►
From YouTube: Management Techniques in Encrypted Networks (M-TEN) Workshop Day 2: Where We Want To Go (2022-10-18)
Description
User privacy and security are constantly being improved by increasingly strong and more widely deployed encryption. This workshop aims to discuss ways to improve network management techniques in support of even broader adoption of encryption on the Internet.
Workshop page: https://datatracker.ietf.org/team/mtenws/about/
Day 1: Where We Are: https://youtu.be/Kizk_QrIc3s
Day 2: Where We Want to Go: https://youtu.be/aV1pzuCduLo
Day 3: How We Get There: https://youtu.be/p4NlZJlactE
A
All
right,
everyone
I,
think
we're
going
to
get
started
because
I
see
all
of
our
speakers
for
the
day
are
here
and
the
program
committees
also
all
here
so
I
just
want
to
and
welcome
you
to
the
second
day
of
the
management
techniques
and
encrypted
networks.
Workshop
of
the
internet
architecture
board.
A
The
second
day
is
going
to
be
focused
on
a
different
topic,
but
still
in
the
same
vein.
So
just
to
remind
you
all,
the
goals
of
the
of
the
three-day
meeting
are
to
explore
the
interaction
between
Network
management
and
traffic
encryption,
but
also
to
initiate
new
work
on
collaborative
approaches
that
promote
both
the
security
and
the
user
privacy
requirements,
as
well
as
the
operational
requirements.
A
A
A
Which,
unless
you
are
actually
trying
to
talk
to
me
in
that
case,
I
can't
hear
you
very
well,
okay,
so
the
schedule
we've
already
done
the
first
day
Tommy
was
the
chair
today
we're
talking
about
where
we
want
to
go,
and
this
will
run
for
two
hours
so
from
now,
but
we
don't
have
a
full
two
hour
agenda
for
day
two.
Actually,
we
just
have
essentially
one
hour
booked,
which
is
great
because
I
think
that
means
we
have
a
lot
of
time
for
discussion.
A
It
also
means
that
we're
necessary,
although
I
will
keep
time.
We
can
sometimes
stretch
the
cue
for
certain
q
a
on
talks.
If,
if
that's
what
the
group
feels
like,
we
should
do,
I'd
prefer
actually
that
we
keep
the
schedule
as
tight
as
we
can
and
then
for
folks
who
can't
get
on
the
Queue
to
talk
about
specific
papers
or
presentations.
You
save
it
for
the
end
and
we
kind
of
talk
in
a
more
General
way,
but
we'll
just
see
how
it
goes
right.
A
So
the
first
presentation
is
going
to
be
by
Richard
Barnes
a
title:
The
Talk
is
what's
in
it
for
me,
revising
or
revisiting
the
reasons
people
collaborate
followed
by
Marcus
illhar
from
Erickson
on
relying
on
relays
the
future
of
secure
communication
and
then
Michael
Wizzle
is
going
to
talk
about
pep
functions
with
the
talk
the
sidecar
opting
into
pet
functions,
followed
by
discussion
with
all
of
you.
So
that's
the
day.
A
Are
there
any
should
I
pause
here?
Are
there
any
issues,
questions
things
that
you
want
to
bring
up
before
we
jump
in
sometimes
I
go
too
fast.
I.
Think
one
thing
I
need
to
remind
you
of
that.
I've
forgotten
to
do
is
that
we
are
recording,
and
so,
if
you
have
an
issue
with
that
or
that
it
would
go
on
YouTube,
please
either
note
that
or
speak
up.
A
Okay,
all
right
moving
on
then
so
I'll
stop
sharing
here
and
I'll.
Let
Richard
go
ahead
and
queue
up
his
sides
when
he's
ready.
C
A
D
C
All
right,
thanks
Mallory,
so
this
is
a
little
easy
non-technical
talk
to
kick
off
our
day-to-day.
It's
almost
kind
of
not
any
new
content
here,
but
kind
of
reading.
Some
comments,
kind
of
General
context
into
the
record
to
get
people
in
the
right
frame
of
mind
for
when
we
talk
about
collaborative
Solutions,
it
kind
of
set
the
general
frame
for
how
collaboration
tends
to
work
in
the
internet.
C
C
You
know,
typically,
when
we're
in
the
internet
environment
we're
talking
about
voluntary
collaborations,
not
things
that
are
mandated
by
you
know,
regulations
or
some
contracts,
or
what
have
you
so
in
those
sort
of
situations
in
order
for
collaboration
to
come
about,
there
needs
to
be
motives
on
both
sides
to
kind
of
Drive
the
two
sides
together
now.
Typically,
when
you
say
the
word
collaboration,
this
is
the
kind
of
scenario
you
think
about.
You
know,
I
I,
know,
Marcus
or
I
know
Michael
and
I'm
gonna.
You
know
we're.
C
We've
met
each
other,
we've
established
a
relationship
and
we're
going
to
work
together
to
solve
a
problem,
but
it's
actually
not
at
all.
What
collaboration
tends
to
look
like
when
we
talk
about
collaborative
Solutions
in
the
Internet?
It's
more
like
these
scenarios,
where
you're
at
the
coffee
shop.
You
know
you're
at
a
table
by
yourself.
You
need
to
go
to
the
bathroom,
and
so
you
ask
the
kind
person
next
to
you
who
you've
never
met
before
to
watch
your
laptop.
C
While
you
have
to
step
away
now,
I've,
of
course,
I've
Illustrated,
this
evil
person,
because
you
have
no
idea
who
this
person
is,
you
just
meant
they
could
be.
You
know
some
completely
evil
person
and
agents
of
the
secret
police,
or
what
have
you
and
so
you're
putting
your
stuff
at
risk
by
leaving
it
with
them,
and
you
know
you're
accepting
some
risks
by
doing
this,
so
you're,
probably
not
going
to
like
leave
your
laptop
totally
unlocked
so
that
they
can
raffle
through
it
steal
all
your
stuff
log
into
your
accounts.
C
You
you're
probably
gonna
at
least
lock
your
laptop,
you
know
close
the
lid
and,
before
you
hand
it
over
to
these
people,
so
yeah
there's,
there's
kind
of
this.
You
know
I
I
just
met
you
sort
of
interaction
where
you
have
you're
going
to
take
some
precautions,
you're
going
to
structure
the
collaboration
so
that
the
risk
you
take
on
here
is
bounded,
and
this
is
a
much
better
metaphor
for
for
how
collaboration
only
make
air
quotes
around
collaboration,
because
it's
it's
different
from
the
usual
sense
of
the
word.
C
But
the
kind
of
metaphor
here
for
the
the
I
just
met
you
metaphor-
is
a
little
bit
more
accurate
for
how
collaboration
tends
to
work
in
the
internet,
because
these
collaborations
tend
to
be
structured
around
things
like
open,
interoperable
interfaces
and
discovery
of
capabilities.
So
when
I
wander
onto
the
coffee
shop
Network
before
I
go
to
the
bathroom,
you
know
my
laptop
has
never
met
that
Network
before.
C
Had
to
ask
the
Barista
for
the
Wi-Fi
password
and
I'm
trusting
that
network
with
just
by
using
the
network,
I'm
trusting
the
network
to
see
some
things
about
me
and
exposing
some
information
to
it:
I'm,
trusting
it
to
Tamper
or
not
tamper
with
certain
things
about
what
I'm
doing.
So,
that's
the
sort
of
collaboration
framework
that
we
have
when
we
talk
about
collaboration
in
Internet
Technologies,
and
so
what
that
means.
C
When
we
talk
about
collaboration
in
the
internet,
because
we
have
this
kind
of
Discovery
based
just
met,
you
frame
for
the
collaboration,
the
collaborations
that
we
have
in
addition
to
having
that
benefit,
they
need
to
be
structured
so
that
each
side
still
gets
that
net
benefit.
Even
when
the
other
side
acts
adversarially.
So.
C
Case
you
know
it's
still
worth
it
to
me
to
participate
in
this
collaboration,
and
you
know
that
that
calculus
can
be
including
probability
distributions
much
like
when
I
leave
my
laptop
with
the
guy
next
to
me,
I'm,
making
a
probability
calculation
that
he's
probably
not
going
to
do.
You
know,
walk
off
with
let's
say,
but
you
know
regardless
there
is.
You
know
the
adversarial
possibilities
here
come
into
that
calculation.
C
Now,
for
this
Workshop
we're
looking
specifically
at
collaboration
around
encrypted
application,
Technologies
and.
C
Those
two
specific
things,
and
when
we
look
at
the
that
that
sort
of
interaction,
there's
kind
of
two
sides
to
it,
there's
I
call
it
an
inside
and
outside
an
inside,
in
the
sense
of
an
actor
in
The
collaboration
who
has
access
to
the
unencrypted
data.
Who
knows
the
full
details
of
the
interaction.
C
Typically,
this
is
something
that's
up
toward
the
application
layer
where
the
the
implementer
of
the
system
or
the
software
is
acting
as
the
user's
agent
they're
they're,
the
ones
who
are
authorized
to
handle
the
data
in
question
and
on
the
other
side,
there's
someone
who
is
outside
the
encryption
in
the
sense
that
they
can
only
see
the
cipher
text
the
encrypted
data
going
past.
And
so
the
idea
is
that
the
person
who's
outside
the
encryption
wants
to
know
something
that's
on
the
inside
in
order
to
make
the
system
work
together.
C
When
we
talk
about
collaboration
in
this
domain,
we're
talking
about
collaboration
between
one
this
person,
who
is
on
the
inside
who's
building
a
system
that
is
acting
is
authorized
to
access
data,
that's
acting
typically
on
a
user's
behalf
and
someone
who's
on
the
outside
of
the
encryption.
Who
is
you
know
acting
on
the
Network's
behalf,
trying
to
optimize
the
network?
You
know,
usually
it's
just
on
benefit
for
the
end
user
as
well,
but
again
at
one
more
hop
removed.
C
Okay,
what
this
you
know,
the
the
nature
of
that
structure,
means
that,
in
order
to
get
the
inside
actor
involved
here,
you
know
the
the
benefit
that
is
articulated
here.
At
least
part
of
it
needs
to
be
meaningful
to
the
user.
So
you
know
if,
if
the
benefit
that
we're
getting
out
of
this
interactive,
the
benefit
that
occurs
from
you
know,
a
certain
type
of
collaboration
is
only
to
make
it
cheaper
to
operate
the
network
site.
That's
not
a
Salient
benefit
to
me,
as
these
are
like
it's
very.
The
benefit
of
that
is
very
tenuate.
C
That's,
probably
not
a
net
benefit
to
me
and,
as
you
know,
if
I'm
acting
as
a
an
application
vendor,
you
know
if
I
you
know,
if
I'm
Mozilla
or
if
I'm
Cisco,
making
WebEx
I've
got
to
take
that
sort
of
trade-off
into
account
across
my
user
base
and
make
that
you
know
aggregate
decision
as
to
whether
I'm
going
to
build
the
features
to
engage
in
this
benefit.
That's
primarily
occurring
benefits,
so
it's
a
network
operator
is
only
marginally
benefiting
by
users,
so
that's
kind
of
feeds
into
that
calculation.
C
So
the
the
collaborations
that
have
the
greatest
chance
of
success
here
are
the
ones
where
there's
Mutual
benefit,
where
there's
in
some
benefits
of
the
network.
Obviously
that's
why
a
lot
of
this
stuff
is
being
proposed,
but
there
also
needs
to
be
some
benefit
on
the
user
side
so
that
the
party
who's
on
the
inside,
who
has
access
to
the
plain
text,
can
understand
why
they're
getting
some
benefits
that
counter
that
balances
against
the
cost
that
they're
taking
on
by
exposing
some
information
that
would
otherwise
be
encrypted
and
protected
from
the
network.
C
So
I
mean
this
kind
of
naturally,
is
the
question:
are
there
ever
situations
where
this
this
alignment
of
Interest
arises?
Are
the
interests
of
the
network
ever
well
aligned
with
with
the
interest
of
these
or
any
clearly,
you
know,
cost
savings
kind
of
should
fit
in
that,
like
I
just
mentioned,
but
you
know:
are
there
more
interesting
ones
where
there
might
be
worth
collaboration?
C
It's
just
a
cite.
A
few
examples
like
I
I,
already
cited
this
idea,
that,
just
by
connecting
to
a
network
I'm
already
making
a
trade-off
where
I'm
trading
a
certain
degree
of
privacy
and
a
certain
degree
of
risk
of
the
network
tampering
with
my
data
in
order
to
get
access
to
the
internet,
so
that
that
that
basic
trade-off
is
clearly
worth
it
for
a
vast
majority
of
everyone
connected
to
the
internet
from
billions
of
users
around
the
world.
C
So
at
least
at
that
level
level
the
basic
trade-off
is
there
at
a
slightly
more
more
nuanced,
more
interesting
view.
We
see
a
few
technologies
that
are
in
wide
use
today,
where
you
know
getting
a
little
bit
more
speed
or
getting
a
little
bit
more
open
connectivity
is
traded
off
in
exchange
for
a
little
bit
more
information
about
what
the
user
is
doing.
C
I'm
thinking
here
of
things
like
UPnP,
like
stun,
where,
when
I'm
setting
up
a
real-time
session,
I,
say
hey
dear
Network,
I'm
dear
Nats,
I
am
setting
up
a
session
where
I'm
going
to
need
some
extended
connectivity.
