Internet Architecture Board (IAB)                              N. Rooney
Request for Comments: 8462                               S. Dawkins, Ed.
Category: Informational                                     October 2018
ISSN: 2070-1721
        
Internet Architecture Board (IAB)                              N. Rooney
Request for Comments: 8462                               S. Dawkins, Ed.
Category: Informational                                     October 2018
ISSN: 2070-1721
        

Report from the IAB Workshop on Managing Radio Networks in an Encrypted World (MaRNEW)

IAB关于在加密世界中管理无线网络的研讨会报告(MaRNEW)

Abstract

摘要

The Internet Architecture Board (IAB) and GSM Association (GSMA) held a joint workshop on Managing Radio Networks in an Encrypted World (MaRNEW), on September 24-25, 2015. This workshop aimed to discuss solutions for bandwidth optimization on mobile networks for encrypted content, as current solutions rely on unencrypted content, which is not indicative of the security needs of today's Internet users. The workshop gathered IETF attendees, IAB members, and participants from various organizations involved in the telecommunications industry including original equipment manufacturers, content providers, and mobile network operators.

互联网架构委员会(IAB)和GSM协会(GSMA)于2015年9月24日至25日举办了一次关于在加密世界中管理无线网络的联合研讨会(MaRNEW)。本研讨会旨在讨论针对加密内容的移动网络带宽优化解决方案,因为当前的解决方案依赖于未加密的内容,这并不表示当今互联网用户的安全需求。研讨会聚集了IETF与会者、IAB成员以及来自电信行业各个组织的参与者,包括原始设备制造商、内容提供商和移动网络运营商。

The group discussed Internet encryption trends and deployment issues identified within the IETF and the privacy needs of users that should be adhered to. Solutions designed around sharing data from the network to the endpoints and vice versa were then discussed; in addition, issues experienced when using current transport-layer protocols were also discussed. Content providers and Content Delivery Networks (CDNs) gave their own views of their experiences delivering their content with mobile network operators. Finally, technical responses to regulation were discussed to help the regulated industries relay the issues of impossible-to-implement or bad-for-privacy technologies back to regulators.

该小组讨论了IETF中确定的互联网加密趋势和部署问题,以及应遵守的用户隐私需求。然后讨论了围绕从网络到端点以及从端点到端点的数据共享而设计的解决方案;此外,还讨论了使用当前传输层协议时遇到的问题。内容提供商和内容交付网络(CDN)就其与移动网络运营商交付内容的经验发表了自己的看法。最后,讨论了对监管的技术回应,以帮助受监管行业将无法实施或对隐私技术不利的问题反馈给监管机构。

A group of suggested solutions were devised, which will be discussed in various IETF groups moving forward.

设计了一组建议的解决方案,将在各个IETF小组中讨论。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Architecture Board (IAB) and represents information that the IAB has deemed valuable to provide for permanent record. It represents the consensus of the Internet Architecture Board (IAB). Documents approved for publication by the IAB are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.

本文件是互联网体系结构委员会(IAB)的产品,代表IAB认为有价值提供永久记录的信息。它代表了互联网体系结构委员会(IAB)的共识。IAB批准发布的文件不适用于任何级别的互联网标准;见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8462.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8462.

