Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt

Tom Herbert <> Wed, 20 February 2019 22:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0A385130E98 for <>; Wed, 20 Feb 2019 14:32:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CJXDOlcUWZtN for <>; Wed, 20 Feb 2019 14:32:02 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B60CA130ED7 for <>; Wed, 20 Feb 2019 14:32:02 -0800 (PST)
Received: by with SMTP id d18so19234617qtg.12 for <>; Wed, 20 Feb 2019 14:32:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YpXFMGAnjOBTOdux41S7UsmHqYopCq5N6DsCezPtpsE=; b=DwR4KodPrnR4hT80aZHTtIkEfJKLsI8LC7asnltP8odmkANZd8mY0Spk/EdatiFJzf 8G55E/LVofltxih5ptnG21SQgelZ3/V5M3cDRbVFs3KX7++44DXt/dpRs3P+H6BEio2N hu33iG97y11dN1qbw4QyGJ2+RTOpUoVmFTuzmwJu5zim2xKZMgiRZZTr24sOIz2OxZkv DSbT/+Q+9BMhPsGJBHqtinG73T62FP0+OPXCbybklf6T38oLt3H0g+r9KlkOQXezR+xc poeoOFMQuCxd4MOHbK/JFRvuMvmIeGJrALlqphA75k8ijcAGNVN1Nq8rycjTX/2ilKwu yTHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YpXFMGAnjOBTOdux41S7UsmHqYopCq5N6DsCezPtpsE=; b=UtaNyojj5W/1wdr40WUN3XIdSkc+nCYU/lDdwWYfFJSwHKIPClnA84KLE0bfCND9Mw b+9syGrYstCchZLeJ2zjZTWH2CwORMwm/pxTB9nqKG+DQ/3msW1P+lYv82ucT8V7O3zd iLK2/LQqDAeeu8WSlerWSf5Vmm5wRf2fkEO5dEki4XVNIrFOffPAkcrKLSHUu5JIRHf0 +3/P7plQeuAzMAxJewxqmnelcSZ0ANMJSD4BnARLBuUhMarHzZxNIzaIxtG4ppTgyaas hd6s8DU0rfKjDPIt8wkds4Jxdx78htcMz8H3N+zRQnokNSvg377y/mmOYauUoWQuXZCz VIgA==
X-Gm-Message-State: AHQUAuZKS6F19SrRIscqac34B8Km1Vo+g1vMo1Vf98pZWYAeXuokVsXH oQU6RPgGfv+wmGnHK7oJPohk0PiYcO1hs37BHp8t2w==
X-Google-Smtp-Source: AHgI3IZBkm/R33EccL5iTDoeHkWdJ5K197v4mjhGt+2OpDVjoD6ktcZcfmnnLSjGiYLWQoF5ceXtYm3VahIg7wMoOPU=
X-Received: by 2002:ac8:1695:: with SMTP id r21mr29593649qtj.226.1550701921522; Wed, 20 Feb 2019 14:32:01 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <LEJPR01MB0460F9AB6E2113F4CBF246EA9C7D0@LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE> <> <LEJPR01MB0460EF67D703C8340A976DF39C7D0@LEJPR01MB0460.DEUPRD01.PROD.OUTLOOK.DE> <> <>
In-Reply-To: <>
From: Tom Herbert <>
Date: Wed, 20 Feb 2019 14:31:50 -0800
Message-ID: <>
To: Colin Perkins <>
Cc:, Gorry Fairhurst <>, tsvwg <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-transport-encrypt-04.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Feb 2019 22:32:07 -0000