Please
open
up
some
ports
for
me
and
let
some
UDP
packets,
through
probably
you,
know,
give
them
some.
Ideally,
you
know
give
them
nice
priority,
and
things
like
that.
C
So
so
that
kind
of
asking
for
additional
connectivity
asking
for
additional
additional
speed
is
is
a
domain
where
we
have
some
some
demonstration
of
of
this
alignment
of
interests
and
then
the
the
mysterious
dog
at
the
bottom
is
a
forward
pointer
to
a
talk
Tommy's
going
to
give
a
little
bit
later
about
a
thing.
C
An
idea
we've
been
discussing
called
Red
Rover,
which
Red
River
under
the
theory
that
the
the
application,
the
network
operator,
can
kind
of
join
arms
and
and
block
malicious
stuff
going
through
so
I
think,
there's
some
security
possibilities
here
as
well,
where
the
security
interests
of
the
application
on
the
one
side
and
at
the
network
on
the
other
side
can
align,
and
you
know,
work
together.
It's
to
increase
the
overall
security
of
the
system.
C
C
Whenever
we're
talking
about
one
of
these
proposals
to
have
more
collaboration
between
the
network
to
make
the
network
better
and
the
application
to
make
an
application
better,
we
need
to
get
both
of
those
sides.
So
you
know
if
you're,
if
you're
living
on
the
network
side,
you're,
probably
used
to
thinking
about
nothing,
making
things
better
for
the
network.
But
when
we
start
talking
collaboratively,
you
need
to
also
kind
of
take
into
account
what
the
interests
are
of
the
folks.
C
A
Great
thanks
thanks
Richard,
really
great
timing
as
well.
Would
folks
like
to
get
in
the
queue
I
think.
As
per
last
per
yesterday,
we
were
putting
ourselves
in
the
queue
with
a
plus
one.
Thank
you
for
demonstrating
that
Michael
go
ahead.
Just.
G
So
this
is
interesting
because
I'm
going
to
be
talking
about
a
chunk
of
this
tomorrow
in
my
ideas
on
network
contracts,
but
one
of
the
things
I'm
curious
about
here,
Richard,
because
I'm
coming
mostly
from
a
opsec
perspective.
But
what
do
you
think
in
terms
of
malicious
actors
and
this
kind
of
collaboration,
in
particular
deceptive
elements?
How
would
you
see
that
operating
in
this
environment.
C
Yeah,
so
it's
a
clearly-
and
that
was
one
of
my
my
key
points
here-
is
that
it's
you
know,
I,
think
each
side
in
this
interaction
is
going
to
regard.
D
C
You
see
this
with,
for
example,
the
DNS
encryption
where
you
know
for
a
long
time,
the
network
was
was
highly
trusted
and
not
regarded
as
malicious
with
regard
to
DNS
traffic,
and
there
was
a
lot
of
experience
that
showed
that
that
was
an
ill-founded
assumption
which
led
to
the
efforts
going
on
now
to
protect
DNS
traffic
from
inspection
and
tampering,
and
it
goes
the
other
way
as
well,
where
the
network
is
going
to
regard
applications
and
endpoints
as
malicious.
C
You
know
the
whole
history
of
firewalls
and
network
enforced
security
is
is
grounded
in
that
assumption,
and
so
you
know
these
collaborations
are
going
to
need
to
be
structured
to
take
those
assumptions
into
account.
I
I
expect,
and
some
more
of
this
will
come
up
in
the
Red
Rover
stuff.
That's
coming.
He
has
I
expect
what
we'll
see
is
kind
of
a
building
up
where
there's
a
baseline
of
non-collaborative
stuff
things
like
you
know.
If
we
take
the
the
filtering
malicious
content
example,
you
know
we've
had
firewalls
forever.
C
That's
a
non-collaborative
approach
because
the
network
is
unilaterally
imposing
its
will
on
on
the
endpoint.
You
know
if
we
have
some
collaborative
approaches
that
might
you
know
get
some.
You
know
if
you,
you
might
say
you
know.
If
you
engage
in
this
collaborative
approach,
you
get
out
of
of
the
strict
some
of
some
some
of
the
firewall
rules.
Maybe
right
so
I
think
we'll
we'll
see
a
combination
of
these
non-collaborative
approaches
as
kind
of
a
backstop
for
the
collaborative
approaches
but
yeah
it'll
be
interesting
to
see
like
I
said.
C
Obviously
you
know
the
idea
that
the
various
actors
might
be
adversarial
or
deceptive
is
going
to
need
to
be
in
Incorporated
in
how
these
collaborations
are
structured
and
I.
Think
there
you
you
can
have
you
know
different
different
levels
of
trust,
different
levels
of
collaboration
combined
together
to
kind
of
piece
together
a
whole
picture.
G
Okay,
so
I,
just
if
it's
okay
I've
got
one
little
annotative
point
to
add
to
this.
If
that's
okay,
Mallory,
okay,
there's
one
other
thing,
I
was
thinking
about
this
Richard,
which
is
or
sorry
yeah.
Sorry,
which
is
I,
think
that
this
approach
is
more
viable
now
in
a
more
iot
dominated
world,
where
a
lot
of
the
traffic
is
now
much
more
mechanically
driven
and
simpler
than
it
was
historically
talking
about
this
in
terms
of
a
general
purpose.
G
Laptop,
for
example,
I
think
would
be
extremely
difficult,
but
I've
just
been
thinking
about
that
as
a
function
of
technical
change.
C
That's
actually
a
really
good
point,
and
another
example
that
folks
might
be
useful
for
us
to
keep
in
mind
is:
is
mud
or
manufacturer
usage
descriptions,
which
is
you
know,
technology
that
has
been
I,
think
deployed
some
in
the
iot
domain,
where
an
iot
device
that
has
a
constrained
traffic
profile
but
might
be
compromised.
C
You
know
in
incorrect
operation
as
a
constrained
traffic
profile
can
declare
that
traffic
profile
to
the
networks
of
the
network
can
enforce
it,
so
that
if
the
iot
device
is
compromised
and
starts
generating
other
types
of
traffic,
that
traffic
will
be
blocked
by
the
network,
so
it's
sort
of
the
the
device
declaring
its
intents.
The
networks
of
the
network
can
guard
against
compromising
the
device.
C
The
mechanical
nature
of
the
iot
thing
enables
that
the
limited
use
nature
of
the
iot
thing
makes
that
possible.
A
H
Richard
I,
like
your
laptop
and
coffee
shop
situation,
but
I'm
I'm,
just
having
difficulty
understanding
how
that
is
a
collaboration
with
the
other
person
and
I
guess:
I
wrote
that
you
know
maybe
there's
some
analogy
here
to
me:
leaving
my
packets
with
my
ISP
and
hoping
that
when
I
go
to
the
bathroom
but
I
guess
I'm
just
trying
to
to
bring
that
analogy.
Full
circle
to
understand
how
it
does
and
whether
how
we
can
leverage
it
better.
C
Yeah
I
I,
don't
think
I
was
trying
to
get
super
detailed
in
terms
of
the
mechanics
of
how
that
would
work
compared
to
an
internet
technology
thing
it's.
It's
mainly
that
you
know
we
have
an
objective
there
of
you
know
my
objective
as
as
a
laptop
owner
is
to
you
know,
go
to
the
bathroom
and
not
take
my
laptop
with
me
there
and
not
have
to
pack
all
my
stuff
back
up
and
I
can't
achieve
that
objective
on
my
own
I
need
to.
E
C
Much
like
you
know,
I
need
a
network
to
get
to
the
rest
of
the
internet
and
I've
done
it.
Despite
the
fact
that
I
don't
have
any
information
about
how
trustworthy
this
this
person
is
I've
done.
Much
like
you
know,
I
have
no
idea
how
trustworthy
the
the
network,
in
my
my
local
Starbucks
says
they
could
be.
You
know,
like
I,
said
agents
of
the
secret
police
or
what
have
you
so
it's
mainly
to
kind
of
capture
those
two
aspects.
A
I
Thanks
Richard,
so
maybe
maybe
the
the
term
collaboration
is,
is
a
little
bit
difficult,
but
I
think
if
I'm,
because
I'm
I'm
guessing
how
to
interpret
the
concept.
So,
let's,
let's
take
the
firewall
right
so
is
it?
Is
it
fair
to
say
that
if
I
was,
you
know
trying
to
communicate
with
some
other
end,
and
there
is
a
firewall?
I
was
explicitly
aware
of
the
firewall.
I
I
could
authenticate
the
firewall,
and
only
you
know
if
I
could
authenticate
the
firewall
trust
it
then
I
would
maybe
relinquish
sufficient
information
that
the
firewall
would
allow
me
to
talk
to
the
other
side.
So,
just
like
you
know,
policemen
that
that
stops
me
asks
for
for
my
credentials.
I
want
to
get
to
the
other
side
because
alcohol
is
being
served
there.
So
you
know
there's
a
check
for
for
my
age
or
something
like
that.
So
an
explicit
interaction
with
such
a
security
wall
is.
I
Is
that
what
you
call
collaboration
then,
as
opposed
to
you
know
it's
a
black
hole?
You
have
no
idea
why
you
can't
talk
to
the
other
side.
C
Yes,
I
was
thinking
of
it
less
from
the
framework
of
knowing
why
Something's
Happened
happening
as
and
more
from
the
idea
of
providing
some.
You
know
having
some
explicit
interaction
in
the
in
the
firewall
case.
Right
like
the
endpoint,
has
no
choice
in
the
matter
and
they
they
take
note
there
the
way
the
endpoint
acts
is
no
different.
If
a
firewall
is
there,
then
you
know
if
they
were.
E
C
Think
your
example
of
you
know
a
firewall
where
you
know
there's
some
interaction.
Maybe
the
the
application
exposes
some
information.
That
proves
that
it's
you
know
healthy
and
gets
extra
access
that
way.
Those
sort
of
remote
access
station
things
you
could
put
in
and
as
as
collaborations
I
think
that
would
fit
accurately
in
that
bucket
I
mean
you
could
potentially
even
also
include
things
like
TLS
inspecting
firewalls,
where
the
willingness
to
trust
an
additional
Enterprise
trust
anchor
was
that
kind
of
connection
and
collaboration.
C
So
the
the
TLs
inspecting
thing
was
able
to
is
able
to
do
its.
You
know
impersonation
of
remote
sites
and
act
as
a
more
trusted
agent.
That's
a
little
bit
of
a
stretch,
but
it
you
know,
I,
think
you
could
it's
still
kind
of
within
the
overall
envelope
of
the
term.
I
Yeah
I
mean
I
I
think
it
would
really
be
useful
to
come
kind
of
to
better
terms
with
that
terminology
with
these
maybe
boring,
but
I
think
a
lot
more.
You
know
business
critical
issues
than
than
coffee
shops.
Right
I
mean
we've.
We've
been
starting
to
do
things
like
mud.
Where
does
that
fall?
I
You
know
on
this
on
this
collaborative
on
the
place
where
you
would
want
to
go
to
right,
then,
we've
been
removing
the
ability
to
inspect
a
certificates
with
TLS
1.3
is
their
way
to
get
that
back
in
a
way
that
the
the
the
the
endpoint
does
benefit
from
it.
So
I
think
we
we
do
have
a
good
range
of
you
know
really
important.
I
You
know
technical
aspects
of
this
collaboration
in
the
iitf
and
coming
from
from
the
industry,
so
I
I
certainly
would
hope
that
we
can
get
some
steps
forward
in
in
this
process.
Yeah.
C
I
think
broadly,
the
way
the
the
call
for
proposals
for
this
workshop
and
vision
collaboration
I
may
speak
for
the
organizers
is,
is
that
you
know,
since
we're
talking
about
encrypted
apps
in
the
network.
I
think
the
the
sort
of
collaboration
that
folks
were
envisioning
was
where
some
in
some
information
the
application
would
have
otherwise
encrypted
and
protected,
is
exposed
somehow
to
the
network
for
the
Network's
use
in
network
management,
and
so
that's
the
sort
of
interaction
that
would
comprise
a
collaboration.
I
Right
but
that's
kind
of
the
the
difference
between
explicitly
intending
for
that
information
to
be
given
to
a
third
party
that
has
an
impact
on
the
communication
Channel
versus
what,
where
we
started
out
from,
which
is
you
know,
passive
observation
of
something
that
wasn't
even
meant
for
the
network.
Right
so
I
mean
that
Evolution
driving
that
evolution
difference.
A
Yep,
okay,
Rob.
J
J
I
think
that
that
is
quite
a
good
way
of
framing
the
conversation
in
terms
of
saying
what
information
should
we
expose
the
network,
potentially
in
different
cases
and
what's
helpful
and
that
sort
of
balance
so
I,
quite
like
the
overall
way
you
describe
this
one
question
I
do
have,
though,
is
that
the
slides?
You
have
sort
of
depict
two
actors
at
play:
the
end
user
and
the
network
talking
to
each
other.
J
But
in
many
cases
are
there
not
more
than
two
parties
that
are
involved
in
these
sort
of
decisions,
if
you're
a
parent
you
might
or
score,
for
example,
you
want
to
be
protecting
other
users
on
their
behalf,
and
he
said
I
want
to
have
that
sort
of
fit
into
your
picture,
or
maybe
it's
government
policy
constraints
as
well
or
an
Enterprise
Etc.