Copyright Notice

版权公告

Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1.  Understanding "Bandwidth Optimization"  . . . . . . . . .   4
     1.2.  Topics  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     1.3.  Organization of This Report . . . . . . . . . . . . . . .   5
     1.4.  Use of Note Well and the Chatham House Rule . . . . . . .   6
     1.5.  IETF and GSMA . . . . . . . . . . . . . . . . . . . . . .   6
   2.  Scene-Setting Sessions  . . . . . . . . . . . . . . . . . . .   7
     2.1.  Scene Setting . . . . . . . . . . . . . . . . . . . . . .   7
       2.1.1.  Scope . . . . . . . . . . . . . . . . . . . . . . . .   8
       2.1.2.  Encryption Statistics and Radio Access Network
               Differences . . . . . . . . . . . . . . . . . . . . .   8
     2.2.  Encryption Deployment Considerations  . . . . . . . . . .   9
     2.3.  Awareness of User Choice (Privacy)  . . . . . . . . . . .  10
   3.  Network or Transport Solution Sessions  . . . . . . . . . . .  11
     3.1.  Sending Data Up/Down for Network Management Benefits  . .  11
       3.1.1.  Competition, Cooperation, and Mobile Network
               Complexities  . . . . . . . . . . . . . . . . . . . .  12
   4.  Transport Layer: Issues, Optimization, and Solutions  . . . .  13
   5.  Application-Layer Optimization, Caching, and CDNs . . . . . .  14
   6.  Technical Analysis and Response to Potential Regulatory
       Reaction  . . . . . . . . . . . . . . . . . . . . . . . . . .  15
   7.  Suggested Principles and Solutions  . . . . . . . . . . . . .  16
     7.1.  Better Collaboration  . . . . . . . . . . . . . . . . . .  19
   8.  Since MaRNEW  . . . . . . . . . . . . . . . . . . . . . . . .  19
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  20
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  20
   11. Informative References  . . . . . . . . . . . . . . . . . . .  20
   Appendix A.  Workshop Attendees . . . . . . . . . . . . . . . . .  24
   Appendix B.  Workshop Position Papers . . . . . . . . . . . . . .  26
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  28
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
     1.1.  Understanding "Bandwidth Optimization"  . . . . . . . . .   4
     1.2.  Topics  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     1.3.  Organization of This Report . . . . . . . . . . . . . . .   5
     1.4.  Use of Note Well and the Chatham House Rule . . . . . . .   6
     1.5.  IETF and GSMA . . . . . . . . . . . . . . . . . . . . . .   6
   2.  Scene-Setting Sessions  . . . . . . . . . . . . . . . . . . .   7
     2.1.  Scene Setting . . . . . . . . . . . . . . . . . . . . . .   7
       2.1.1.  Scope . . . . . . . . . . . . . . . . . . . . . . . .   8
       2.1.2.  Encryption Statistics and Radio Access Network
               Differences . . . . . . . . . . . . . . . . . . . . .   8
     2.2.  Encryption Deployment Considerations  . . . . . . . . . .   9
     2.3.  Awareness of User Choice (Privacy)  . . . . . . . . . . .  10
   3.  Network or Transport Solution Sessions  . . . . . . . . . . .  11
     3.1.  Sending Data Up/Down for Network Management Benefits  . .  11
       3.1.1.  Competition, Cooperation, and Mobile Network
               Complexities  . . . . . . . . . . . . . . . . . . . .  12
   4.  Transport Layer: Issues, Optimization, and Solutions  . . . .  13
   5.  Application-Layer Optimization, Caching, and CDNs . . . . . .  14
   6.  Technical Analysis and Response to Potential Regulatory
       Reaction  . . . . . . . . . . . . . . . . . . . . . . . . . .  15
   7.  Suggested Principles and Solutions  . . . . . . . . . . . . .  16
     7.1.  Better Collaboration  . . . . . . . . . . . . . . . . . .  19
   8.  Since MaRNEW  . . . . . . . . . . . . . . . . . . . . . . . .  19
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  20
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  20
   11. Informative References  . . . . . . . . . . . . . . . . . . .  20
   Appendix A.  Workshop Attendees . . . . . . . . . . . . . . . . .  24
   Appendix B.  Workshop Position Papers . . . . . . . . . . . . . .  26
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  28
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28
        
1. Introduction
1. 介绍

The Internet Architecture Board (IAB) and GSM Association (GSMA) held a joint workshop on Managing Radio Networks in an Encrypted World (MaRNEW), on September 24-25, 2015. This workshop aimed to discuss solutions for bandwidth optimization on mobile networks for encrypted content, as current solutions rely on unencrypted content, which is not indicative of the security needs of today's Internet users.

互联网架构委员会(IAB)和GSM协会(GSMA)于2015年9月24日至25日举办了一次关于在加密世界中管理无线网络的联合研讨会(MaRNEW)。本研讨会旨在讨论针对加密内容的移动网络带宽优化解决方案,因为当前的解决方案依赖于未加密的内容,这并不表示当今互联网用户的安全需求。

Mobile networks have a set of properties that place a large emphasis on sophisticated bandwidth optimization. The use of encryption is increasing on the Internet, which is positive for consumer and business privacy and security. Many existing solutions for mobile bandwidth optimization primarily operate on non-encrypted communications; this can lead to performance issues being amplified on mobile networks. The use of encryption on networks will continue to increase; with this understanding, the workshop aimed to understand how we can solve the issues of bandwidth optimization and performance on radio networks in this encrypted world.

