/166. Though it proposes a mechanism, it clearly calls out the key metrics as packet loss and congestion, with the ability to localize congestion using multi-observation-point measurement as important. 3. Service performance monitoring (my example here was Boundary, which is apparently called bmc TrueSight Pulse (tm) now) uses passive network-level latency and throughput measurements to augment information collected by agents running on servers themselves to isolate performance issues on those servers. 4. Perimeter security monitoring of access and enterprise networks. Related to work in the DOTS WG, which focuses specifically on the DDoS mitigation aspect of this broad topic. This is largely concerned with detecting and blocking attack traffic. Most of the measurement task in this case is classifying traffic as benign or not, and it uses any input available to make that determination. None of the metrics I talk about in the previous message are really relevant here, though -- spoofed traffic detection is more useful in this context than latency. It's relevant to QUIC, though, in that one of the inputs to this classification is whether traffic is TCP or not: the more likely QUIC traffic is to be classified as default-benign, the better its deployability on networks employing this monitoring. As a possibly helpful individual, this list seems to include implicitly what Erik mentioned explicitly in the spoofing thread - thinking about what trusts what, and what controls what. I thought that explictness would be helpful. The obvious one mentioned in our charter, for completeness: -1. Billing, both for metered consumer-grade access as well as transit contracts. This is -1 because it's not really relevant to transport protocol design, as it generally doesn't require anything beyond byte/packet count per billable user, where the billable user is usually associated with something that happens below layer 3, zero-rating and other such practices notwithstanding. As AD: this would be an especially useful assertion to converge on (after the interim, of course). If QUIC isn't able to help with billing(*), that needs to not be a Late Surprise (tm). Spencer (*) Back to speaking as an individual, one of the responses that would not surprise me is "applications using QUIC aren't much harder to bill for than applications using TLS or TCPINC, so, whatever you do for those, do it for QUIC". If something like that turns out to be the answer, people who care about billing need to be figuring out what Plan B is ... > -Ekr > > [0] Where the cost clearly has to include future unknown privacy risk. Evaluating an unknown risk is a pretty cool trick. ;) Seriously, though, I'd really appreciate any suggestions you would have as to how to concretely evaluate this risk, at least for purposes of comparison of proposals. Information theoretic metrics seem to me to be not very useful here, since they make the implicit (and false) assumption that all bits of entropy are equally potentially dangerous to privacy. Thanks, cheers, Brian
- On the passive measurability of QUIC Brian Trammell (IETF)
- Re: On the passive measurability of QUIC Eric Rescorla
- Re: On the passive measurability of QUIC Brian Trammell (IETF)
- RE: On the passive measurability of QUIC Dave Dolson
- Re: On the passive measurability of QUIC Spencer Dawkins at IETF
- RE: On the passive measurability of QUIC Mike Bishop
- Re: On the passive measurability of QUIC Gorry Fairhurst