So
I
wonder
if,
if,
although
it's
quite
nice
to
look
at
this,
as
just
the
two
parties,
I
think
there's
more
players
involved
in
these
sort
of
choices
and
decisions.
C
Yeah
I
mean
obviously
in
the
full
real
world
picture.
There
are.
There
are
a
bunch
of
folks
who
have
equities
in
this
decision.
There's
the
direct
use
of
the
device,
as
you
said,
parents
or
a
school
net,
School
administrators
or
Regulators
all
have
some
say
in
this.
I
mean
to
to
be
a
little
pointed
about
it.
You
know.
Ultimately,
what
is
you
know?
The
folks
you
need
to
convince
are
the
folks
who
write
code
right.
C
So
you
know
whoever
to
some
degree
like
the
vendors,
are
kind
of
a
swing
point
and
ultimately
the
vendors
you
know
interested
their
users,
the
the
regulatory
constraints
or
the
markets
they're
trying
to
sell
into
will
shape
what
the
vendors
do,
as
well
as
the
vendor's
own
interest.
But
you
know
when,
when
we're
talking
about
creating
a
technical
thing,
the
folks
kind
of
writing
the
code
making
the
the
various
devices
are
the
ones
who
are
the
the
kind
of
Crux
where
all
those
those
interests
come
together.
J
Yes,
thank
you.
I'll
defer
for
the
conversation
until
later
on,
thanks.
C
Actually,
in
the
internet
context,
I'll
highlight
one
more
thing,
which
is
that
you
can
have
kind
of
multiple
entities
involved
in
the
sense
that
if
you
are
revealing
information,
just
you
know
by
by
putting
it
in
packets.
Obviously
you
know
a
packet
will
Transit
multiple
networks
on
the
way,
and
so
you
can
kind
of
inadvertently
if
you
don't
design
it
for
a
specific
recipient.
Come
involve.
Leaking
information
inadvertently
leaking
information
to
multiple
parties
in
that
way,
as
well.
A
That's
why
routing
is
so
important,
but
that's
a
different
conversation
anyway.
Thank
you,
Richard
we're
going
to
go
ahead
and
now
move
on
to
Marcus's
talk
so
again,
15
5
really
appreciate
all
of
the
the
comments
in
the
queue.
Sorry
Delaney.
We
couldn't
get
to
your
question,
but
we'll
we'll
have
time
for
discussion
at
the
end
and
I'm
sure
there
will
be
themes
that
connect
all
three
for
that
discussion.
So
go
ahead.
Marcus
if
you
want
to
start
sharing
your
slides,
I'll
turn
it
over
to
you.
D
K
Okay,
so
hi
everyone,
I'm
Marcus,
I'm
from
Ericsson
and
I'll,
be
talking
a
little
bit
about
one
way
of
doing
collaboration
and
a
little
bit
on
how
what
kind
of
things
mobile
operators
have
been
using
a
lot
of
the
information
that
have
been
available
too,
and
so
going
a
little
bit
to
that,
and
then
talk
a
little
bit
about
how
we
can
do
things
in
a
more
collaborative
way
in
the
future.
So
this
is
work
that
I've
been
doing
together
with
some
other
people
from
Erickson
research
of
Miriam
Magnus.
K
So,
as
you
probably
know,
we
have
seen
over
the
years
an
increased
protection
of
end-to-end
data.
We
see
that
application
data
has
increasingly
increasingly
gotten
protected
using
https
and
we
encrypting
parts
of
the
TLs
as
well.
Probably,
hopefully
soon
we
see
a
lot
of
protection
of
connection
state
things
like
you
know
that
was
previously
openly
available
to
the
network,
like
the
state
of
connections
which
packets
are
being
sent
and
which
are
retransmitted
and
whatnot.
K
So
we
have
a
quick
and
TLS
we
encrypt
most
of
these
headers,
and
we
see
that
we're
in
HTTP
we're
moving
from
using
TCP
as
a
substrate
to
using
quick.
So
a
lot
of
these
kind
of
endpoint
states
are
getting
encrypted
and
then
a
lot
more
things.
Sort
of
all
of
these
auxiliary
services
that
we
have
in
relation
to
our
to
our
end-to-end
connections
like
DNS
and
search,
is
also
getting
encrypted.
K
So
as
an
observer
in
the
network
that
used
to
look
at
a
lot
of
these
fields
to
to
build
things
and
do
things
it
kind
of
has
a
big
impact
right
on
on
how
how
what
techniques
they
need
to
use
to
to
manage
their
networks.
Pretty
much.
K
That's
weird,
so
maybe
it
was
something
when
I
went
to
full
screen,
then
you.
K
Good
sorry
about
that,
okay,
yeah,
so
I
was
talking
to
this
slide
and
I
guess
this
is
stuff
that,
like
most
of
you,
guys
already
know
pretty
well,
so
I
can
go
on
to
talk
a
little
bit
about
this
stuff
that
mobile
network
operators
have
been
doing
and
that
they
are
doing
and
that
they
have
traditionally
been
relying
on
kind
of
available
data
in
in
the
metadata
relating
to
connections
or
content
itself,
for
a
various
set
of
use,
cases
that
have
been
either
beneficial
only
to
the
operator
sometimes
to
both
the
operator
and
the
user
depends.
K
Maybe
depends
a
little
bit
on
on
who
you're
asking
when,
but
there's
been
a
bunch
of
actions
that
that
operators
apply-
and
this
is
not
an
exhaustive
list,
but
it's
a
list
of
common
use
cases
that
mobile
operators
do
some
classic.
Things
is
just
pure
access
control
of
traffic,
so
it
can
be.
You
know,
based
on
firewall
rules
and
whatnot.
Typically,
this
has
been
very
straightforward
to
do.
K
If
you
didn't
have
any
level
of
encryption
you
as
vendors,
we
build
a
lot
of
ways
to
inspect
the
traffic
and
and
sort
of
let
the
operator
Define
rules
on
what
you
do
to
pass
and
block
it
with
various
levels
of
encryption.
Of
course,
some
of
those
mechanisms
do
not
become
as
straightforward
as
they
were.
Then
there
has
been
a
bunch
of
maybe
less
nice
use
cases
at
times.
One
use
case
is
is
a
redirection
use
case
which
has
usually
been
used
by
mobile
operators.
K
When
a
user
is
out
of
quota,
so
they
cannot
access
anymore.
Typically,
what
happens
is
that
you
either
all
internet
access
is
dropped
or
you
get
very,
very
slow
access,
a
bunch
of
operators
when
things
were
completely
sort
of
unencrypted
and
most
traffic
went
over
HTTP
one,
but
one
was
that
they
basically
just
intercepted
HTTP
requests
and
redirected
users
to
some
pop-up
sites,
so
that
was
a
very
cheap
and
convenient
way
of
sort
of
enabling
enabling
like
helping
the
user
top
up
their
their
data
bucket.
If
needed
and.
K
Completely
doesn't
work
anymore
encryption,
some
other
things
that
operators
did
was
to
sometimes
they
had
agreements
with
with
certain
content
providers
and
they
could
enrich
some
some
content
on
on
the
on
a
HTTP
connection,
giving
some
information
about
the
user's
quota
or
something,
and
that
could
help
help
the
server
decide
if
it
should
deliver.
You
know
large
piece
of
content
or
something
smaller
and.
D
H
F
K
Kind
of
more,
perhaps
in
use
today
and
perhaps
more
important,
are
parental
control.
For
instance,
a
lot
of
mobile
operators
have
mobile
operates.
They
have
regulatory
requirements
on
them
to
be
able
to
to
provide
parental
control
features
to
to
the
customers.
I
think
we
had
an
example
of
that
yesterday
in
the
discussion
that
they
they
provide
the
like
a
service
too.
So
so
you
can
set
up
a
subscription
for
your
children
and
you
can
solve
have
that
subscription
control
of
what
you
allow
or
not,
and
of
course,
these
things
work
super
easy.
K
K
Other
important
use
cases
for
mobile
operators
where
typically
having
awareness
of
the
type
of
traffic
is
around
charging
and-
and
we
have
like
two
ways
of
doing
charging
off
of
the
data.
We
have
something
called
online
charging,
which
is
typically
happening
on
the
fly
when
the
data
is
passing
through
the
network.
We
we
look
at
what
type
of
data
it
is.
We
can't
provide
some
and
we
apply
the
charging
button.
Now
we
have
something
called
offline
charging,
which
is
where
we
can
do
some
post-processing
of
of
the
data
and
and
then.
E
K
Is
zero
rated?
So,
for
instance,
you
have
a
set
of
applications
that
are
accessed
without
consuming
bytes
from
your
data
bucket.
Sometimes
that
is
purely
a
commercial,
a
Pure
commercial
thing
like
you
have
in
some
countries
you
can.
You
can
watch
video
for
free,
but
maybe
that
video
is
is
delivered
at
a
lower
quality
or
something
like
that.
But
we
also
have
cases
where
there's
there's
a
regulatory
requirement
to
zero
rate
certain
services,
so
that
could
be
services
that
have
to
do
with
all
the
all.
K
The
services
provided
by
an
operator
relating
to
your
subscription
must
be
zeroated
and
it
could
be
other
things
like
some
critical
services
that
need
to
be
zero
rated
by
by
by
a
mobile
operator
yeah.
Actually,
it's
a
good
point
from
the
from
the
chat
there
that
there
was
an
agreement
to
to
zero
rate.
Kobe
90
then
related
National,
Health
Resources.
That
was
a
thing
and
not
some
countries
also
had
to
zero
rate
like
online
school
platforms,
and
things
like
this,
because
people
kids
were
were
kind
of
studying
from
home.
K
Other
important
use
cases
is
service-based
quality
of
service.
So
you
can.
You
can
apply
these
things
to
to.
You
can
apply
different
quality
of
service
to
different
applications,
so
we
want
some
real-time
critical
thing
we
might
might
want
to
have
that
one
in
a
different
quality
of
service
class
than
others.
Things
like
that,
and
then
we've
done
things
like
transport
protocol,
optimization,
like
we
put
in
TCP,
proxies
there
to
to
accelerate
flows.
Things
like
this.
K
They
want
access
to
to
bits
and
wire,
and
all
of
these
things
they
kind
of
work,
but
they
work
more
work
less
clearly
with
with
the
kind
of
encryption
that
we
see
in,
depending
on
the
level
of
encryption,
it
works
more
or
less
other
things
is
like
just
pure
analytics.
A
lot
of
operators
want
to
know
what
kind
of
traffic
is
going
through,
which
applications
are
popular,
how
how
much
resources
are
they
consuming
in
my
network,
and
then
they
usually
build
in
some
kind
of
reporting
functions
as
well.
K
Operators
are
still
considering
very
much
have
been
considering
and
sort
of
are
willing
to
invest
quite
a
lot
of
money
and
then
yeah
and
of
course,
they
all
get
a
little
bit
challenged
by
encryption
and
we
see
that
they
kind
of
encrypted
the
mechanisms
and
protection
are
kind
of
becoming
more
and
more
advanced
and
I.
K
Think
one
of
the
more
recent
things
we
have
seen,
which
is
a
really
great
tool
for
improving
end
user
privacy,
is,
is
this
use
of
of
relays
where
you
have
multiple
kind
of
proxies
that
that
you
deploy
where,
where
you
basically
Tunnel
traffic
from
a
client
towards
a
server
between
first
through
a
first
proxy,
typically
named
an
Ingress
proxy
through
us
another
tunnel
through
this
egress
proxy
and
then
finally
have
traffic
reach
the
server
and
the
reason
why
why
we
start
to
see
these
types
of
deployments?
K
Is
that
you,
you
kind
of
enhance?
You
reduce
the
amount
of
leakage
of
information
that
that
user
from
a
user
to
to
different
parts
of
the
network?
So,
for
instance,
the
operator
of
an
Ingress,
proxy
and
and
the
access
network
will
know
something
about
the
user
can
know.
The
user's
IP
address
maybe
know
something
about
the
subscription
type
of
this
user
or
whatnot,
but
because
we're
tunneling
traffic
through
his
proxy
through
another
proxy.
K
You
have
this
part
of
the
communication
where,
where
pretty
much
you
don't
know
much
about
the
user,
but
here
the
the
server
or
the
service
being
accessed
is
now
visible.
So
this
part
of
the
network
Now
does
not
know
anything
about
the
service
and
this
part
does
not
know
much
about
the
user.
So
it's
a
new
paradigm
that
we
see
it's
being
deployed
and
it,
of
course,
has
has
even
more
implications
on
the
current
way
of
of
of
doing
things.
K
So
if
we
just
go
back
to
this
to
this
little
table,
we
see
that
when
we
have
this
kind
of
relay
setup,
a
lot
of
these
Services
become
pretty
much
difficult
or
on
impossible
to
do
in
the
way
we
have
done
them
before,
because
we
were
pretty
much
relying
on
having
free
access
to
to
fields
that
were
intended
for
the
end-to-end
communication.
K
So,
of
course,
something
needs
to
be
done
if,
if
any
or
some
of
these
use
cases
are
still
to
be
supported,
we
need
to
do.
We
need
to
change
the
way
we
actually
do
them
and
try
to
make
these
things
more
collaborative,
because
one
thing
is
clear
is
that
all
of
these
things
have
been
done
in
a
way
that
sort
of
did
not
include
the
user,
particularly
much.