移动网络具有一系列特性,这些特性非常强调复杂的带宽优化。加密技术在互联网上的使用越来越多,这对消费者和企业的隐私和安全都是有利的。许多现有的移动带宽优化解决方案主要用于非加密通信;这可能导致性能问题在移动网络上被放大。网络加密的使用将继续增加;基于这种理解,研讨会旨在了解我们如何在这个加密的世界中解决无线网络的带宽优化和性能问题。

1.1. Understanding "Bandwidth Optimization"
1.1. 理解“带宽优化”

For the purposes of this workshop, bandwidth optimization encompasses a variety of technical topics related to traffic engineering, prioritization, optimization, and efficiency enhancements. It also encompasses user-related topics such as specific subscription or billing models, and it may touch upon regulatory aspects or other issues relating to government-initiated regulatory concerns.

在本次研讨会中,带宽优化包括与流量工程、优先级、优化和效率增强相关的各种技术主题。它还包括与用户相关的主题,如特定的订阅或计费模式,并且可能涉及监管方面或与政府发起的监管问题相关的其他问题。

The first category of bandwidth optimization includes the following:

第一类带宽优化包括以下内容:

o Caching

o 缓存

o Prioritization of interactive traffic over background traffic

o 交互流量优先于后台流量

o Per-user bandwidth limits

o 每用户带宽限制

The second category of bandwidth optimization may depend on one or more of the first category optimization strategies, but may, in particular, also encompass business-related topics such as content delivery arrangements with content providers.

第二类带宽优化可能取决于第一类优化策略中的一个或多个,但具体而言,也可能包括与业务相关的主题,例如与内容提供商的内容交付安排。

Finally, while not strictly speaking of traffic management, some networks employ policy-based filtering (e.g., requested parental controls), and many networks support some form of legal interception functionality per applicable laws.

最后,虽然严格来说不是流量管理,但一些网络采用基于策略的过滤(例如,请求的家长控制),许多网络根据适用法律支持某种形式的合法拦截功能。

Many of these functions can continue as they are performed today, even with increased use of encryption. Others are using methods that inspect parts of the communication that are not encrypted today, but will be encrypted, and these functions will have to be done differently in an increasingly encrypted Internet.

这些功能中的许多可以在今天继续执行,即使加密的使用有所增加。其他人则使用一些方法来检查通信的某些部分,这些部分现在还没有加密,但将被加密。在加密程度越来越高的互联网上,这些功能的实现方式将有所不同。

1.2. Topics
1.2. 话题

The workshop aimed to answer questions that focused on:

研讨会旨在回答以下问题:

o understanding the bandwidth optimization use cases particular to radio networks;

o 了解特定于无线网络的带宽优化用例;

o understanding existing approaches and how these do not work with encrypted traffic;

o 了解现有方法以及这些方法如何不适用于加密流量;

o understanding reasons why the Internet has not standardized support for lawful intercept and why mobile networks have;

o 理解互联网没有标准化支持合法拦截的原因,以及移动网络为什么没有标准化支持合法拦截的原因;

o determining how to match traffic types with bandwidth optimization methods

o 确定如何使用带宽优化方法匹配流量类型

o discussing minimal information to be shared to manage networks but ensure user security and privacy;

o 讨论共享的最小信息,以管理网络,但确保用户安全和隐私;

o developing new bandwidth optimization techniques and protocols within these new constraints;

o 在这些新的约束条件下开发新的带宽优化技术和协议;

o discussing the appropriate network layer(s) for each management function; and

o 讨论每个管理功能的适当网络层;和

o cooperative methods of bandwidth optimization and issues associated with these.

o 带宽优化的合作方法以及与之相关的问题。

The further aim was to gather architectural and engineering guidance on future work in the bandwidth optimization area based on the discussions around the proposed approaches. The workshop also explored possible areas for standardization, e.g., new protocols that can aid bandwidth optimization whilst ensuring that user security is in line with new work in transport-layer protocols.

