Re: On the passive measurability of QUIC
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 06 June 2017 17:19 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364DE129AEE for <quic@ietfa.amsl.com>; Tue, 6 Jun 2017 10:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1dlz-nWdR9r for <quic@ietfa.amsl.com>; Tue, 6 Jun 2017 10:19:50 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [139.133.204.173]) by ietfa.amsl.com (Postfix) with ESMTP id 97E47129B16 for <quic@ietf.org>; Tue, 6 Jun 2017 10:19:49 -0700 (PDT)
Received: from dhcp-207-152.erg.abdn.ac.uk (dhcp-207-152.erg.abdn.ac.uk [139.133.207.152]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 9D6A01B014AC; Tue, 6 Jun 2017 20:14:25 +0100 (BST)
Reply-To: gorry@erg.abdn.ac.uk
Subject: Re: On the passive measurability of QUIC
To: Mike Bishop <Michael.Bishop@microsoft.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Brian Trammell <ietf@trammell.ch>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>
References: <FCCAC281-BC7B-4E4B-AC34-9517FD336A65@trammell.ch> <CABcZeBPZR2+YjN6TGP=GJqGqJS4p9-LVi=-KWkSA8+USkJ1VfA@mail.gmail.com> <ADD9E4FC-C337-42F4-A5DD-517B4BCF15BF@trammell.ch> <CAKKJt-cDUOkcGVshxv9930comdue0FA2=jS23rg1L0Q50T5bSQ@mail.gmail.com> <MWHPR03MB2944F8F742286CFB0C9979E487CB0@MWHPR03MB2944.namprd03.prod.outlook.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: The University of Aberdeen is a charity registered in Scotland, No SC013683.
Message-ID: <ce715fab-177e-468c-a1b8-98f37a3bf406@erg.abdn.ac.uk>
Date: Tue, 06 Jun 2017 18:19:48 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <MWHPR03MB2944F8F742286CFB0C9979E487CB0@MWHPR03MB2944.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/w4edsHcJ37OXFeRdyaQPh3SAuPA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 17:19:54 -0000
See my little postscript at the end. On 06/06/2017 10:19, Mike Bishop wrote: > Regarding the billing question…. For mobile devices, I believe the > major OSes support pushing policies to the clients that > differently-billed traffic should be sent over a different APN. We’re > doing work in RS3 to enable more apps to hook into these policies and > have their traffic correctly routed to the right APN. (In previous > versions, it was implemented in our HTTP stack and required extra work > if you were using your own stack.) This might just be a problem that > gets solved at a different layer, rather than via traffic inspection, > and not something we need to cater to in QUIC (or TLS). > > *From:* QUIC [mailto:quic-bounces@ietf.org] *On Behalf Of *Spencer > Dawkins at IETF > *Sent:* Tuesday, June 6, 2017 6:33 AM > *To:* Brian Trammell <ietf@trammell.ch> > *Cc:* Eric Rescorla <ekr@rtfm.com>; IETF QUIC WG <quic@ietf.org> > *Subject:* Re: On the passive measurability of QUIC > > So a couple of things, while wearing a couple of hats. > > On Jun 1, 2017 10:07, "Brian Trammell (IETF)" <ietf@trammell.ch > <mailto:ietf@trammell.ch>> wrote: > > hi ekr, > > > > On 01 Jun 2017, at 15:55, Eric Rescorla <ekr@rtfm.com > <mailto:ekr@rtfm.com>> wrote: > > > > I like the general framing of these questions, but it's pretty > hard to address them in > > the abstract. Rather, I think it would be more useful to start > not with the specific properties > > but rather with the *services* that collecting these measurements > is intended to facilitate > > and then work forward to the various baskets of measurements you > would need to > > support said services and from that try to make a cost/benefit > analysis [0]. Do you or > > someone else have such a list of services? > > Sure. Here are the ones I know about off the top of my head. Note > here, for "services", I understand "higher-level measurement > activities", or what would be called "solutions" on the > marketing-heavy websites of the vendors who build these boxes. > Please correct me if I'm wrong here. "Service" is unfortunately so > overloaded a term as to be unclear in many cases, even with context. > > As AD: this thread, like the spoofing thread, is the type of discussion > on the management deliverable I was hoping the working group would have, > when I agreed to approve the QUIC charter. Thank you. > > I know this conversation isn't easy, and so does the rest of the IESG, > and so does the IAB. We had high level discussions in this space on the > joint IAB-IESG day of our retreat a couple of weeks ago, and the ADs > continued that discussion during both days of the IESG retreat. > > 1. Access network performance measurement. This is largely the > problem the LMAP WG is chartered to address, using IPPM metrics. > Here, peak achievable throughput (of an access link), loss, latency, > and (sometimes) jitter are the metrics of interest, both in > controlled testing (active measurement) as well as passive > measurement of user traffic, on the theory both that accidental and > intentional differential treatment of measurement traffic will make > active measurement unreliable, as well as to reduce network load due > to unproductive active measurement