K
K
So
the
idea
is
that
we
change
we
change
the
way
we
do
in-network
functionality
from
being
completely
transparent
to
you
know,
looking
at
and
mucking
around
with
fields
to
actually
having
some
more
Cooperative
Solutions,
which
involve
the
different
entities
in
the
network,
and
we
want
to
provide
them
collaborative
and
explicit
Network
support
functions,
meaning
that
the
the
the
consumers
of
these
functions
are
aware
of
the
existence
of
these
functions
and
are
aware
of
the
and
have
somewhat
to
say
if,
if
these
functions
are
to
be
used
or
not,
so
the
idea
is
that
there
is
some
sort
of
endpoint
control
and
consensus,
so
a
client,
potentially
even
a
server,
could
select
proxies
and
functions.
K
Based
on
these
proxies,
we
will
ensure
that
there
is
tunneling
of
traffic,
so
such
that
all
the
end-to-end
communication
is
is
encrypted
and
not
tampered
with
and
cannot
be
tampered
with,
and
the
idea
is
then
to
use
quick
and
hsb3
as
a
substrate
and
a
tunneling
protocol
to
do
this,
and
this
is
because
we're
we
are
kind
of
basing
this
the
ideas
on
this
on
on
the
work,
that's
being
done
in
the.
N
K
The
mask
working
group,
which
is
defining
the
way
of
proxying
using
HTTP
or
HTTP
3,
and
then
some
examples
of
how
this
could
be
used.
Then.
So,
if
we
take
a
few
of
these
use
cases
that
we
were
looking
at,
that
probably
have
some
mutual
beneficial
Mutual
benefit
both
to
to
an
operator
and
to
to.
E
K
End
user:
we
could
look
at
them
like,
for
instance,
how
could
we
do
parental
control
in
a
way
that
doesn't
allow?
It
doesn't
mean
we
need
to
inspect
all
the
packets?
K
Can
we
do
zero
rating
without
knowing
exactly
which
flow
is
carrying?
What
application
and
stuff
like
that?
The
way
it
has
been
done,
as
we
saw
on
the
list
there,
it
has
pretty
much
been
done
that
we
configure
a
set
of
application
identifiers.
K
And
these
application
identifiers
are
translated
into
packet
detection
rules,
and
this
is
all
according
to
the
3dpp
specifications,
and
these
packet
detection
rules
are
then
applied
in
the
core
Network
user
plane
of
a
mobile
network.
They
have
some
deep
packet
inspection
functions
used
to
detect
traffic,
often
that
is
based
on
snis
in
the
TLs
handshakes,
it
could
be.
Ip
ranges
can
also
be
correlating
between,
like
DNS
traffic
from
a
user
and
and
what
is
later
accessing
things
like
this.
E
K
It's
not
it's
not
very
good
to
do
this
and
it's
not
really
foolproof
either.
So
what
we're
looking
at
instead
is
that
these
Services
could
be
explicitly
requested
by
user
in
some
way,
and
the
idea
is
that,
for
instance,
if
a
network
operator
hosts
an
Ingress
proxy,
it
can
then
apply
specific
policies
based
on
which
egress
proxy,
the
the
the
user
is
connecting
to.
So
we
might
have
might
be
aware
of
a
set
of
egress
proxies
and
each
egress
proxy
might
be
associated
with
a
particular
service.
K
Then
the
Ingress
proxy
can
pretty
much
accept,
reject
or
reject
the
connection
request
towards
different
egress
proxies
based
on
the
sub
awareness
of
the
subscription
type
of
this
user.
So
do
I
know
that
this
user
is
a
zero
rate,
enabled
user.
Okay,
that's
the
case,
then
I
will
I
will
allow
this
traffic
to
pass
on
to
the
egress
proxy
and
then,
finally,
this
egress
proxy.
That
does
not
know
anything
about
the
user
or
something
maybe
but
as
little
as
possible.
K
Hopefully
can
pretty
much
accept
or
reject
the
traffic
based
on
awareness
of
the
target,
resource
and
awareness
of
the
policy,
but
it
doesn't
know
who
the
user
is.
So
we
kind
of
split
up
the
concern
a
little
bit,
maybe
having
some
pictures
on
this
simplifies
a
little
bit.
K
So
in
this
case
the
idea
is
that
the
policies
of
course,
are
somehow
defined
by
the
mobile
operators.
If
you're
using
my
network,
you
have
access
to
these
policies,
a
user
equipment
or
a
client
device
can
can
fetch
these
policies
from
the
mobile
network
operator,
and
then
it
can
map
these
policies
to
to
to
egress
properties
depending
on
the
one
type
of
treatment
it
wants
it.
It
sort
of.
Does
this
relay
connection
through
an
Ingress
proxy
to
a
specific
egress
proxy
specifying
which
policy
it
needs.
K
So
in
this
case,
say
that
we
want
to
do
zero
rating.
A
client
would
would
look
at
the
mapping
between
which
application
this
wants
to
connect,
to
which
egress
proxies
are
available,
connect
through
the
first
proxy
indicating
that
it
wants
to
wants
to
have
connect
through
this
particular
egress
proxy.
Then
the
mobile
network
operator
can
look
at
the
subscription
type
understand
that
this
is
a
user
that
is
eligible.
K
At
which
service
is
this
is
trying
to
be
accessed
here
and
is
that,
in
accordance
with
the
policy
that
I'm
supporting
and
if
that's
the
case,
it
allows
things
to
go
through.
So
we
have
now
removed
the
the
need
to
to
sort
of
inspect
every
packet
and
trying
to
infer
from
packets
kind
of
what
application.
This
is
to
something
more
kind
of
collaborative
where
a
user
decides
to
to
kind
of
use
a
specific
service.
K
Knowing
that
it
does
give
up
a
bit
bit
of
information
to
the
mobile
network
operator,
because
now
the
operator
knows
to
the
very
least
it
knows
which
category
of
traffic
this
belongs
to
and
you
sort
of-
and
you
would
know
that.
Okay,
if
this
is
something
that
goes
through.
It's
part
of
the
bucket
of
traffic,
that
I
zero
rate,
so
I
know
something
about
this
traffic,
but.
M
K
So
that's
that's
one
way
we're
looking
at
doing
collaboration,
and
so,
if
we
just
go
to
the
takeaways
here,
the
point
that
we're
trying
to
make
is
that
we
think
that
moving
towards
a
model
where
you
don't
just
inspect
Fields
that
are
that
are
there
for
you
for
free,
but
actually
doing
something
more
explicit.
You
get
a
much
more
secure
way
of
doing
it.
You
share
the
right
data
with
the
right
entity.
You
don't
rely
on
fields
that
are
you
know
flying
around
on
the
network.
K
You
get
explicit
trust
relations
that
provide
the
basis
for
more
targeted
information
exchanges.
So
so
you
only
exchange
the
information
that
you
actually
need.
You
don't
need
to
bleed
more
information
than
that
using
relays.
We
can
enable
explicit
collaboration.
You
have
the
realizing
the
network,
we
avoid
protocol
ossification,
because
we
don't
look
at
fields.
We
also
remove
the
ambiguity
of
the
information,
because
we
explicitly
share
information
that
is
intended
for
resources.
K
We
don't
we
don't
look
at
traffic
and
try
to
infer
what's
going
on
and
hopefully
we're
turning
a
challenge
that
the
mobile
network
operators
see
today.
E
K
Encryption
into
some
kind
of
opportunity
that
where
we
actually
can
increase
the
collaboration
between
users
and
networks
and,
at
the
same
time,
improve
the
user
privacy
so
yeah.
This
is
pretty
much.
What
I
wanted
to
to
say
here.
A
Thank
you
Marcus.
We
have
a
queue,
building
we're
also
a
little
overtime.
That's
all
right,
I
think
the
first
person
in
the
queue
is
actually
all
the
way
up.
Patrick
go
ahead.
Yeah.
N
Hi
there
thank
you.
N
Suppose
really
you've
got
a
couple
of
questions
struck
observations.
Would
you
be
able
to?
It
would
appear
that
someone
passively
observing
the
choice
of
final
egress
proxy
would
be
able
to
build
some
kind
of
picturesque
to
the
likely
state
of
the
subscriber
behind
that
and
secondly,
what
would
be
the
effect
that
a
mobile
user
would
have
when
they're,
for
example,
roaming
away
on
on
a
guest,
Network
and
finally,
I
guess
really.
N
It
kind
of
strikes
me
that
whilst
pixel
ISP
networks
and
mobile
network
operators
are
subject
to
regulation
it
would,
it
would
appear
that
likelihood
that
egress
proxy
operators
would
be
subject
to
some
form
of
Regulation,
such
as
stuffers
Court
mandated
blocking.
K
Yeah
yeah
for
sure
there's
there's
definitely
a
lot
of
regulation
on
mobile
network
operators.
I
think
it
will
be
very
interesting
to
see
what
the
regulatory
requirements
will
be
on
these
type
of
providers.
I
think
normally
yeah.
The
regulations
are
there,
because
normally
the
mnos
are
seen
as
the
infrastructure
providers,
so
so
yeah,
that's
a
super,
interesting
question,
and
and
what
how
will
this
relate
to
things
like
lawful,
intercept
and
other
things
I
think
is,
is
something
that
that
needs
to
be
thought
about
a
lot
going
forward.
K
I
don't
have
a
great
answer
to
to
how
it
would
look
now
because
yeah,
it's
regulatory
is
difficult,
whether
you
can
sort
of
build
a
model
of
the
behavior
of
a
user
by
observing
which
egress
proxies
it's
connecting
to
I.
Think
that
that
that's
an
interesting
one
and
I
think
that
largely
depends
on
how
you
do
it
with
the
addressing
of
the
egress
proxies
and
how
you
basically
expose
to
the
Ingress
proxy,
which
egress
proxy
use
and
and
what
kind
of
policy
it's
related
to
and
I
think
you
could.
K
That
could
be
an
issue,
but
I
think
you
could
probably
build
that
away
as
well.
If,
if
you
think
a
bit
about
it-
and
it's
not
something
I've
put
a
very
much
thought
into,
but
it's
it's
an
interesting
point
to
to
consider
I
think
and
then
finally,
you
had
a
question
on
roaming
users.
How
would
this
work
for
roaming
users,
so
I
think
it
doesn't
have
much
of
an
impact?
K
Roaming
doesn't
have
that
much
of
an
impact
depending
on
how
you
do
the
roaming,
but
usually
you
would,
when
you
do
roaming
you.
Basically,
your
all.
Your
traffic
gets
tunneled
to
your
home,
core
Network,
the
home.
So
if
you're,
if
you're
in
the
UK-
and
you
would
visit
Sweden,
all
your
internet
traffic
would
go.
K
Go
through
your
packet
Gateway
in
the
UK
and
in
this
case,
because
you're
connected
to
your
to
your
home,
core
I
guess
you
would
also
be
able
to
connect
to
to
the
Ingress
proxy
of
your
home
core,
I
I.
Don't
think
we
would
start
like
providing
proxy
services
from
like
visited
networks,
but
that
in
itself
is
perhaps
something
interesting
to
think
about,
but
in
general
I
think
it
roaming
would
work
like
today.
You
you
access
your
home
core
Network
and
have
your
own
home
core
Network
Services,.
C
Yeah
so
I
think
this
is
like
overall,
a
sensible
architecture.
In
my
mind,
I've
been
imagining
like
the
the
future
equilibrium
state
of
this
relaying
stuff
probably
ends
up.
Looking
like
you
know,
having
an
Ingress
related
Associated
to
the
origin
as
of
a
flow
and
egress
relates
Associated
to
the
destination
as
and
so
you
kind
of
get
that
level
of
granularity
on
the
internet.
C
I
wonder
whether
you
know
egress
level
policy
is
really
going
to
get
you
that
far.
You
know,
for
example,
zero
reading
might
be
very.
You
know
you
might
have
zero
rating
policies
that
are
quite
granular.
If
you
want
your
topic
specified
to
covid-19
stuff,
and
so
you
know,
if
you're,
if
you
think
about
an
egress,
is
indicating
you
know
what
CDN
you're
using
or
what
destination?
Yes,
you
had
to
do.
C
This
might
not
be
a
granular
level
of
granular
enough
level
information,
but
but
I
think
you
know
if,
if
we
take
this
logic,
a
step
further,
like
there's,
already
been
some
discussion
of
of
your
kind
of
interactions,
collaboration,
one
might
say,
between
Ingress
and
egress,
proxies
already
I.
C
Think
in
the
private
relay
system
you
mentioned,
there
is
some
interaction
between
those
mainly
for
authorization
purposes,
demonstrating
authority
to
use
the
whole
system
and
there's
been
some
discussion
around
in
in
the
orbit
of
the
ietf,
oblivious
HTTP
working
group
of
like
having
some
Communications
around
abuse
so
that
you
could
you
could
back
propagate
abuse
signals
from
the
egress
to
the
Ingress,
so
the
Ingress
could
quash
abusive
stuff
I
think
you
could
Envision
some
more.
C
You
know
enriching
that
interaction
to
cover
things,
other
types
of
policy
than
abuse,
but
I
think
the
tricky
thing
would
be
to
make
sure
that
that
gets
structured
in
a
way
that
you
only
reveal.
You
know
enough
information
to
accomplish
the
job,
and
you
know
so.