进一步的目的是根据围绕拟议方法的讨论,收集关于带宽优化领域未来工作的架构和工程指导。研讨会还探讨了可能的标准化领域,例如,可以帮助带宽优化的新协议,同时确保用户安全符合传输层协议中的新工作。

1.3. Organization of This Report
1.3. 本报告的组织

This workshop report summarizes the contributions to and discussions at the workshop, organized by topic. The workshop began with scene-setting topics that covered the issues around deploying encryption, the increased need for privacy on the Internet, and setting a clear understanding that ciphertext should remain unbroken. Later sessions

本研讨会报告总结了按主题组织的研讨会的贡献和讨论。研讨会从场景设置主题开始,这些主题涵盖了部署加密、互联网上对隐私的日益增长的需求以及密文不应被破坏的明确理解。以后的会议

focused on key solution areas; these included evolution on the transport layer and sending data up or down the path. A session on application layers and CDNs aimed to highlight both issues and solutions experienced on the application layer. The workshop ended with a session dedicated to discussing a technical response to regulation with regards to encryption. The contributing documents identified the issues experienced with encryption on radio networks and suggested solutions. Of the solutions suggested, some focused on transport evolution, some on trusted middleboxes, and others on collaborative data exchange. Solutions were discussed within the sessions. All accepted position papers and detailed transcripts of discussion are available at [MARNEW].

重点解决关键问题;这些包括传输层上的进化和沿路径上下发送数据。关于应用层和CDN的会议旨在强调应用层遇到的问题和解决方案。研讨会以专门讨论加密法规技术响应的会议结束。贡献文件确定了无线网络加密方面遇到的问题,并提出了解决方案建议。在建议的解决方案中,有些侧重于传输演进,有些侧重于可信的中间包,还有一些侧重于协作数据交换。会议讨论了解决办法。所有接受的立场文件和详细的讨论记录可在[MARNEW]上查阅。

The outcomes of the workshop are discussed in Sections 7 and 8; they discuss the progress made since the workshop toward each of the identified work items through the time this document was approved for publication.

第7节和第8节讨论了研讨会的成果;他们讨论了自研讨会以来,在本文件批准出版之前,针对每个已确定的工作项目所取得的进展。

Report readers should be reminded that this workshop did not aim to discuss regulation or legislation, although policy topics were mentioned in discussions from time to time.

应提醒报告读者,本次研讨会的目的不是讨论法规或立法,尽管在讨论中不时提到政策主题。

1.4. Use of Note Well and the Chatham House Rule
1.4. 票据井的使用与查塔姆宫规则

The workshop was conducted under the IETF [NOTE_WELL] with the exception of the "Technical Analysis and Response to Potential Regulatory Reaction" session, which was conducted under the [CHATHAM_HOUSE_RULE].

研讨会在IETF[注]下进行,但“潜在监管反应的技术分析和响应”会议除外,该会议根据[查塔姆-豪斯规则]进行。

1.5. IETF and GSMA
1.5. IETF与GSMA

The IETF and GSMA [GSMA] have different working practices, standards, and processes. IETF is an open organization with community-driven standards, with the key aim of functionality and security for the Internet's users, while the GSMA is membership based and serves the needs of its membership base, most of whom are mobile network operators.

IETF和GSMA[GSMA]有不同的工作实践、标准和流程。IETF是一个具有社区驱动标准的开放组织,其主要目标是为互联网用户提供功能和安全,而GSMA是基于成员资格的,并满足其成员基础的需求,其中大多数是移动网络运营商。

Unlike IETF, GSMA makes few standards. Within the telecommunications industry, standards are set in various divergent groups depending on their purpose. Perhaps of most relevance to the bandwidth optimization topic here is the work of the 3rd Generation Partnership Project (3GPP) [SDO_3GPP], which works on radio network and core network standards. 3GPP members include mobile operators and original equipment manufacturers.

