[saag] Introduction to qlog
Robin MARX <robin.marx@uhasselt.be> Mon, 08 March 2021 13:09 UTC
Return-Path: <robin.marx@uhasselt.be>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF243A2A55 for <saag@ietfa.amsl.com>; Mon, 8 Mar 2021 05:09:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uhasselt.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m07i0WIRdfI6 for <saag@ietfa.amsl.com>; Mon, 8 Mar 2021 05:09:11 -0800 (PST)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF953A29E7 for <saag@ietf.org>; Mon, 8 Mar 2021 05:09:06 -0800 (PST)
Received: by mail-wr1-x429.google.com with SMTP id h98so11347840wrh.11 for <saag@ietf.org>; Mon, 08 Mar 2021 05:09:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uhasselt.be; s=google; h=mime-version:from:date:message-id:subject:to; bh=QOOcwmkdsWJm3i5wDT0GEV9rSzFm0DEFTHF8OvGnALE=; b=k9dGMXlAs9vsaDPT8RlykmZ5xsKAhpOBJqtxpZyhmejsDzJw2HgXXjqDUnuvo2EOBM ITun2jtUzSyUOHlQZrjOETDJh79viHYD4/HfKfE8U1Ch9p8WyD5cAAFOCs3Y4bxsqzhQ tpRTK0KQUpwwjzAXkPy+fIgs2kWM1ez3MOIjc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QOOcwmkdsWJm3i5wDT0GEV9rSzFm0DEFTHF8OvGnALE=; b=FQg4lwDpUOq9jBIAa/9/vI1i3yuJpZF/SByAtgp9GaCCACL1BAXdozZeOG8LadwGMr ITqofn82Js+9ZJkLzvlh9RlHNvcqL5qZ+xf+iAy+dOgQr57/gIZdIInebAK8TgOFTy4B iSYhF4nOh/ZXfAux8EwUFz0EgrdKCHwgSFKcOqkMwq19RleO1K4373PQy1txhRqlT+7t MuOhutCQxxrTxkXvIe3gXGlTo7/ROzlKA2+X5q2q91Q5CjQagZoQoHIX50OhNSLisG2B rBdULOmVZ7Q2Ir8InxtBWvVidbWRDlxm6oTbQfdyuoSsHcYRD5d6c/AZndzmDhdXhmxB XFEg==
X-Gm-Message-State: AOAM532opG/NOsobmfMaGTamS1l054z7dtrK+TPmkUPTqD0y6wWbfH1H K+q6yUtluwWMUCqGXRpdajVsMLFRgl6yg21z7a0Z5SA/SInGeQ==
X-Google-Smtp-Source: ABdhPJyuN+ccy7ii6JLPTepEi9TjJwthAhgjXFL3y1/B9A4xpWlyZpR79ppIz0hlzFPzxjkGp8SMeDx9wFcp5iOUmLc=
X-Received: by 2002:a5d:430a:: with SMTP id h10mr23621346wrq.162.1615208939818; Mon, 08 Mar 2021 05:08:59 -0800 (PST)
MIME-Version: 1.0
From: Robin MARX <robin.marx@uhasselt.be>
Date: Mon, 08 Mar 2021 14:08:46 +0100
Message-ID: <CAC7UV9bEcMdA04NmewrAPBUi-OOWKwaZjauVuMjJxyAesFGuAg@mail.gmail.com>
To: saag@ietf.org, secdispatch@ietf.org
Content-Type: multipart/alternative; boundary="000000000000189fbe05bd062330"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/KOCPh4_yWZDKt8bo4zTjZIdFY4M>
Subject: [saag] Introduction to qlog
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 13:09:15 -0000
Hello saag and secdispatch, On Thursday, I have a slot during the saag meeting to talk with you about the qlog project. Since this is the first time this is discussed in this wg, and because it might be of interest to secdispatch as well, your chairs asked me to do a small introduction via the mailing list in preparation. qlog [1][2] started off as a way to do logging for HTTP/3 and QUIC (hence Quic LOGging). As QUIC encrypts almost all of its metadata, utilizing packet captures for analysis almost always requires full decryption of application (user) data as well, leading to potential scalability and especially privacy issues. As such, qlog instead proposes logging protocol metadata at the "endpoints"/implementations directly (e.g., client, server, load balancer, ...), where only the necessary (and properly anonymized) metadata can be recorded. This approach additionally allows the inclusion of events typically not seen on the wire, such as congestion control behaviour. All events are recorded in a structured format (currently JSON) using a fixed schema to make it easier to write cross-implementation tooling. This approach has since found some success for QUIC and HTTP/3, with the majority of implementations supporting the format [3] (or something similar) and actively using its associated qvis tooling [4] to debug and analyse implementations and deployments. As such, the qlog drafts are on track to be adopted by the QUIC wg following their re-charter after delivering QUIC v1 in the coming months. However, it is clear that qlog's basic principles (mainly: structured logging at endpoints) can be useful for many other (encrypted) protocols besides QUIC and HTTP/3 as well. As such, while for practical reasons the continued qlog work will happen in the QUIC wg, the goal is to define it as a protocol-agnostic framework, complete with guidelines to add event definitions for new protocols. This can already be seen in the current split in two drafts: the first defines a general-purpose schema with the format and high-level metadata [1], while the QUIC and HTTP/3-specific events are in the second document [2]. The idea would be to have different documents for additional protocols added in the future. In order to make sure qlog can indeed eventually be used as a substrate for many different protocols and use cases, we are now already soliciting feedback and insights from the wider IETF community. My presentation on qlog will give a bit more details on qlog, how it has been used in practice and about the main open challenges we hope you can help us with. It will hopefully also entice some of you to join the later discussions in the QUIC wg as well, of course ;) See you all on Thursday! With best regards, Robin [1]: https://datatracker.ietf.org/doc/draft-marx-qlog-main-schema/ [2]: https://datatracker.ietf.org/doc/draft-marx-qlog-event-definitions-quic-h3/ [3]: https://qlog.edm.uhasselt.be/anrw/files/DebuggingQUICWithQlog_Marx_final_21jun2020.pdf [4]: https://qvis.quictools.info -- dr. Robin Marx Postdoc researcher - Web protocols Expertise centre for Digital Media T +32(0)11 26 84 79 - GSM +32(0)497 72 86 94 www.uhasselt.be Universiteit Hasselt - Campus Diepenbeek Agoralaan Gebouw D - B-3590 Diepenbeek Kantoor EDM-2.05
- [saag] Introduction to qlog Robin MARX