You
don't
undo
the
benefits
you've
gotten
by
the
the
proxy
exactly.
K
I
think
that
that's
extremely
good
point
and
then
actually
we
have
been
thinking
along
these
lines
and
I
didn't
put
it
in
here,
because
you
know
a
lot
of
levels
of
detail,
but
one
thing
we're
looking
at
is,
for
instance,
using
using
tokens
from
privacy
pens,
so
basically
the
the
mobile
network
operator,
not
just
while
it's
not
just,
let's
see.
Well,
it's
not
just
maybe
you
know
providing
like
identifiers
of
the
mapping
between
egress
proxies
and
policies.
K
You
might
also
provide
tokens
associated
with
specific
policies
and,
for
instance,
you
might
have
various
fine-grained
type
of
sear
rating,
like
you
said,
but
we
might
know
that
this
proxy
does
all
types
of
zero
rating.
We
don't
don't
really
care,
but
if
the
client
can
provide
a
token
to
this
to
this
egress
proxy
that
is
validated.
You
know
it's
attested
by
by
this
by
this
mobile
network
operator,
that
this
is
the
particular
policy
that
I'm
allowed
to
use.
Then
the
secrets
proxy
could
could
enforce
specific
Access
Control
based
on
that
policy.
A
Right
I
had
I
put
myself
in
the
queue
and,
and
then
there's
just
one
other
person
left
after
me,
but
I
I
guess
I
was
thinking
that
it
is
it.
You
demonstrate
really
well
what
others
I
think
have
have
talked
about,
which
is
that
once
you
sort
of
start
introducing
lots
of
encryption
management
or
network
management
is
then
forced
to
be
even
more
intrusive,
perhaps
with
its
methods
like
you
mentioned,
deep
packet
inspection,
for
example,.
A
So
obviously
that
trade-off
is
is
real
and
then
you're
sort
of
offering
then
a
way
of
of
opt-in
or
some
meaningful
action
on
the
part
of
the
users
where
they
are
are
aligned
with
the
services
they're
receiving.
And
so
you
will
be
able
to
provide
those
without
being
so
intrusive.
But
then
I
wonder
about
the
users,
then
that
sort
of
don't
opt
for
anything
if
their
traffic
will
either
just
have
fewer
of
these
features
or
if
they
will
sort
of
continue
to
be
subjected
to
more
sort
of
intrusive,
I.
A
Guess
I
don't
want
to
use
the
word
surveillance
because
that's
not
what
you're
doing
but
you're,
detecting
I
guess
in
a
more
intrusive
way
and
and
whether
it
it
there
are
now
sort
of
like
three
categories
areas
of
users.
Those
who've
opted
in
those
who
have
explicitly
not
opted
in,
and
then
you
know
those
that
are
sort
of
still
I
guess
having
these
these
techniques
all
at
the
same
time
sort
of
use
on
their
traffic.
It
might
be
interesting
to
detangle
those
different
categories
rather
than
just
having
two
binary
ones.
Yeah.
K
Yeah
for
sure,
I
think
that's
an
excellent
point
and
I
I
think
that
will
really
boil
down
to
the
type
of
use
case.
I
mean
if
we're
looking
at
some
of
these
things
like
okay,
we
want
to
enable
to
do
zero
rating
I.
Think
very
few
operators
would
do
zero
rating
on
something
that
is
so
fuzzy,
as
you
know,
imagine
deep
packet
inspection.
After
all
the
Sni
fields
and
everything
are
encrypted.
K
You
resort
to
to
some
of
the
techniques
we
saw
yesterday
with
machine
learning
and
whatnot,
and
that
doesn't
give
you
nearly
enough
of
the
Precision.
That's
required
to
do
things
related
to
charging
I
think
so.
But
then,
of
course,
you
might
have
other
use.
Cases
like
yeah
I
want
to
protect
you
against
malicious
sites
or
something,
and
that
might
for
sure
you
know,
okay,
you're
not
opting
into
using
this,
so
maybe
yeah.
K
We
will
apply
our
machine
learning
to
this
and
I
would
hope
not,
but
that
that's
definitely
potentially
something
that
would
happen.
Yeah.
D
K
Might
be,
of
course,
of
course,
and
then,
and
then
in
that
case,
I,
don't
think
that
their
traffic
would
be.
You
know,
inspected
to
to
say,
I'm
I'm
going
to
push
you
this
year.
You
know
I'm
going
to
take
what
I'm
gonna
say
right,
but
yeah
from
use
case
to
use
case.
Definitely,
and
there
could
be
cases
where,
where
users
that
don't
opt
in,
they
will
get
yeah
right.
A
More
analyzed,
potentially
thanks.
So
one
more
question
and
we'll
move
on
tour,
less.
I
So
thanks
a
lot
if,
if
this
is
going
to
be
in
any
form
of
draft
or
other
place
in
the
ietf
in
London
or
so
would
be
very
happy
to
continue
the
discussion
there
on
that
I
I
question:
you
know
the
the
relevance
of
of
kind
of
the
proxy
functions
insofar
as
pinholding
traffic.
I
Through
actual
you
know,
devices
that
otherwise
wouldn't
need
it,
because
in
the
end,
what
you're
showing
on
the
picture
is
in
the
first
place,
some
policy
plane
and
some
enforcement
plane,
and
we
already
have
a
lot
of
these
models
for
that
and
so
I
think.
One
of
the
questions
to
put
against
these
models
is
to
show
how
they
explicitly
were
different.
Compare
to
such
pre-existing
models
such
as
PCP,
for
example,
right
sure,
security,
wise
encryption,
wise
or
so.
I
These
older
models
from
10
years
ago
may
not
live
up
to
us
enough,
but
a
lot
of
the
other
aspects
that
we've
done
back
then,
would
certainly
I
think
still
be
quite
valuable.
So
it's
not
as
if
we
are
coming
out
of
of
Greenfield
on
Solutions
like
this,
but
have
been
through
a
couple
of
you
know
iterations,
and
so
it
would
certainly
be
good
not
to
repeat
mistakes
or
redo
things
that
were
already
done
wrong
correctly.
I
K
Think
that's
an
excellent
point
and
I
think
I
mean
the
main
reason
why
we're
looking
at
new
things
is
because
we
want
to.
We
already
have
this
relay
set
up
and
it
provides
a
lot
of
additional
privacy
for
users,
and
this
is
sort
of
making
use
of
this
setup
that
that
provides
additional
security
and
privacy
and
then
enabling
some
of
these
more
policy
related.
G
I
Well,
I
mean
I'm,
obviously
coming
more
from
from
the
side
of
on
the
high
speed
end
right
and
I'm
always
worried
about
solutions
that
unnecessarily
pinhole
traffic
through
devices
that
then
become
a
bottleneck.
If,
from
the
beginning,
we'd
start
doing
something
that
is
meant
to
work
with
the
highest
speed
networks,
then
we're
also
prepared,
for
you
know,
beyond
5G
yeah.
K
E
But
but
yeah
it's
a.
L
A
Thanks
very
much
Marcus
I
appreciate
your
presentation
while
we're
getting
ready
to
transition
to
Michael's
final
presentation
of
the
day.
I
just
wanted
to.
Please
ask
if
you're
calling
in
call
in
user
two.
If
you
could
just
tell
us
who
you
are.
E
Phone,
so
this
is
this
is
I,
don't
know
if
I'm
calling
either
two
or
something
but
I
had
to
connect
via
this
phone
Breeze,
because
my
work
phone
will
not
allow
the
WebEx
link
to
be
copied
and
pasted
on
the
application.
So
sorry
about
that,
but
this
is
no.
A
It's
perfectly
fine
to
call
in.
We
just
need
to
know
who
you
are
and
yeah
you're
the
only
one
on
the
phone
as
far
as
so
it
must
be
you.
Thank
you
very
much.
All
right,
so
Michael
go
ahead
and
if
you
need
help,
let
me
know
I'm
happy
to
drive
a
few.
If
you
prefer.
K
O
D
That
we'll
just
change
our
we'll
change,
our
our
stateless
stuff
yet
again
and
we'll
change
it
to
actually
be
Co-op,
toilets.
O
All
right
yeah,
this
is
the
side
car.
The
sidecar
is
this
idea
that
came
up
in
conversations
with
Keith
and
I,
and
we
now
have
a
paper
accepted
in
hot
Nets,
with
Gina
David
Matthew,
students
from
Stanford,
and
some
of
you
may
have
heard
that
story
before
in
a
slightly
different
way,
but
essentially
the
same
thing
really
in
the
path
of
our
networking
research
group
in
the
Vienna
ITF,
where
I
once
presented
it
I'll
go
ahead.
O
If
I
can
yes,
so
this
is
specifically
I
mean
Marcus
before
had
these
various
functions
of
of
proxies
on
one
of
his
slides,
and
there
was
only
one
line
dedicated
to
transport
functions
for
performance
Improvement,
and
this
is
really
specifically
that
line
that
that
I'm
talking
about
that's-
that's
all
I'm
doing
here
all
I'm
proposing
here
to
to
do
something
about
the
problem,
for
that
is
that
we
have
encrypted
transport
headers
with
product
with
with
quick
which
can
have
benefits,
and
it
solves
the
ossification
problem
for
sure,
but
it
comes
at
the
cost.
O
There
are
now
a
couple
of
papers
that
show
that
with
peps
PCP
can
be
faster
than
quick,
for
example,
in
a
satellite
scenario,
but
there
can
be
other
scenarios,
I'm
expecting
similar
things
with
millimeter
wave
connections
and
so
forth,
where
these
devices
that
try
to
help
and
sometimes
do
weird
wrong
bad
things,
but
sometimes
also
do
good
things
that
these
try
their
best
turn
out
to
actually
help
and
make
things
better
for
quick,
and
then
we
have
what
I
would
call
a
dilemma
that
the
protocol
is
called
quick
MP4
was
called
Speedy,
but
it's
really
slower.
O
So
it's
known
that
paths
can
be
bad.
This
is
a
picture
of
a
connection
splitter
right,
very
intrusive.
It
terminates
the
TCP
connection
opens
another
one.
They
try
to
be
useful,
but
you
know
this.
This
bad
interference
can
cause
ossification,
and
this
is
at
least
partially
due
to
the
transparent
design
of
these
devices.
Basically,
they
lie
to
the
sender
and
the
receiver,
because
they're
not
meant
to
even
participate
in
the
in
the
whole
communication,
so
they
cheat,
and
this
cheating
has
certainly
contributed
to
the
ossification
itself.
O
So
I'm,
not
making
proxies
transparent,
can
be
a
way
to
not
be
as
prone
to
ossification,
as
we
previously
were
mask
is
a
system
that
is
not
transparent,
so
possibly
it
might
be
a
way
to
improve
performance
by
adding
pep
functionalities
there.
O
Actually,
this
whole
thing
here
started
from
the
assumption
that
essentially,
the
people
doing
mask
might
not
be
very
happy
with
this
partially
because
they
might
believe
so
I
I
don't
want
to
vote
to
be
in
one
or
the
other.
Camp
I
don't
really
know,
but
there
might
be
a
belief
that
this
could
cause
ossification
problems
again,
you
retrofit
some
performance,
improving
function
and
to
create
and
to
mask
and
all
of
a
sudden
mask
is
forever
tied
to
that
function.
Now,
I,
don't
know
this
could
be
a
good
or
a
copy,
a
bad
model.
O
O
Okay,
so
the
idea
is
separation
of
concerns
to
completely
keep
the
whole
performance
improving
function,
separate
as
good
as
possible
as
far
as
possible,
so
that
would
be
a
separate
sidecar.
It's
a
separate
protocol,
independent
of
the
main
protocol
just
dealing
with
the
pep
functions
as
moving
as
much
as
possible
as
the
functionality
of
the
function
related
to
it.
O
The
main
protocol
normally
being
quick,
would
choose
the
service
as
an
opt-in
over
a
local
interface.
So
you
could
imagine
a
demon
on
the
OS.
You
could
imagine
a
library
function,
something
that
you
used
to
call
and
over
which
you
say:
okay,
this
particular
performance
improving
function,
I
choose
for
that
particular
connection.
Right
so,
depending
on
I
mean
these
functions
also
come
with
a
security
trade-off.
O
You
may
share
certain
information
that
you
might
not
really
want
to
share
in
some
cases,
so
for
a
banking
application
you
may
choose
to
never
use
any
of
these
functions.
It
really
depends,
so
you
can
do
it
per
connection.
The
application
can
make
a
decision
to
say.
Okay,
it's
something
that
I'm
okay
with
and
then
the
main
protocol
should
be
changed
as
little
as
possible.
At
least
that
was
our
design
idea,
so
there
wouldn't
be
any
connection
splitting
and
the
sidecar
proxy
does
not
pass
the
header.
We
don't
change
anything
about
encrypt
encrypting.
O
What
you
need
in
order
to
do
any
kind
of
reasonable
pep
lag
function
is
normally
to
send
X
for
most
cases.
Sometimes
you
can
just
cache
something
and
resend
it,
but
often
you
need
to
send
X.
So
that
is
what
we
really
looked
at.
X
could
be
sent
in
various
ways.
O
They
could
be
sent
out
of
band,
but
they
could
also
be
piggybacked,
for
instance,
using
UDP
options,
and
then,
if
we
have
that
thing
in
place,
then,
if
the
sidecar
itself
ossifies,
then
this
means
that
the
pep
function
doesn't
improve
any
further,
which
is
kind
of
sad
right.
