Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06

Colin Perkins <csp@csperkins.org> Tue, 18 June 2019 10:46 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63111120123; Tue, 18 Jun 2019 03:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3vG9hmbHoVq; Tue, 18 Jun 2019 03:46:23 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E13CC1200FD; Tue, 18 Jun 2019 03:46:22 -0700 (PDT)
Received: from [130.209.157.54] (port=43343 helo=glaroam2-164-219.wireless.gla.ac.uk) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <csp@csperkins.org>) id 1hdBd3-0001RX-Ew; Tue, 18 Jun 2019 11:46:21 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <E0BAA0EC-4D2D-4578-A2A1-45B3DA831911@arm.com>
Date: Tue, 18 Jun 2019 11:46:14 +0100
Cc: "draft-ietf-tsvwg-transport-encrypt@ietf.org" <draft-ietf-tsvwg-transport-encrypt@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <98A10145-5020-4CCA-ABEB-72411A03A3B2@csperkins.org>
References: <E0BAA0EC-4D2D-4578-A2A1-45B3DA831911@arm.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/n0Syfokmz9hORNu7WX_FxqQFPYo>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-transport-encrypt-06
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 10:46:25 -0000

Hi Thomas,

Thanks for your feedback. 

I agree with your comments on the introductory sections; there’s certainly scope to tighten up that text.

As for the rest, I don’t disagree that machine learning will be important, but I’m not the right person to write about it. I’m also not clear where such material would fit in the document. It might be better to have a separate document, that this can maybe refer to, that starts to discuss solutions to the issues identified.

Cheers,
Colin


> On 17 Jun 2019, at 16:53, Thomas Fossati <Thomas.Fossati@arm.com>; wrote:
> 
> Hi Gorry, Colin,
> 
> I have read your fine draft and gathered a few comments for your
> consideration.
> 
> I think the intro material (Sections 1 and 2) could be slimmed down
> substantially:
> - There's a bit of repetition (sometimes literally, e.g.: 2nd and 3rd
>  para of the intro section carry the same exact information);
> - Content-wise, with regards to setting the context, there seems to be
>  good overlap with a few already published RFCs - for example both
>  Path signals [RFC8558] and Wire image [RFC8546] could be used to
>  factor out a bunch of text here?  Just a suggestion.
> 
> The rest is really good material with the right balance of breadth and
> depth (IMHO).
> 
> However, one of the raison d'etre of the document, as I interpret it, is
> to describe which tools & techniques are available to network operators
> that can survive transports that mux and prioritise inside an encrypted
> envelope.
> 
> And while the document does a very good job identifying what *doesn't*
> work anymore, the "every time a transport field is encrypted, a passive
> measurement tool gets his wings" story, while factually accurate, only
> tells one half of the tale.
> 
> In that respect, I think the draft should also consider any emerging
> techniques & tools.  In particular, ML solutions (especially RNN and
> reinforcement learning architectures) look like one very plausible way
> this is going to evolve.
> 
> Which is not to say these methods are in all cases mature enough for
> production.  On the contrary, I think currently very few of them would
> be ready for prime time.  But this is one line of work that has shown,
> in published research at least, encouraging levels of precision &
> accuracy (even with encrypted traffic), while dealing with all the
> typical scenarios a network operator faces.  (I've seen ML applied to
> fault detection and localisation, QoE/QoS measurements in both real-time
> comms and adaptive video, anomalies / misuse / intrusion detection, the
> whole lot.)
> 
> The thing is that if ML or like approaches are not good enough or not
> mature enough, the risk that MiTM and forced fall-back to TCP become a
> practical and effective tool in the hands of network operators increases
> substantially, which would be pretty unfortunate.  (And yes, we could
> have handled the transition more graciously, cf. SPUD/PLUS, but we
> decided not to, so here we are.)  In this respect, I think it's critical
> to create a shared understanding of what the challenges are and what
> concrete actions can be taken to accelerate / incentivise the
> development and adoption of ML in this venerable field.  To this end,
> it'd be great if the document provided (even succinctly) a critical look
> on ML that highlights the potential and actual successes, its
> limitations (both in general, and specifically WRT encrypted transports)
> as well as the current gaps.
> 
> For example, one thing that becomes quickly apparent once you start
> surveying the existing literature is that comparing different
> ML-for-network-traffic experiments is quite problematic.  The lack of
> uniform evaluation metrics as well as standardised labelled datasets
> (which is only aggravated by ML's sensitivity on training and validation
> data) looks like a gap that urgently needs filling and one where the
> IETF is ideally placed to help reducing the observed fragmentation.
> 
> OK, I'll stop here - I wanted this to be short and snappy but I got
> carried away somehow.  Hopefully my points are still visible above the
> noise line.
> 
> Thanks again for the great job gathering 20+ years of collective
> knowledge and experience.
> 
> Cheers, t
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.



-- 
Colin Perkins
https://csperkins.org/