Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

"Lubashev, Igor" <> Thu, 24 October 2019 21:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D5FA712008C for <>; Thu, 24 Oct 2019 14:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fgA1xulQIhzc for <>; Thu, 24 Oct 2019 14:41:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0FA5712009E for <>; Thu, 24 Oct 2019 14:41:07 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id x9OLbVBM032372; Thu, 24 Oct 2019 22:38:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=IMYmrzuFDXQ99zFquH97UppwiMXbRWlKE9ETVlG4z0s=; b=T7wNR0+ic+Bfxr62JlHVRSxGzzUsylbR6630RKDJMrb8koOlgh72sy/7v6Zif05B9Wwp zzV+yyKL7Egqz+BBrIfH5uzDE6jVmVDhH0XkFehRyMo2p6tIjdQlxRF65d2GKOF7Z9gL 6DfXae1Qnzj4c0QhuoW4ovrLdzMEJjrpgupcSI7o0qMWfhc4NBE8k6s9eILsL5VM/ry8 m4Er1kzqpuLhlv9opC9Vxx4vm5OZuUDT4t2LaljnOThcL068Y3fKqad88xgnq9owPV4m 6yEDFs9lYuDe1KNu0c541hnvKFPikZyZb8ebYIKeR+Bbfw8p+chvMgjPbHSWvKPKTQJ2 9g==
Received: from prod-mail-ppoint3 ( [] (may be forged)) by with ESMTP id 2vssv8413f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 24 Oct 2019 22:38:37 +0100
Received: from pps.filterd ( []) by ( with SMTP id x9OLW0vc023381; Thu, 24 Oct 2019 17:38:37 -0400
Received: from ([]) by with ESMTP id 2vqwu139qy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 24 Oct 2019 17:38:36 -0400
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 24 Oct 2019 16:38:35 -0500
Received: from ([]) by ([]) with mapi id 15.00.1473.005; Thu, 24 Oct 2019 16:38:35 -0500
From: "Lubashev, Igor" <>
To: Mirja Kuehlewind <>, "" <>, "" <>, "" <>, "" <>
CC: "" <>, "" <>
Thread-Topic: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019
Date: Thu, 24 Oct 2019 21:38:34 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <CWLP123MB257982F95FE59290A4B6AA94EB6A0@CWLP123MB2579.GBRP123.PROD.OUTLOOK.COM> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4e33ed6b9ee64e06a36b4a9e1dbe74baustx2exdag1mb5msgcorpak_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-24_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910240203
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-24_12:2019-10-23,2019-10-24 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 mlxscore=0 spamscore=0 malwarescore=0 bulkscore=0 adultscore=0 suspectscore=0 phishscore=0 clxscore=1011 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910240204
Archived-At: <>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Oct 2019 21:41:12 -0000

ConEx tries to address the right set of questions, albeit the only proposed solution was for IPv6.

I like ConEx’s including an ECN CE Echo bit, since that lets you determine upstream and downstream congestion (if it happens on an ECN-supporting device). It is valuable for protocols that encrypt transport’s CE Echo information (like QUIC).  The combination of Q-bits (as in RFC 8321) and L-bits (as in ConEx) would let you do the same for loss.  A Spin-bit would be a useful addition for measurement, albeit it would require cooperation of both endpoints.

  *   Igor

  There is work in ippm (draft-cfb-ippm-spinbit-new-measurements) that also attempts to use bits to inform the network about loss. That alternative does not require observer inferring Q-bit period (some power-of-2), but it requires both endpoints cooperating (which affects deployability) and can only detect loss of a minority of packets (fewer than 1/4 of server-to-client packets will typically have markings whose loss can be detected).

From: Mirja Kuehlewind <>
Sent: Thursday, October 24, 2019 11:54 AM
To:;;;; Lubashev, Igor <>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

In ConEx, we also get upstream congestion by subtracting the ECN CE marks form the ConEx ECN marks, or count TCP seq# holes and subtract that number from the ConEx Loss marks. Of course the latter is not possible with QUIC and you would need something like the Q bit instead which however is basically Alternate-marking as defined in RFC8321.

From: tsvwg <<>> on behalf of "<>" <<>>
Date: Thursday, 24. October 2019 at 16:38
To: "<>" <<>>, "<>" <<>>, "<>" <<>>, "<>" <<>>
Cc: "<>" <<>>, "<>" <<>>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019


Please can you explain your comment about the L bit: “only Q bit (upstream loss) is doable (L bit must be sent by sender for end-to-end loss evaluation)” Surely both the Q & the L bit are set by the sender?

I’d prefer a generic solution rather than one for one transport protocol.

I think it’s worth looking at<>    This defined an IPv6<> destination option for carrying ConEx markings in IPv6 datagrams. I think its L bit is identical to your L bit. RFC7837 also has 4 reserved bits so a bis would have plenty of room for Q bit.<>  discusses why the WG chose a destination option.

There seems to me a lot of similarity between the Conex work and this work, both in objectives & method. The Q bit is new since conex, and seems to offer some advantage of a clearer signal about upstream loss, under some assumptions.