We
may
have
something
that
makes
better
congestion
control
and
it
doesn't
improve
because
it
has
been
ossified,
but.
E
O
O
O
We
might
want
to
have
it
in
case.
We
have,
for
instance,
a
fluctuating
capacity.
Wireless
link
like
a
millimeter
wave
link
or
capacity
drops,
the
capacity
becomes
available,
and
we
want
to
be
able
to
immediately
send
out
data
rather
than
telling
the
sender
that
it
should
now
immediately
react
and
send
us
something
which
may
lead
to
the
data
coming
to
the
proxy
or
to
this
middle
device
too
late.
We
want
to
be
able
to
say,
give
us
data
earlier,
just
like
a
TCP
connection,
split
connection,
splitter
code
and
well.
O
The
service
Choice
then
means
that
clearly
for
sending
more
data
earlier
because
of
x
from
the
proxy.
The
quick
server
would
have
to
agree
that
if
this
sidecar
entity,
this
local
entity
tells
it
that
it
should
increase
its
congestion
window
further,
then
it
will
do
that
now.
You
may
be
okay
with
that
or
you
may
not
right,
but
if,
if
that
is
the
kind
of
service
that
is
being
offered,
if
you
want
to
choose
it,
that
is
that's
the
deal.
You
know.
O
You
trust
the
system
to
tell
you
to
increase
your
window
and
that
this
is
on
the
basis
of
something
reasonable,
and
the
notification
will
then
be
from
this
sidecar
proc
of
site
car
entity
that
the
neck
has
arrived
and
the
window
should
be
increased
and
more
data
should
be
sent
and
then
on
the
way
from
the
proxy
to
the
client.
Congestion
control
really
becomes
just
a
matter
of
influence
in
the
drain
rate
of
a
queue
on
the
basis
of
x
from
the
client
side
as
well.
O
This
could
be
couldn't
really
be
done
with
monitoring
X
in
case
of
quick
so
easily,
but
a
sidecar
could
be
placed
there
and
also
send
X,
but
at
least
the
main
protocol
wouldn't
have
to
be
involved
on
the
client
side.
For
this
particular
use
case,
you
just
need
to
do
something
on
the
server
side
and
you'd
have
to
to
have
you'd
have
to
have
the
entity
running
now.
Another
example
is
act
reduction,
that's
something
very
different.
O
There
is
a
people
from
these
colleagues
in
in
Atlanta
University,
who
came
up
with
a
proxy
idea
of
a
simply
well.
The
basic
idea
here
is
that
every
time
a
Wi-Fi
connected
user
equipment
sends
an
egg,
it
really
sends
2x
because
it
sends
a
transport
layer,
Act
and
the
link
layer.
In
fact,
then,
you
know
even
even
this-
this
transport
layout
is
probably
being
acted
at
the
link
layer,
so
that
makes
three,
but
instead
of
having
this
double
X.
O
This,
of
course,
can
only
work
for
basic,
positive
X
for
the
cumulative
ones,
not
when
you
add
some
options,
not
for
two
packs
and
so
forth.
Now,
with
quick.
The
way
we
could
implement.
This
will
be
to
have
this
service
choice.
To
say
that
okay
I
will
accept
the
X
from
the
from
the
proxy,
but
we'll
treat
them
like
the
client
X,
but
I
will
still
keep
the
data
in
the
send
buffer
just
in
case
so
that
some
well
for
the
sake
of
reliability.
O
We
don't
we
don't
ruin
things
and
the
sidecar
notification
would
be
that
an
act
has
arrived.
So
that
would
mean
that
the
client
doesn't
have
to
act
as
much.
The
server
would,
in
this
case
have
to
involve
the
client
in
the
main
protocol.
So
in
quick
I
think
there
is
a
form.
O
I
forgot
I
forgot
what
it's
called,
but
there
is
something
I
found
where
the
server
can't
tell
the
client
to
send
less
X
or
to
control
the
rate
of
the
X,
so
that
will
be
could
be
used
to
make
the
client
send
viewer
X,
because
the
proxy
would
already
back
on
its
behalf,
and
then
you
have
less
collisions
on
the
wireless
segment
and
third
would
be
basically
Loops
very
simple
use
case.
O
Now
the
acting
is
one
of
the
key
things
here.
There
are
several
ways
to
do
it.
One
is
like
in
this
lightweight
pep
paper
from
some
of
the
colleagues
and
Erickson,
and
some
of
the
colleagues
in
Hungary,
sorry
for
getting
all
the
names
of
whoever
was
involved
with
a
couple
of
people
here,
but
the
lightweight
lightweight
pep
I
think
it
also
just
did
a
hat.
Did
it
did
a
did
a
hash
over
the
packets?
Now?
That
is
one
way
one
way
to
that
that's
possible.
O
But
that
means
that
you
would
have
the
side,
car
or
whatever
kind
of
blocks
you
have
you
would
you
would
require
it
to
hash
everything
or
to
hack
every
packet,
and
we
were
considering
this
this
problem
of
trying
to
well
reduce
the
number
of
x
a
little
bit
and
have
cumulative
acts
like
with
you
know.
O
When
TCP,
you
have
a
sequence,
number
that's
growing
and
you
can
just
easily
make
a
cumulative
act,
but
when
everything
is
encrypted,
you
can't
you
don't
have
anything
that
you
know
is
clearly
growing
all
the
time,
so
another
possibility
will
be
to
Hash
over
a
number
of
packets.
Just
take
some
bytes
out
of
the
header
or
a
certain
offset
from
here
to
there
take
a
hash
over
a
number
of
packets.
The
beginning
has
an
end
hash
and
say
that
okay,
this
this
reflects
a
total
of
10
packets.
O
The
problem
with
this
idea
is
that
to
identify
which
packet
precisely
was
was
dropped.
The
sender
would
have
to
well
try
quite
a
number
of
different
different
hashes
right,
all
the
possible
subsets
of
10
packets
or
less
in
the
example
I
just
gave.
So
our
solution
is
what
we
call
cracks.
O
Now,
in
quacks,
everything
is
based
on
power
sums,
and
here
the
idea
is
that
well
there
is.
There
is
some
maths
that
our
the
students
understand
and
probably
Keith
understands.
I
can't
claim
to
fully
understand
it,
but
the
intuition
is
pretty
easy.
Basically,
if
I,
if,
if
I,
send
you
the
numbers,
one
three,
five,
ten
they're,
all
different
numbers
and
I
say
one
of
the
numbers
might
be
missing
up
to
one
or
zero
or
up
to
one.
Then
then!
O
Well,
if
I
send
you
the
sum,
then
looking
at
the
sum
you
know
precisely
which
packet
is
missing
right,
what
did
I
say
ten
five,
three
one,
so
that
would
be
19.
if
I
send
you,
let's
say
14,
you
know,
you
know
that
the
packet
number
five
is
missing.
So
it's
as
easy
as
that
in
case
of
up
to
one
missing
packet.
Now,
if
we
well,
there
is
maths
that
proves
that
this
can
be
generalized
to
up
to
n
missing
in
missing
numbers.
O
Sorry
I
touched
something
by
using
up
to
n
power
sums.
So
basically,
instead
of
sending
in
my
example,
one
plus
three
plus
five
plus
ten
I,
would
also
send
one
square
plus
three
square
plus
5,
squared
plus
ten
Square
and,
for
instance,
1
to
the
power
3
3
to
the
power
3
5
to
the
power
three
ten
to
the
power
of
three.
And
then
we
could
guarantee
that
up
to
three
missing
packets,
you
will
be
able
to
identify
which
they
were
just
out
of
I
mean
from
the
numbers.
O
So
in
that
case
it's
a
matter
of
taking
a
couple
of
numbers
from
the
header
that
we
can
assume
to
be
large
enough
to
be
most
likely
different
and
using
them
to
construct
these
sums
and
sending
back
sending
them
back
and
the
you
know.
Some
simulations
were
done
and
some
calculations
to
figure
out
that
the
strawman,
for
example,
strawman
2.
The
decoding
time,
can
be
unbelievably
large.
O
It's
one
way
to
do
it
all
together.
We
believe
this
is
a
viable
way
to
solve
this
dilemma,
and
there
is
research
needed
we've,
We've,
Only,
Just
Begun.
We
have
this
first
paper,
which
which
looks
at
the
quarks
in
detail,
but
there
are
some
parameters
here.
What
what
range,
and
how
often
would
we
send
quarks?
O
How
is
when
a
sidecar
proxy
discovered?
Would
we
just
use
a
model
like
Marcos
has
presented,
for
example,
with
an
Ingress
and
an
egress
proxy
could
be
like
that
I
mean
it
could
be
various
ways
to
do
it.
How
many
sidecars
should
there
be
on
the
path?
For
example,
when
there
is
only
one
side,
cuttings
get
a
whole
lot
easier.
When
there
are
multiple
you
know
there
are
cases
that
make
this
I
mean
things
things
do
get
more
complicated,
for
example,
in
the
use
case
of
congestion
control
division.
O
That
I
said:
I
just
talked
about
increasing
the
window,
but
truly
it's
not
just
increasing
the
window
that
will
have
to
change
on
the
sender
side,
but
also
you
know,
the
sender
would
have
to
maintain
a
sort
of
credit
such
that
when
the
client
exit
doesn't
also
increase
the
window
for
the
client
X
or
if
there
are
multiple
sidecars
each
acting,
you
know
things
become
more
complicated,
so
we
need
to
make
sure
that
is
that
we
don't
have
a
string
of
sidecars.
All
that
came
back
to
the
sender.
O
There
should
be
some
management
there
are.
There
are
some
multi-pass
considerations,
some
issues
related
to
trust
and
privacy,
so
some
of
these
problems
could
be
per
sidecar
protocol.
Some
are
General,
but
I
I
believe
I,
believe
there
was
some
sort
of
consensus
actually,
when
I
presented
that
pattern
at
part
of
a
networking
that
these
things
are
solvable.
O
A
Michael
and
so
yeah
we
can
definitely
take
questions.
Please
put
yourself
in
the
queue
also.
You
mentioned
that
you've
been
presenting
this
work
at
pathway,
networking
research
group.
Can
you
tell
us
more
about
that
ongoing
work
or
if
there
is
a
draft
or
anything.
O
A
All
right,
Marcus.
K
All
right,
I
was
just
looking
at
your
list
of
problems
and
I
thought
it
might
be
one
more
thing.
You
want
to
add
there
and
this
how
this
relates
to
to
ecn
and
ecn
feedback.
So
you
had
two
models
right.
K
O
Yeah
I
I
simply
agree,
I
mean
the
the
back
off
of
congestion.
Control
needs
to
be
a
bit
sophisticated,
considering
two
two
sources
or
even
multiple.
O
The
increase
is
a
simpler
case
to
talk
about
right
that
you,
you
can
increase
faster
to
get
data
to
the
proxy,
but
indeed,
when
you
have
multiple
multiple
acts
from
multiple
destinations,
you
need
to
do
something
more.
Intelligent,
I
agree.
A
Great
I
think
Colin
you're
next,
in
the
queue.
P
Sometimes
it's
sort
of
more
of
an
architectural
question
on
this
I
mean
I
I
get
what
you're
proposing
here
and
it's
it's
like.
You
know
this
is
amazing
acts
of
tweaking
things
in
magical
ways
to
get
this
whole
thing
to
work.
It's
not
easy.
Okay,
but
it
does
make
me
wonder,
is
you
know
what
are
the
alternative
approaches
to
this
to
to
achieve
the
same
type
of
performance
over
satellites
like
totally
get
the
need
for
that?
P
But
you
know
I
was
even
thinking
of
things
like
the
previous
presentation
we
just
saw
in
the
relays
if
you
replace
the
the
pep
functions
here
with
a
relay
you,
you
get
effectively
the
same
things,
but
maybe
some
other
properties.
But
what
are
the
the
other
ways
that
you
could
hit
this
problem
and
I
I
know
you
probably
selected
this
way
because
you
think
it's
best,
but
it
would
be
interesting
to
understand
what
the
Alternatives
were.
O
So
we
selected
this
way
because
we
believe
that
probably
the
conversation
that
is
about,
let's
now
try
and
add,
add
performance,
oriented
functions
into
Quick
into
Quick
in
some
way
or
add
it
to
mask
will
be
too
difficult,
so
technically,
I
believe,
if
you're
willing
to
retrofit
anything
directly
into
Quick,
you
end
up
with
something
that
technically
works
best
at
the
expense
of
various
things.
Right,
I
mean
and
and
and
and
also
even
more
white
hair
foreign.
A
Okay,
okay,
I
think
Tommy
you're.
Next,
in
the
queue.
M
Thank
you
for
presenting
this
with
a
particular
use
case.
You
have
here
of
like
how
you're
going
to
transmit
the
quacks
like
I
I.
You
know,
I,
don't
know
about
that.
I
need
to
like
spend
more
time
to
really
understand
that
and
think
about
it.
But
you
know
zooming
out
I
mean
essentially
what
I'm
hearing
is
you're,
saying
that
you
know
we
have.
M
We
can
have
encrypted
control
channels
to
network
operated
boxes.