On Wed, Feb 20, 2019 at 2:04 PM Colin Perkins <>; wrote:
> > On 20 Feb 2019, at 16:59, Tom Herbert <>; wrote:
> >
> > On Wed, Feb 20, 2019 at 8:07 AM <>; wrote:
> >>
> >> I've been describing the general state of the art of QoE measurements based on network QoS parameters. I've been picking TCP as an example. The change from unencrypted TCP transport to TLS is a fair example how to increase the difficulties to judge QoE based on network QoS parameters. QUIC has been encrypted from start on.
> >>
> > Okay, TCP was just an example. So if I'm using another protocol like
> > SCTP, QUIC, TCP in a tunnel then how do I get the same features and
> > network services like plain TCP/IP gets?
> >
> >> Please briefly describe how to reliably determine per packet end-to-end RTT as could be done by TCP Ack screening replacing the latter by IOAM. I didn't follow IOAM closely. Is that generally possible by now or does it depend on options which have to be supported by equipment owned by different stakeholders?
> >>
> > Connection oriented protocols, like TCP and QUIC, track RTT per flow.
> > If this information is interesting to the network it can be provided
> > in HBH option. IOAM should carry a variant usable for RTT measurement.
> >
> >> Network QoS based QoE estimation us done for the mass market, if a network provider serves it. SCTP and tunnels and the like are corner case transport options. Further, I don't recollect that research cared too much about different TCP dialects.
> >
> > I do not know what "corner case transport options" are. Can you please
> > define that term?
> >
> >>
> >> I don't think the approach to have a single solution to monitor all transport options is feasible.
> >
> > It's not the intent to expose all transport options. As an application
> > and transport protocol developer I am only willing to expose
> > information to the network in plaintext that is absolutely necessary
> > for viable communications, not one bit more than that. I have no
> > interest in exposing everything just on the off chance that some
> > random device in the network might find it useful. I may be willing to
> > provide specific pieces of information if I know how it will be used
> > and an who will use it. This is the reallly the only resonable
> > security model for my users.
> >
> >> It will likely be too generic to provide useful input if it works end-to-end or it will be too specific to work end-to-end in a majority of cases, I guess. It's also a little hard to understand why an extra overhead should to be attached to a packet if the same information could be exposed within existing packet headers. I'm not talking about breaking consumer privacy here.
> >
> > Again, by "existing packet headers" you are implying that plain TCP/IP
> > is the the only thing that exists and needs to be supported. If the
> > Internet is to move evolve, we need to get beyond this limited view.
> The example I gave was a UDP-based transport protocol…

Right, but as you said "Secure RTP is one example, where the payload
is encrypted but the headers are left in the clear.". That's true for
any payload encryption-- the headers are all in the clear as they were
in other examples. The draft states:

"One scenario is when transport protocols provide consistent
information to the network by intentionally exposing a part of the
transport header."

My interpretation of that is that a transport protocol developer would
encrypt some parts of the transport header and leave other parts in
the clear. An example of that would be the spin bit in QUIC. So QUIC
may be the best example, and assuming it hasn't yet been relegated to
the "corner case transport options" bucket by network operators, it
makes for a good case study.

Consider Lloyd's example where receive windows are modified in flight
to optimize a flow. As he mentioned, in some scenarios this
optimization allows TCP to dramatically outperform QUIC. It seems
unlikely that people are going to abandon using QUIC just because of
this, so the obvious question is how can QUIC take advantage of the
same optimization.

The naive approach would just be to expose a receive window field in
the QUIC header and have network devices process it like a receive
window in TCP. This doesn't work! The network identifies QUIC packets
by UDP port number, and as described in RFC7605 port numbers only have
meaning at the endpoints. So if intermediate devices are modifying
some UDP payload that isn't actually QUIC, then this is systematic
silent data corruption. This is not robust protocol and the offered
benefits of the feature don't justify changing fundamental semantics
transport port numbers.

The correct approach is to create a "Receive window guidance"
modifiable Hop-by-Hop option. This could contain a receive window that
the network can modify in flight. The QUIC implementation would be
modified to send and process the option accordingly. Of course, since
the information is no longer in the transport layer, the protocol can
be used with any transport layer protocol or TCP in an encrypted


> --
> Colin Perkins