Best wishes,

From: tsvwg [] On Behalf Of Kuhn Nicolas
Sent: 24 October 2019 11:20
To: 'Christian Huitema' <<>>; Tom Herbert <<>>; Lubashev, Igor <<>>
Cc: Joe Touch <<>>;<>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019


As far as I can see, there are different ways of signaling losses that are being discussed.
Here is an attempt of discussing advantages and drawbacks of each approach.
I believe that going for : short-term QUIC-bits and long-term TSVWG-bits is a good way forward. Moreover, this does not prevent from also having layer IP solutions.

-              Using IP level bits
Advantage : long term solution that is compatible for any upper-layer protocol
Drawback : compatibility with L2 tunnel solutions, problems in making it for IPv4 and IPv6 and only Q bit (upstream loss) is doable (L bit must be sent by sender for end-to-end loss evaluation)
-              Using new QUIC bits
Advantage : quick deployment of the solution and simple solution
Drawback : specific to QUIC
-              Generic transport solution
Advantage : standard solution for any transport
Drawback : “time-to-market” and only Q bit (upstream loss) is doable (L bit must be sent by sender for end-to-end loss evaluation)
-              Using OAM information
Advantage : management plane focusing on management functions – clearer interfaces between control, data and management planes
Drawback : need for standard interfaces between the different equipment that may follow other standard (IEEE, 3GPP) and management of “old” network still in operation

The privacy issues that are said to be specific to QUIC solution are inherent to any solution IMHO.

My 2cts,


De : tsvwg <<>> De la part de Christian Huitema
Envoyé : lundi 21 octobre 2019 20:20
À : Tom Herbert <<>>; Lubashev, Igor <<>>
Cc : Joe Touch <<>>;<>
Objet : Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, closes 23 October 2019

On 10/21/2019 7:31 AM, Tom Herbert wrote:

That misses the point of the statement. There are many protocols that don't have ubiquitous support over the Internet-- EH, IP fragmentation, any transport protocol other than TCP and sometimes UDP, and even IPv6. If "ubiquitous support" is required for deployment then we can never deploy new protocols or any protocol that is atypical to intermediate devices. So, unless we're planning on never doing anything new on the Internet, we need to address this.

The goal of any "for the network" signal is improved QoS.  Hence, if there is a non-trivial chance that inclusion of such signal will actually degrade QoS (by causing packets with the signal to be dropped), no sender will include such signals (and "happy eyeballs" style code is too complex and risky for the benefit).

As architecturally "ugly" as it sounds, I can only see the QUIC header and the most significant TTL bits as viable alternatives to be deployable widely on the Internet for IPv4.  For IPv6, even HBH and Dest Options are still too "risky" for packets, but that is likely to be improving.

You forgot to mention efforts to encode information in IP addresses, overload bits in the flow label, or other DPI parsing of UDP payload (like tunnels over UDP), and other creative ways to "find" bits that can be repuposed. There're all hacks! IP is designed to be an extensible protocol without the need for these. Pursuing such hacks, instead of using the defined mechanisms of extensibility, ostensibly solves some short term problems, but in the long run perpetuates protocol ossification and stifles evolution of the Internet.

If we want to not rely on hacks, I believe that we have to somehow change the network protocol. I have followed the development of the spin bit in QUIC, and the attempts to use more bits and provide for example indications of packet losses. There are typically two issues: privacy and practicality. Let's not discuss privacy here, except by assuming that privacy-sensitive deployments will find a need to "bleach" the signals. The signals are still useful for connection management as long as a large enough fraction of the connections are not bleached.

I think that solving the "practicality" issue requires moving the signal to the IP layer. The experiments by Orange show that you only need a small number of bits to monitor latency and loss rate from within the network - 2 or maybe 3 bits would do. If these bits are in the transport header, the network monitor has first to find out what transport protocol is in use, and possibly what version. With encrypted transports, that could soon become a daunting task. On the other hand, if the bits are at some fixed position in the IP header, monitoring becomes much simpler.

My personal preference would be to associate these bits with an IPv6 "flow" label, or for IPv4 the five-tuple. Latency is associated with routing and with applications, and in theory all packets in a flow share the same routing and the same kind of end-to-end processing. Of course, there are deployment issues, bleaching issues, etc. But the logic remains: associating latency and loss measurement with a packet flow makes the most sense. Moving that to the IP header also makes sense -- after all, it is very similar to ECN signals. The broad line of the solution would thus be:

1) Steal a couple of end to end bits, or maybe just 4 to 8 Diffserv code points

2) Use these bits to encode the "spin" and "loss" indications, and distinguish them from the "bleached" signal

3) Compute the "spin" and "loss" indications per end-to-end flow, and make that part of the spec.

There are obvious deployment issue, bleaching paths and all that. But at the same time, the information is meant to benefit network management, so there will be a strong incentive for network managers to ensure that it flows freely. Thus, it is not hopeless.

-- Christian Huitema