You
know
things
on
path
like
these
proxies
and
that
gives
us
the
opportunity
to
have
richer
signals
than
just
like
ecn,
trying
to
flip
like
two
bits
into
IP
headers
like
we
can
do
path,
optimization
signaling,
because
we
have
a
richer
thing
and
that
I
really
like
I,
think
that
makes
a
lot
of
sense.
M
As
someone
working
on
mask
stuff,
you
know
we
definitely
have
a
lot
of
security
privacy
angles
too,
but
I
often
also
refer
to
masks
mask
proxies
as
a
nap
with
a
quick
handshake
on
it
like
it's,
a
it's
a
Nat
with
a
control
Channel
or
it's
a
pep
with
that
you're
aware
of
with
the
control
channel.
So
it
gives
you
these
opportunities
and
yesterday,
in
some
of
the
discussion,
one
of
the
things
I
brought
up
was
you
know
when
we're
trying
to
optimize
things
on
the
network.
M
Why
do
we
need
to
like
sniff
or
categorize
the
content?
You
know
if
you're
trying
to
improve
latency,
just
use
ecn,
just
use,
l4s
and
I?
Guess
one
of
the
answers
to
maybe
why
that's
not
done
all
the
time
is.
Maybe
you
need
a
bit
more
data
than
those
bits
have
or
you
can't
rely
on
those
bits
not
being
cleared
by
other
things,
because
they're
not
authenticating
they're
not
encrypted.
M
E
O
I
mean
you
brought
in
other
things:
I
think
you,
but
yeah
I
mean.
O
Not
sure
it's
I,
don't
know
what
to
say,
I
mean
I'm,
not
sure
we're
talking
about
the
same
thing,
really
even
I
mean
I
agree.
More
bits
are
good.
I
agree.
We
can
do
better
congestion
control
with
having
more
fine-grained
information.
I'm,
not
sure
this
is
what
the
side
car
will
be.
The
vehicle
I
mean
it
could
be
the
vehicle
that
you.
L
Me,
let
me
add
something
because
anyone
wanted
to
say
this,
and
it
just
fits
so,
and
you
know
the
one
thing
is
the
kind
of
information
you
want
to
provide
and
what
you
want
to
achieve,
and
there
are
different
ways
to
provide
this
information
and
you
can
do
it
based
on
explicit
trust
and
then
you
can
even
provide
virtual
information.
L
So
what
I
like
about
this
proposal
is
really
this
idea
to,
like
opportunistically,
send
information
to
the
server
in
either
the
server
understands
the
information
I
mean
it
might
not
even
pick
the
protocol
right,
so
it
would
be
just
like
ignoring
the
information
entirely
or
it
also
can
decide
to
actively
not
use
this
information,
and
so
this
is
just
another
Edition
that
is
pretty
nice
here.
O
Yeah
I've
I
forgot
to
say
that
in
my
presentation
that
that
part
of
I
mean
probably
a
big
part
of
what
we,
what
what
this
is,
is
also
to
be
independent
of
the
protocols
such
that
it
would
work
in
the
same
way
for
TCP
as
well.
You
know
now
we
have
only
these
very
ugly
ways
of
doing
things
with
TCP,
but
this
will
give
one
unique
way
or
that
that
would
work
for
quick
for
TCP
for
everything
in
the
same
way,
so
I
think
that
makes
it
a
nice
add-on.
A
Miriam,
did
you
want
to
jump
in
I
mean
you
were
just
yeah,
so
I
think
sorry,
I
was
trying
to
deal
with
the
slide
situation.
A
I
think
that
this
may
be
the
end
of
the
Q4.
This
particular
talk,
but
I
would
just
invite
everybody
back
to
the
larger
discussion,
maybe
taking
a
wider
view
on
the
whole
day,
and
this
topic
of
collaboration
I
think
there's
some
interesting
themes,
but
the
the
talks
were
all
quite
different,
so
I
think
I've
seen
folks
in
the
in
the
chat.
Who've
not
come
on
Mike.
Yet
who
wanted
to
talk
were
nalini
drove
srinivas?
A
D
B
Thanks,
you
know,
okay,
so
a
couple
one
kind
of
overarching
point
I
think
is
that
it
Enterprises,
you
know
private
managed
networks
have
these
needs
as
well,
and
some
of
them
are
the
same
as
what's
been
talked
about,
and
some
of
them
are
different,
and
so
so
I've
been
trying
to
keep
that
in
mind
all
along
and
and
the
other
thing
really
is
like
you
know,
I
can't
help
but
think
about
implementation
challenges.
B
I
mean
how
do
we
actually
get
this
out
and
there's
been
a
little
bit
of
discussion
on
the
on
the
chat.
I
mean
we're
not
coming
from
a
green
field.
Implementation
for
sure
you
know,
and
so
and
and-
and
so
maybe
it
is-
that
you
have
to
put
a
another
box
in
because
the
the
task
of
changing
applications
to
collaborate-
I
mean
it
just.
It
just
seems
like
an
impossible
task
and
even
even
os's.
B
Is
it's
just
a
tremendous
task
and
so
I
guess
we
went
about
at
a
completely
different
way,
which
is
to
to
have
it
do
it
at
the
IP
layer
and
do
it
externally
and
I
really
like
the
thing
yesterday
about
you
know
the
the
P4,
the
changes,
the
intelligent
neck
or
the
smart
switch
kind
of
thing,
I
guess
what
I'm
just
I'm
just
thinking
about
how
do
we?
How
do
we
make
this
work
that
it's
just
a
conversation.
A
I
just
wanted
to
reflect
similarly
on
the
question
that
Richards
for
started
us
off
on
about.
Why
do
people
collaborate,
I,
feel
like
by
the
end
of
your
presentation
and
also
with
the
comments
we
were
almost
arriving
at
the
question?
Why
don't
people
collaborate
as
it
being
a
very
primary
consideration?
A
Why
wouldn't
users
want
to
share
or
to
collaborate
and
and
I
thought
that
was
it
may
be
kind
of
the
opposite,
I?
Think
of
what
leaning
you're
worried
about.
B
No
sure
I
mean
there's,
there's
privacy,
I,
guess
I'm,
just
I'm.
Coming
from
the
point
of
view
of,
like
you
know,
regulated
Industries,
where
there's
you
know,
we've
we
have
to
or
the
military
you
know,
I
mean
I
mean.
Yes,
we
have
to
monitor.
There's
just
you
know
and
I'm
sure
everyone
wants
us
to
do
to
do
that
too.
M
So
commenting
I
think
both
on
what
new,
Mallory
and
Delaney
were
saying.
There
was
a
thought.
I
was
having
and
Richard
was
speaking
earlier
and
there
was
kind
of
the
questions
that
were
brought
up
about.
Well.
How
would
you
trust
these
devices
like
how
would
the
networks
or
devices
trust
each
other
to
enough
to
do?
M
The
collaboration
and
Richard
was
alluding
to
this
already,
but
I,
just
kind
of
wanted
to
reiterate
that
I
think
different
networks
are
going
to
have
different
requirements
for
the
level
of
trust
that
they
have
in
devices
or
vice
versa.
Yesterday,
in
our
discussion,
Jason
was
bringing
up
some
like
the
Comcast
parental
controls
use
cases,
and
that's
a
case
where
you
know
this
is
a
home
network.
M
I
enable
this
feature
to
make
sure
that
my
devices
or
my
kids
devices
aren't
going
to
sites
I,
don't
want
them
to
go
to,
or
maybe
you
have
a
cafe
Network
that's
trying
to
uphold
its
terms
and
conditions
about
what
you're
supposed
to
get
to
and
I
think
it's
useful
to
talk
about
those
in
a
different
category.
From
like
the
super
lockdown
Enterprise
military
Network,
that
has
some.
You
know
really
strong
security
requirements
and
I
think
when
we
look
at
these
home
and
public
networks.
D
M
At
least
how
they
operate
today,
they
don't
seem
to
want
to
entirely
prevent
users
from
being
able
to
ever
evade
the
blocks
or
get
around
the
optimizations,
like
these
networks
usually
allow
you
to
use
a
VPN.
They
allow
you
to
do
a
lot
of
things
that
would
allow
you
to
bypass
the
checks,
but
they
want
to
have
the
default
OS
and
browser
configurations.
M
Do
the
filtering
or
get
the
optimizations
they
want,
such
that
you
know
someone
who's,
not
really
hacking
around
or
trying
to
mess
around
with
things
gets
the
right
Behavior
by
default,
and
so
for
those
cases
you
know
the
the
bar
for
what
it
means
to
collaborate
may
be
easier
to
do,
and
so
we
could
potentially
apply
this
to
more
things.
M
Case
of
the
military
Network
case
Etc,
at
least
you
know,
in
our
experience
of
trying
to
build,
you
know
like
a
iPhone,
that's
going
to
get
onto
Enterprise
Network.
You
have
many
more
opportunities
to
have
explicit
certificate,
trust
relationships
about
how
things
are
being
provisioned
and
hopefully
that
will
allow
you
to
bootstrap
more
explicit
trust
as
well
or
even
you
know,
validation
of
about.
What's
the
stance
of
a
device
getting
onto
a
network,
so
I'd
be
curious
to
hear
what
people
think
of
you
know.
M
How
solvable
are
the
different
problems
for
the
different
use
cases
in
these
Networks.
Q
Thanks
I
mean
actually
following
a
little
bit
up
on
what
Tommy
was
talking
about
too
I
I,
really
like
where
this
discussion
is
going
I,
think
you
know
both
yesterday's
set
of
presentations
in
today's.
You
know,
you
know
both
highlights
the
problem.
Space
really
well
as
well
as
you
know,
provides
us
some
direction
of
maybe.
E
Q
Some
hope
coming
out
of
it,
but
I
do
have
other
concerns,
but
in
particular,
privacy
protocols
have
always
been
designed
to
Auto
protect
the
user
right.
You
use
https,
you
get
security
and
you
know
there's
no
sniffing
the
whole
point
of
TLS
1.3
and
encrypted
snis
is
to
provide
more
of
that.
The
whole
point
of
encrypted
DNS
is
to
protect
the
user
where
they
don't
have
to
think
about
it
and
I
worry
about
you
know
anytime.
Q
You
present
some
of
these
options
to
users
of
we
want
you
to
leak
a
little
bit
of
information
so
that
we
can
prioritize
you
or
give
you
better
services.
I
worry
about
user
presentation
so
that
they
can
make
intelligent
opt-in
choices,
especially
in
in
situations
where
there's
a
lot
of
commercial
deception.
You.
Q
Wants
a
social
media
account
on
platform
X,
but
they
really
don't
understand
the
ramifications
of
of
signing
up
and
what
sort
of
level
of
tracking
you
know
that
that
comes
into
play.
So
we
have
to
be
careful
here
in
terms
of
you
know,
forward
thinking,
I'm
thinking,
you
know,
10
years
down
the
line
of
where
are
we
going
to
end
up
with
this
and
you
know,
are
we
going
to
be
right
back
where
we
started
with
without
much
privacy,
because
we've
put
in
too
many
holes
or
you
know,
because
the
users
don't
understand
them?
Q
I
I
think
that
the
the
the
whole
point
of
opt-in
in
order
to
get
better
transmission
paths-
and
things
like
that
is
absolutely
fantastic.
I
worry
that
nefarious
organizations
will
tie
it
to
tie
features
to
things
in
order
so
that
they
can
get
back
some
of
what
they've
lost
in
the
past.
You
know
decade.
A
Yeah
there's
nobody
left
in
the
queue,
but
there
is
discussion
of
what
Wes
just
brought
up.
Oh
nalini
go
ahead,
but
yeah
also
we're
kind
of
in
the
space
too,
where
I
think
folks
can
feel
free
to
jump
in
like
we
don't
have
to
have
really
strict
cue
management
anymore.
Thanks.
B
B
I
said
I've
kind
of
noticed,
you
know
at
the
ietf,
and
you
know
writ
large
and
then
over
time
is
that
people,
don't
people
have
bad
motives,
I
mean,
and
we
just
need
to
understand
that,
and
so
I
mean
I
think
trying
to
say
that
people
are
not
going
to
do
stuff
because
they
can
make
money
at
it.
They
will
if
they
can
figure
out
a
way
to
make
money
and
then
and
lie
to
people,
that's
what
they're
going
to
do,
and
so
we
need
to
design
protocols.
J
I
I
was
just
going
back
on
one
of
the
points
that
Wes
made
actually
I
think
it's
very
interesting.
I
wanted
to
sort
of
correlate
this
to
sort
of
gdpr.
That
happened
a
few
years
ago
and
I
know
that's
a
layer
above
what
we're
discussing
here,
but
I
think
the
impact
of
that
was
quite
interesting.
That
certainly
for
me,
it
raised
a
lot
of
awareness
about
how
much
data
companies
are
gathering
about
you,
but
as
far
as
I
can
tell
it,
there's
nothing
to
actually
help
the
end
user.
J
It
just
sort
of
says
this
is
a
massive
problem,
there's
very
little.
You
can
actually
do
because
all
of
these
sites
pop
up
these
sort
of
boxes
and
without
spending
10
minutes
trying
to
work
out
what
you're
actually
sign
yourself
up
for
it's
really
very
hard
to
know
so
again,
I
think
in
terms
of
user
interfaces
and
things
I.
Think
that's
a
critical
issue
here
is:
how
do
we
get
and
users
being
able
to
make
a
meaningful
choice
on
these?
How
do
we
even
know
what
the
right
default
behavior
is?
For
these
end
users?