与IETF不同,GSMA很少制定标准。在电信行业内,标准根据其目的分为不同的组。也许与带宽优化主题最相关的是第三代合作伙伴计划(3GPP)[SDO_3GPP]的工作,该计划致力于无线网络和核心网络标准。3GPP成员包括移动运营商和原始设备制造商。

One of the 3GPP standards relevant to this workshop is Policy and Charging Control QoS [PCC-QOS]. Traditionally, mobile networks have managed different applications and services based on the resources available and priorities given; for instance, emergency services have a top priority, data has a lower priority, and voice services are somewhere in-between. 3GPP defined the PCC-QoS mechanism to support this functionality, and this depends on unencrypted communications [EffectEncrypt].

与本研讨会相关的3GPP标准之一是策略和计费控制QoS[PCC-QoS]。传统上,移动网络根据可用资源和给定优先级管理不同的应用程序和服务;例如,紧急服务的优先级最高,数据的优先级较低,语音服务介于两者之间。3GPP定义了PCC QoS机制以支持此功能,这取决于未加密通信[EffectEncrypt]。

2. Scene-Setting Sessions
2. 场景设置会议

Scene-setting sessions aimed to bring all attendees up to a basic understanding of the problem and the scope of the workshop.

场景设置会议旨在使所有与会者对问题和研讨会的范围有一个基本的了解。

There were three scene-setting sessions:

共有三个场景设置会议:

o Section 2.1: Scene Setting

o 第2.1节:场景设置

o Section 2.2: Encryption Deployment Considerations

o 第2.2节:加密部署注意事项

o Section 2.3: Awareness of User Choice (Privacy)

o 第2.3节:用户选择意识(隐私)

2.1. Scene Setting
2.1. 场景设置

The telecommunications industry and Internet standards community are extremely different in terms of ethos and practices. Both groups drive technical standards in their domain and build technical solutions with some policy-driven use cases. These technologies, use cases, and technical implementations are different, and the motivators between the two industries are also diverse.

电信行业和互联网标准界在精神和实践方面有着极大的不同。这两个小组都在各自的领域推动技术标准,并利用一些策略驱动的用例构建技术解决方案。这些技术、用例和技术实现是不同的,两个行业之间的激励因素也是不同的。

To ensure all attendees were aligned with contributing to discussions and driving solutions, this "Scene Setting" session worked on generating a clear scope with all attendees involved. In short, it was agreed that 1) ciphertext encrypted by one party and intended to be decrypted by a second party should not be decrypted by a third party in any solution, 2) the Radio Access Network (RAN) does experience issues with increased encrypted traffic, 3) the RAN issues need to be understood precisely, and 4) the goal is to improve user experience on the Internet. Proposing new technical solutions based on presumed future regulation was not in scope. The full scope is given below.

为确保所有与会者都能参与讨论并提出解决方案,本次“场景设置”课程旨在为所有与会者提供清晰的范围。简言之,双方同意1)由一方加密并打算由第二方解密的密文不应由第三方在任何解决方案中解密,2)无线接入网(RAN)确实遇到加密流量增加的问题,3)需要准确理解RAN问题,4)目标是改善互联网上的用户体验。根据假定的未来法规提出新的技术解决方案不在范围之内。下面给出了完整的范围。

2.1.1. Scope
2.1.1. 范围

The attendees identified and agreed to the scope described here.

与会者确定并同意此处描述的范围。

We should do the following:

我们应该做到以下几点:

o in discussion, assume that there is no broken crypto; ciphertext is increasingly common; congestion does need to be controlled (as do other transport issues); and network management, including efficient use of resources in RAN and elsewhere, has to work;

o 在讨论中,假设没有损坏的密码;密文越来越普遍;拥堵确实需要得到控制(其他交通问题也是如此);网络管理,包括有效利用RAN和其他地方的资源,必须发挥作用;

o identify how/why RAN is different for transport, and attempt to understand the complexities of RAN (i.e., how hard it is to manage) and why those complexities matter;

o 确定RAN在传输方面的不同方式/原因,并尝试了解RAN的复杂性(即管理起来有多困难)以及这些复杂性的重要性;

o identify the precise problems caused by increased use of encryption;

o 确定加密使用增加所导致的精确问题;

