[Secdispatch] Introduction to qlog
Robin MARX <robin.marx@uhasselt.be> Mon, 08 March 2021 13:09 UTC
Return-Path: <robin.marx@uhasselt.be>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D68463A2A39 for <secdispatch@ietfa.amsl.com>; Mon, 8 Mar 2021 05:09:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uhasselt.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpTiMzTOvzub for <secdispatch@ietfa.amsl.com>; Mon, 8 Mar 2021 05:09:06 -0800 (PST)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D5D43A29B0 for <secdispatch@ietf.org>; Mon, 8 Mar 2021 05:09:02 -0800 (PST)
Received: by mail-wr1-x42e.google.com with SMTP id u14so11403983wri.3 for <secdispatch@ietf.org>; Mon, 08 Mar 2021 05:09:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uhasselt.be; s=google; h=mime-version:from:date:message-id:subject:to; bh=QOOcwmkdsWJm3i5wDT0GEV9rSzFm0DEFTHF8OvGnALE=; b=k9dGMXlAs9vsaDPT8RlykmZ5xsKAhpOBJqtxpZyhmejsDzJw2HgXXjqDUnuvo2EOBM ITun2jtUzSyUOHlQZrjOETDJh79viHYD4/HfKfE8U1Ch9p8WyD5cAAFOCs3Y4bxsqzhQ tpRTK0KQUpwwjzAXkPy+fIgs2kWM1ez3MOIjc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QOOcwmkdsWJm3i5wDT0GEV9rSzFm0DEFTHF8OvGnALE=; b=Trw+nV074eyYBjWU16lo9u3YEsMvTtPe9qY817lJ6wTfKZhraufnZCHvHWZLyO0bGI QXAJ9QCcIMhFvbn2dARaJ1kc24N9oqdBwYYlaKRa7r4df6J1n6MgxA0I+b9hF2N5nPSY XUdBXw1ltChfiOndwKq1bxcHcXfHAod7MJplW59ljDcy/chkh1yVT6vKt4m1iPTx7Nwp QOP29DlCAbnURyIaQYo61jsiwKSqRb1aSG7C0pw5weObLWsyGk8d1yKx2eNJlGQYgFTt Q2LngdVmkOCTM7bEFaPzJUJtrb56t+McW3y4aqBxg2UXiOIUkFyLm3Vd5KofYgQrLsqg 0htQ==
X-Gm-Message-State: AOAM531mavHE8S6ANBpTczWCLHZYvjYK9m/qWIFyNgAkpIdH4FUpIORL cBy28s8M4QdR3T5CIEd1XZv2T3ERSDbMPl5rmv3W3wyvchcGVA==
X-Google-Smtp-Source: ABdhPJyuN+ccy7ii6JLPTepEi9TjJwthAhgjXFL3y1/B9A4xpWlyZpR79ppIz0hlzFPzxjkGp8SMeDx9wFcp5iOUmLc=
X-Received: by 2002:a5d:430a:: with SMTP id h10mr23621346wrq.162.1615208939818; Mon, 08 Mar 2021 05:08:59 -0800 (PST)
MIME-Version: 1.0
From: Robin MARX <robin.marx@uhasselt.be>
Date: Mon, 08 Mar 2021 14:08:46 +0100
Message-ID: <CAC7UV9bEcMdA04NmewrAPBUi-OOWKwaZjauVuMjJxyAesFGuAg@mail.gmail.com>
To: saag@ietf.org, secdispatch@ietf.org
Content-Type: multipart/alternative; boundary="000000000000189fbe05bd062330"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/EABi9Wt1r4WvsFYdENX1IPIyP9g>
Subject: [Secdispatch] Introduction to qlog
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 13:09:15 -0000
Hello saag and secdispatch, On Thursday, I have a slot during the saag meeting to talk with you about the qlog project. Since this is the first time this is discussed in this wg, and because it might be of interest to secdispatch as well, your chairs asked me to do a small introduction via the mailing list in preparation. qlog [1][2] started off as a way to do logging for HTTP/3 and QUIC (hence Quic LOGging). As QUIC encrypts almost all of its metadata, utilizing packet captures for analysis almost always requires full decryption of application (user) data as well, leading to potential scalability and especially privacy issues. As such, qlog instead proposes logging protocol metadata at the "endpoints"/implementations directly (e.g., client, server, load balancer, ...), where only the necessary (and properly anonymized) metadata can be recorded. This approach additionally allows the inclusion of events typically not seen on the wire, such as congestion control behaviour. All events are recorded in a structured format (currently JSON) using a fixed schema to make it easier to write cross-implementation tooling. This approach has since found some success for QUIC and HTTP/3, with the majority of implementations supporting the format [3] (or something similar) and actively using its associated qvis tooling [4] to debug and analyse implementations and deployments. As such, the qlog drafts are on track to be adopted by the QUIC wg following their re-charter after delivering QUIC v1 in the coming months. However, it is clear that qlog's basic principles (mainly: structured logging at endpoints) can be useful for many other (encrypted) protocols besides QUIC and HTTP/3 as well. As such, while for practical reasons the continued qlog work will happen in the QUIC wg, the goal is to define it as a protocol-agnostic framework, complete with guidelines to add event definitions for new protocols. This can already be seen in the current split in two drafts: the first defines a general-purpose schema with the format and high-level metadata [1], while the QUIC and HTTP/3-specific events are in the second document [2]. The idea would be to have different documents for additional protocols added in the future. In order to make sure qlog can indeed eventually be used as a substrate for many different protocols and use cases, we are now already soliciting feedback and insights from the wider IETF community. My presentation on qlog will give a bit more details on qlog, how it has been used in practice and about the main open challenges we hope you can help us with. It will hopefully also entice some of you to join the later discussions in the QUIC wg as well, of course ;) See you all on Thursday! With best regards, Robin [1]: https://datatracker.ietf.org/doc/draft-marx-qlog-main-schema/ [2]: https://datatracker.ietf.org/doc/draft-marx-qlog-event-definitions-quic-h3/ [3]: https://qlog.edm.uhasselt.be/anrw/files/DebuggingQUICWithQlog_Marx_final_21jun2020.pdf [4]: https://qvis.quictools.info -- dr. Robin Marx Postdoc researcher - Web protocols Expertise centre for Digital Media T +32(0)11 26 84 79 - GSM +32(0)497 72 86 94 www.uhasselt.be Universiteit Hasselt - Campus Diepenbeek Agoralaan Gebouw D - B-3590 Diepenbeek Kantoor EDM-2.05
- [Secdispatch] Introduction to qlog Robin MARX