J
Certainly,
when
I
was
giving
a
talk
about
encrypted
client,
hello
at
work,
I
actually
asked
some
questions
about
how
much
do
people
listen
to
Network
engineers
and
software
Engineers?
How
much
people
care
about
privacy
versus
keeping
their
money
safe
versus
all
these
other
sorts
of
constrainted
choices,
and
the
conclusion
was:
is
they
think
privacy
is
great?
They
want
everything
to
work,
so
they
don't
want
to
hand
off
privacy,
but
they
do
also
want
all
these
other
things
they
don't
want
to
have
their
bank
accounts
hacked.
J
They
don't
have
all
these
scams
and
things
going
on.
So
how
do
you
get
users
to
make
an
informed
decision,
and
even
for
the
ITF
is
how
do
we
get
an
informed
decision
about
what
end
users
want
into
the
protocols
we're
designing?
Because
at
the
moment
it
feels
like
we're
basing
a
lot
of
our
decisions
on
what
we
think
is
right
as
engineers
and
what
our
companies
are
saying.
We
should
do
I'm
not
entirely
sure
that
we're
necessarily
always
getting
the
end
users.
J
Opinions
fully
taken
out
fully
into
consideration
in
the
sort
of
discussions
we're
having
and
I.
Think
it's
important
to
me
to
for
me
to
sort
of
understand
what
ways
to
get
more
of
those
views
into
the
ITF.
A
Yeah
for
sure
Miriam.
L
I,
don't
want
to
disagree.
I
just
want
to
say
that
not
all
interactions
require
this
kind
of
user
direct
user
interactions
right
away
right
because,
like
designing
these
interfaces
is
like
a
really
hard
job
like
you
can
avoid
it.
L
You
should
avoid
it
and,
like
the
things
we've
been
talking
about
like
zero
rating,
usually
what
user
does
is
they
have
a
contract
where
serial
rating
is
part
of
the
contract,
so
I
would
assume
if
they
you
know
if
they
have
the
opportunity
to
Serene
something
they
wanted,
because
it's
what
they're
paying
for
similarly
parental
control?
It's
also
some
it's
a
service
that
you're
asking
for
on
like
a
contract
basis
right,
it's
not
on
a
Prayer
interaction
basis
that
you
do
these
kind
of
things
and
then
talking
about
this
performance
enhancement
stuff.
L
That
is
that
Michael
was
talking
about
these
are
kind
of
completely
independent
of
the
user.
It's
really
more
about!
What's
the
application,
what
are
the
requirements
of
the
application
right
and,
of
course,
the
user
wants
to
have
well
working
application
so
now
that
all
of
these
have
direct
user
interactions
are
like
at
least
not
on
a
on
a
per
flow
level
or
whatever.
Maybe
there's
like
some
gross
grain
part
of
your
Contracting.
A
Right,
what's
your
up
next.
Q
So
thanks
Rob
for
bringing
up,
gdpr
I
think
that's
actually
a
fantastically
interesting
use
case
because
it
is
such
a.
It
is
such
a
mixed
bag
of
results.
You.
E
Q
You
know
when
I
think
about
the
choices
of
having
every
website,
prompting
with
that
stupid
little
dialog
box,
the
dialog
boxes
have
actually
gotten
better
to
miria's
point
right,
as
as
the
user
interface
has
changed
over
time,
I
love
the
newer
ones
that
you
know
basically
give
you
two
buttons.
One
is
except
all
and
the
other
one
is,
you
know,
take
you
to
a
screen
where
they've
defaulted,
to
turn
off
all
of
the
the
nasty
ones,
and
then
you
can
just
click
one
more
button
when
you
had
to
manually
tweak
all
the
sliders.
Q
That
was
a
bit
more
of
a
pain,
so
we're
I
think
there's
a
trajectory
there
that
we're
sort
of
heading
in
the
right
direction
introductory,
but
the
downside
of
gdpr
is
very
much
seen
in
I
can
so
for
for
reference.
I'm.
An
I
can
board
member
now
and
have
heavily
on
the
icann's
discussion
list
is.
How
do
we
deal
with
the
fact
that
gdpr
has
completely
blocked
the
use
of
who
is
which.
E
Q
A
security
operations
perspective
of
which
I've
sat
in
many
many
security
operations
centers
we
can
no
longer,
you
know,
actually
look
up
information
about
domains
and
things
like
that
that
you
know
our
users
are
directly
being
impacted
by,
and
so
you
know
at
the
same
time
that
gdpr
has
really
really
helped
out.
It's
actually
really
really
hurt,
because
Network
operators
can
no
longer
help
protect
users.
You
know
by
by
looking
up
information
about
what
they're
trying
to
do
and
what
they're
trying
to
see
and
how
to
contact.
G
A
Yeah
I'm,
I,
I,
guess
I
quite
a
while
ago
with
it
now,
which
is
that
also,
even
if
you
could
obtain
meaningful
consent
or
have
some
idea
of
what
end
users
want
that
changes
over
time.
So
they
also
need
to
be
empowered
to
change
their
mind
at
some
point
and
that's
also
pretty
challenging.
A
If
you
equate
service
provision
with
some
sort
of
blanket
consent
and-
and
you
might
change
your
services,
you
might
change
what
that
means
for
them
and
then
give
them
a
notice,
but
there's
rarely
an
opportunity
to
actually
change
one's
consent
or
to
remove
that
it's
really
hard.
So
you
know
defaults,
therefore
matter
quite
a
bit
and
I
like
the
proposals
that
have
come
about
where
you're
actually
trying
to
align
what
users
want
with
some
form
of
meaningful
consent,
that's
probably
as
close
as
you're
going
to
get.
A
A
That
would
tend
to
be
not
just
privacy
preserving,
but
also,
as
you
mentioned,
Rob
like
security,
conscious,
because
that
I
think
is
they're
very,
very
similar
from
a
from
a
user
perspective
in
terms
of
how
encryption
is
used
and
then
the
last
one
that
isn't
talked
enough
about,
but
matters
a
lot
in
certain
countries
at
the
moment
which
is
access
to
information.
So
encryption
also
allows
for
not
just
people
to
keep
their
information
safe,
but
to
actually
get
information
that
would
otherwise
be
blocked
for
them.
A
So
for
folks,
in
Iran,
right
now,
folks,
in
Russia,
Ukraine
and
elsewhere
are
constantly
meeting
encryption
to
get
access
to
content.
So
it
isn't
only
just
about
their
own
privacy
or
their
own
security.
It
can
sometimes
be
a
tool
needed,
for
you
know,
information,
integrity
and
security,
so
I
I
guess
I
have
a
whole
lot
of
these
whole
lot
of
these
thoughts.
But
it's
really
really
appreciate.
A
A
I
think
I
was
not
the
last
one
on
the
Queue.
Sorry
Colin
you're
after
me,
go
ahead.
F
E
F
The
media
gets
hold
of
the
fact
that
it
provides
access
to
a
certain
group
and
then
that
they
are
then
you
know
the
way
they
are
presented
to
the
society
at
large
is
as
a
snooping
protocol,
and
we
need
to
be
careful
how
things
are
presented
and
be
be
ex,
be
more
explicit
than
perhaps
we
are
being
about
how
they
change.
Who
has
access.
I
So
Kenny
Patterson
once
said
very
nicely
with
Tong
and
cheek
that
any
cryptographic
problem
can
be
solved
through
a
sufficient
number
of
trusted
third
party,
and
if
we
think
about
the
problems
that
we've
talked
about
here
of
user
privacy
and
what
users
want
I
think,
ultimately,
most
users
don't
know
what
they
want
and
what
they
get
out
of
it.
I
So
there
needs
to
be
a
trusted
third
party
that
represents
or
explains
to
the
users-
and
you
know,
give
or
take
all
these
other
parties,
like
the
European
Union
trying
to
do
this
with
gdpr
I
think
we
should
talk
about.
What
is
the
position
that
we,
as
the
iitf
would
want
to
have
right,
so
I
think
we
started
out
for
a
very
long
time,
focusing
on
privacy
and
through
encryption,
I.
I
Think,
first
of
all,
I'm
not
sure
whether
we're
communicating
that
very
well
in
terms
of
what
that
exactly
gives
to
really
actual
users
as
opposed
to
inside
baseball.
You
know
companies
in
the
industry
and
then
the
second
question
is
whether
that
scope
is
Broad
enough
to
really
serve
the
user.
Well,
so,
if
I'm
looking
at
the
discussion
that
we
had
right
now,
I
think
to
me
you
know
the
opposite.
I
Side
of
privacy
is
always
transparency
and
in
in
that
respect,
I,
as
a
user
would
really
love
to
have
more
transparency
of
the
services
that
I'm
getting
right.
So
especially
that
you
don't
know
where
your
data
goes.
You
don't
know
what
service
you're
actually
getting,
especially
when
you're
starting
to
relinquish
certain
information.
So
there
is
a
lot
more
than
just.
I
You
know
the
Privacy
that
we
could
do
on
kind
of
the
the
things
we
would
like
to
see
networks
doing
for
the
users
in
the
future,
but
even
if
we
just
take
stick
to
privacy,
I
think
you
know,
what's
our
way
to
communicate
that
better
to
actual
end
users.
A
Good
thanks,
I
think
the
Leaning.
You
are.
B
Next,
so
I
wanted
to
pick
up
on
what
you're
saying
so
I
think
very
much.
There
is
there's
a
gap
in
Internet
governance
and
it's
possible.
The
ITF
could
start
to
feel
some
of
that
rule
like,
for
example,
I
I
know,
100
percent.
There
are
conversations
being
had
because
I've
been
a
part
of
them
where
there
are
governments
who
are
talking
about
what
Will
and
will
not
be
potentially
policy
in
the
next
five
years
and
in
some
ways
it's
like.
If
we
think
gdpr
is
something
against
weight
right,
because
I
mean.
B
Let
me
give
you
an
example,
for
example,
and
I'm
not
saying
this,
is
the
conversation
I've
been
a
part
of
okay
so
like,
for
example,
if
someone
you
know
what
would
it
take
for
certain
countries
to
to
react
with
inevitable
overreach
and
lack
of
understanding
say,
for
example,
in
India,
some
terrorist
group
takes
off
a
pillar
of
the
Taj
Mahal.
B
What
do
you
think
the
Indian
government
is
going
to
do,
right
and
and
and
I
think
I
think
what
is
happening
right
now
is
if
you
and
I
don't
want
to
get
it
distract
a
little
bit
on
the
on
the
who
is
because
those
are
certainly
conversations
that
have
been
had
too.
It's
like
it's
like
wait,
a
minute
wait,
a
minute
law
enforcement
needs
who
is
and
and
so
I
think
in
some
ways.
B
I
I
have
some
ideas,
obviously,
but
but
I
think
there
needs
to
be
a
forum
where
some
of
the
implications
of
things
like
what
we're
talking
about
need
to
be
explained
in
a
way
that
people
can
understand,
because
otherwise
I'm
just
gonna,
say
in
the
next
five
years.
We're
likely
to
see
governments
react
towards
some
of
these
things
in
unfortunate
ways.
A
Others
want
to
jump
in.
We
have
just
a
time
check.
We
have
about
four
minutes
left
for
today's
Workshop.
Q
So
I
liked
what
Colin
said
about
about
changing
who
has
access
and
one
of
the
things
that
I've
worried
about
with
all
of
the
proxy
related
solutions
that
excuse
me
ad
privacy
is,
it
is
changing
the
way
we
that
you
know
changing,
who
has
access
and,
more
importantly,
it's
actually
driving
centralization
of
a
lot
of
those
proxies,
because
there
was.
Q
Q
We
all
believe
that
these
two
entities
will
never.
You
know
collude
when
the
reality
is
a
they
might
be
motivated
to
do
so.
As
somebody
said
earlier,
everything
is
always
financially
driven.
Q
A
Absolutely
go
ahead:
Colin
you're
back
in
the
queue
yeah.
F
I
I
think
it's
about.
Following
on
some
of
the
leanest
points.
F
It's
not
I
think
it's
not
just
governments
who
don't
understand
what
we're
doing
with
changing
the
way,
the
architecture
Works
in
reasonably
significant
ways
and
it's
shifting
who
has
access
of
water,
the
Privacy
and
security
trade-offs
quite
quite
significantly
and
I'm,
not
sure
that
that
much
of
the
industry
or
other
wider
Society
is
understanding
how
it's
shifting
we're
not
very
good
at
Outreach
and-
and
we
saw
this
biting
us
over
each
over
DNS
over
https
I'm
wondering
if
we're
going
to
see
some
similar
concerns
with
some
of
the
protocols
we're
developing
here,
we
should
maybe
try
and
get
better
at
the
Outreach.
A
Very
good
point,
so
yeah
I
guess
we'll
start
moving
to
wrapping
up
just
because
I
know
we've
all
generously.
A
Given
your
time
for
the
last
couple
of
hours,
we
have
Wes
who
is
chairing
tomorrow's
session,
which
I
am
really
I'm,
sad
to
say,
I
will
miss
for
unavoidable
conflict
reasons,
but
I'm
looking
forward
to
the
notes
and
glad
that
these
are
being
recorded
any
final
words
or
shall
we
just
yeah
see
you
all
online
for
tomorrow,
I,
don't
know
if
there's
any
other
announcements,
I,
don't
think
so
from
the
program
committee
or
from.