[tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06

Thomas Fossati <Thomas.Fossati@arm.com> Mon, 17 June 2019 15:54 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 368461201CE; Mon, 17 Jun 2019 08:54:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BVR7lndtwtdI; Mon, 17 Jun 2019 08:53:58 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150088.outbound.protection.outlook.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0892512018C; Mon, 17 Jun 2019 08:53:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2/yrWC9vLp775B9HrIcDR4ooeBSzszl4H6TtmVtUaig=; b=N7bd6W0NthZUDF+JhCe+57DgWFK7AciDKqNBhyvKbYcd6Ey9IXOef2tP3bYVVB5fzW6tSMdNW0eoeJjpNwOPey9pr5iH7ece6V5NBomkEoAhVFosp0eMFMBl5t5cXi4DYPUPqMHVtyrqUAhW+12iLF7NScQ/wJn+t2vw20no3IY=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ( by AM6PR08MB3014.eurprd08.prod.outlook.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Mon, 17 Jun 2019 15:53:55 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::3d83:d73e:b0ff:b8fd]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::3d83:d73e:b0ff:b8fd%5]) with mapi id 15.20.1987.014; Mon, 17 Jun 2019 15:53:55 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "draft-ietf-tsvwg-transport-encrypt@ietf.org" <draft-ietf-tsvwg-transport-encrypt@ietf.org>
CC: "tsvwg@ietf.org" <tsvwg@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: Comments on draft-ietf-tsvwg-transport-encrypt-06
Thread-Index: AQHVJSTdcQse4lv+RU+E6ztvfwE+Sw==
Date: Mon, 17 Jun 2019 15:53:55 +0000
Message-ID: <E0BAA0EC-4D2D-4578-A2A1-45B3DA831911@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 02e76396-4697-449e-4549-08d6f33c00a1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM6PR08MB3014;
x-ms-traffictypediagnostic: AM6PR08MB3014:
x-microsoft-antispam-prvs: <AM6PR08MB30146F227989A26F87B825E29CEB0@AM6PR08MB3014.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0071BFA85B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(396003)(39860400002)(136003)(346002)(40434004)(189003)(199004)(68736007)(66066001)(186003)(7736002)(5660300002)(102836004)(66946007)(73956011)(54906003)(450100002)(2616005)(4326008)(26005)(76116006)(91956017)(66476007)(66446008)(64756008)(66556008)(6512007)(305945005)(316002)(6916009)(8676002)(81156014)(86362001)(33656002)(81166006)(8936002)(6436002)(5640700003)(3846002)(14454004)(53936002)(71190400001)(71200400001)(6506007)(476003)(36756003)(486006)(25786009)(2906002)(72206003)(2501003)(2351001)(6486002)(6116002)(478600001)(256004)(14444005)(5024004)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3014; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HmCryufWWu8/nDuFvbdHa874QtZHMcr8j5eTl5lV9mOVToVhyZ2Vzvftq/xZ0nQ6SmQU9fTg3DzEeLk74kyrhQSZuK6vpNFZ7DsuRUpLmDmQ5exUIaE45/16O0oCAD2ac+GQSDQSy9XAXAlPivKeErMS1l9VH5Fkc3Hz0Y0Kv0P8MVPavILUoK9JJgfm5WDP1QkNy0/C7SxQoMfr1Hld0Rza75XNviiJl2WnnW4jbBblFW6D8APBJeyIKVRVL1XyJx5h0jTnmZhh0QHd3bpU9n8A7YWpWLfeAZ+cxvz2ltBCmXWu6++5cmTHUxvPLdiLe1bQtmtfka0Yu0bayCiIeRR2uNta8yBcGtyZpXqCHPZ1hFBqVz5x5anVlUPHF5Yke/qtv4m2RVCjV+w42sE3jpOMibcE4DJkNjUl7TG7m7E=
Content-Type: text/plain; charset="utf-8"
Content-ID: <78C46512FD24DA43BBAC914503E3FBCF@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 02e76396-4697-449e-4549-08d6f33c00a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2019 15:53:55.2650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Thomas.Fossati@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3014
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/TMXC9Tpam1p8GqDmuhT74KUPd9Y>
Subject: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 15:54:01 -0000

Hi Gorry, Colin,

I have read your fine draft and gathered a few comments for your

I think the intro material (Sections 1 and 2) could be slimmed down
- There's a bit of repetition (sometimes literally, e.g.: 2nd and 3rd
  para of the intro section carry the same exact information);
- Content-wise, with regards to setting the context, there seems to be
  good overlap with a few already published RFCs - for example both
  Path signals [RFC8558] and Wire image [RFC8546] could be used to
  factor out a bunch of text here?  Just a suggestion.

The rest is really good material with the right balance of breadth and
depth (IMHO).

However, one of the raison d'etre of the document, as I interpret it, is
to describe which tools & techniques are available to network operators
that can survive transports that mux and prioritise inside an encrypted

And while the document does a very good job identifying what *doesn't*
work anymore, the "every time a transport field is encrypted, a passive
measurement tool gets his wings" story, while factually accurate, only
tells one half of the tale.

In that respect, I think the draft should also consider any emerging
techniques & tools.  In particular, ML solutions (especially RNN and
reinforcement learning architectures) look like one very plausible way
this is going to evolve.

Which is not to say these methods are in all cases mature enough for
production.  On the contrary, I think currently very few of them would
be ready for prime time.  But this is one line of work that has shown,
in published research at least, encouraging levels of precision &
accuracy (even with encrypted traffic), while dealing with all the
typical scenarios a network operator faces.  (I've seen ML applied to
fault detection and localisation, QoE/QoS measurements in both real-time
comms and adaptive video, anomalies / misuse / intrusion detection, the
whole lot.)

The thing is that if ML or like approaches are not good enough or not
mature enough, the risk that MiTM and forced fall-back to TCP become a
practical and effective tool in the hands of network operators increases
substantially, which would be pretty unfortunate.  (And yes, we could
have handled the transition more graciously, cf. SPUD/PLUS, but we
decided not to, so here we are.)  In this respect, I think it's critical
to create a shared understanding of what the challenges are and what
concrete actions can be taken to accelerate / incentivise the
development and adoption of ML in this venerable field.  To this end,
it'd be great if the document provided (even succinctly) a critical look
on ML that highlights the potential and actual successes, its
limitations (both in general, and specifically WRT encrypted transports)
as well as the current gaps.

For example, one thing that becomes quickly apparent once you start
surveying the existing literature is that comparing different
ML-for-network-traffic experiments is quite problematic.  The lack of
uniform evaluation metrics as well as standardised labelled datasets
(which is only aggravated by ML's sensitivity on training and validation
data) looks like a gap that urgently needs filling and one where the
IETF is ideally placed to help reducing the observed fragmentation.

OK, I'll stop here - I wanted this to be short and snappy but I got
carried away somehow.  Hopefully my points are still visible above the
noise line.

Thanks again for the great job gathering 20+ years of collective
knowledge and experience.

Cheers, t

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.