traffic. Loss/congestion and > latency are the primary passively measurable metrics of interest > here. This measurement activity is used by network operators for > capacity planning and troubleshooting purposes, as well as by > national and supranational regulatory agencies to hold network > operators within their jurisdictions accountable. The deployment > location changes depending on who's performing the measurements, but > it's generally run as close as possible to the access link (for > broadband access) or on the handset itself (for mobile measurements). > > > 2. Interdomain troubleshooting of network performance issues. See > https://github.com/quicwg/base-drafts/issues/166 > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fquicwg%2Fbase-drafts%2Fissues%2F166&data=02%7C01%7Cmichael.bishop%40microsoft.com%7C88ec89b10e6644f53c1908d4ac952076%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636323203891635662&sdata=NzTkpTK%2FUwRJx695JPDH4WY6C7%2FEY0ikKVz2OD5Sd6Q%3D&reserved=0>. > Though it proposes a mechanism, it clearly calls out the key metrics > as packet loss and congestion, with the ability to localize > congestion using multi-observation-point measurement as important. > > > 3. Service performance monitoring (my example here was Boundary, > which is apparently called bmc TrueSight Pulse (tm) now) uses > passive network-level latency and throughput measurements to augment > information collected by agents running on servers themselves to > isolate performance issues on those servers. > > > 4. Perimeter security monitoring of access and enterprise networks. > Related to work in the DOTS WG, which focuses specifically on the > DDoS mitigation aspect of this broad topic. This is largely > concerned with detecting and blocking attack traffic. Most of the > measurement task in this case is classifying traffic as benign or > not, and it uses any input available to make that determination. > None of the metrics I talk about in the previous message are really > relevant here, though -- spoofed traffic detection is more useful in > this context than latency. It's relevant to QUIC, though, in that > one of the inputs to this classification is whether traffic is TCP > or not: the more likely QUIC traffic is to be classified as > default-benign, the better its deployability on networks employing > this monitoring. > > As a possibly helpful individual, this list seems to include implicitly > what Erik mentioned explicitly in the spoofing thread - thinking about > what trusts what, and what controls what. I thought that explictness > would be helpful. > > The obvious one mentioned in our charter, for completeness: > > -1. Billing, both for metered consumer-grade access as well as > transit contracts. This is -1 because it's not really relevant to > transport protocol design, as it generally doesn't require anything > beyond byte/packet count per billable user, where the billable user > is usually associated with something that happens below layer 3, > zero-rating and other such practices notwithstanding. > > As AD: this would be an especially useful assertion to converge on > (after the interim, of course). > > If QUIC isn't able to help with billing(*), that needs to not be a Late > Surprise (tm). > > Spencer > > (*) Back to speaking as an individual, one of the responses that would > not surprise me is "applications using QUIC aren't much harder to bill > for than applications using TLS or TCPINC, so, whatever you do for > those, do it for QUIC". If something like that turns out to be the > answer, people who care about billing need to be figuring out what Plan > B is ... > > > -Ekr > > > > [0] Where the cost clearly has to include future unknown privacy > risk. > > Evaluating an unknown risk is a pretty cool trick. ;) > > Seriously, though, I'd really appreciate any suggestions you would > have as to how to concretely evaluate this risk, at least for > purposes of comparison of proposals. Information theoretic metrics > seem to me to be not very useful here, since they make the implicit > (and false) assumption that all bits of entropy are equally > potentially dangerous to privacy. > > Thanks, cheers, > > Brian > I wrote this draft also: https://www.ietf.org/internet-drafts/draft-fairhurst-tsvwg-transport-encrypt-01.txt - It's not so much about middleboxes that change things, as about boxes that look at things. Some of this may be relevant to this thread. It's not specifically about QUIC, but I suspect that was what I had partly in mind as I tried to understand the implications of encrypting teh cntrol information. Gorry
- On the passive measurability of QUIC Brian Trammell (IETF)
- Re: On the passive measurability of QUIC Eric Rescorla
- Re: On the passive measurability of QUIC Brian Trammell (IETF)
- RE: On the passive measurability of QUIC Dave Dolson
- Re: On the passive measurability of QUIC Spencer Dawkins at IETF
- RE: On the passive measurability of QUIC Mike Bishop
- Re: On the passive measurability of QUIC Gorry Fairhurst