o identify players (in addition to end users), the resulting tensions, and how ciphertext changes those tensions;

o 确定参与者(除最终用户外)、产生的紧张关系以及密文如何改变这些紧张关系;

o discuss how some solutions will be radically changed by ciphertext (it's ok to talk about that)

o 讨论密文将如何从根本上改变某些解决方案(可以讨论)

o assume that the best possible quality of experience for the end user is a goal; and lastly,

o 假设最终用户的最佳体验质量是一个目标;最后,

o for the next two days, aim to analyze the situation and identify specific achievable tasks that could be tackled in the IETF or GSMA (or elsewhere) and that improve the Internet given the assumptions above.

o 在接下来的两天里,根据上述假设,旨在分析情况并确定可在IETF或GSMA(或其他地方)中解决并改善互联网的具体可实现任务。

We should not delve into the following:

我们不应深入探讨以下问题:

o ways of doing interception, legal or not, for the reasons described in [RFC2804]; and,

o 出于[RFC2804]中所述的原因进行拦截的方式,无论是否合法;和

o unpredictable political actions.

o 不可预测的政治行动。

2.1.2. Encryption Statistics and Radio Access Network Differences
2.1.2. 加密统计数据与无线接入网的差异

According to then-current statistics, attendees were shown that encrypted content reaches around 50% [STATE_BROWSER] [STATE_SERVER]. The IAB is encouraging all IETF working groups to consider the effect encryption being "on by default" will have on new protocol work. The IETF is also working on encryption at lower layers. One recent

根据当时的统计数据,与会者被显示加密内容达到约50%[州浏览器][州服务器]。IAB鼓励所有IETF工作组考虑加密是“默认情况下”对新协议工作的影响。IETF还致力于低层加密。最近的一次

example of this work is opportunistic TCP encryption within the TCP Increased Security [TCPINC] Working Group. The aims of these work items are greater security and privacy for end users and their data.

这项工作的例子是TCP增强安全[TCPINC]工作组内的机会TCP加密。这些工作项的目的是为最终用户及其数据提供更大的安全性和隐私。

Telecommunications networks often contain middleboxes that operators have previously considered to be trusted, but qualifying trust is difficult and should not be assumed. Some interesting use cases exist with these middleboxes, such as anti-spam and malware detection, but these need to be balanced against their ability to open up cracks in the network for attacks such as pervasive monitoring.

电信网络通常包含运营商以前认为值得信任的中间盒,但合格的信任是困难的,不应假设。这些中间包中存在一些有趣的用例,如反垃圾邮件和恶意软件检测,但这些需要与它们在网络中打开漏洞进行攻击(如普及监控)的能力相平衡。

When operators increase the number of radio access network cells (base stations), this can improve the radio access network quality of service; however, it also adds to radio pollution. This is one example of the balancing act required when devising radio access network architecture.

当运营商增加无线接入网小区(基站)数量时,这可以提高无线接入网的服务质量;然而,它也增加了无线电污染。这是设计无线接入网络体系结构时需要采取的平衡措施的一个例子。

2.2. Encryption Deployment Considerations
2.2. 加密部署注意事项

Encryption across the Internet is on the rise. However, some organizations and individuals that are mainly driven by commercial perspectives come across a common set of operational issues when deploying encryption. [RFC8404] explains these network management function impacts, detailing areas around incident monitoring, access control management, and regulation on mobile networks. The data was collected from various Internet players, including system and network administrators across enterprise, governmental organizations, and personal use. The aim of the document is to gain an understanding of what is needed for technical solutions to these issues while maintaining security and privacy for users. Attendees commented that worthwhile additions would be different business environments (e.g., cloud environments) and service chaining. Incident monitoring in particular was noted as a difficult issue to solve given the use of URLs in today's incident monitoring middleware.

互联网上的加密正在兴起。但是,一些主要由商业观点驱动的组织和个人在部署加密时会遇到一组常见的操作问题。[RFC8404]解释了这些网络管理功能的影响,详细说明了事件监控、访问控制管理和移动网络监管方面的内容。这些数据来自不同的互联网参与者,包括企业、政府组织和个人使用的系统和网络管理员。本文件的目的是了解这些问题的技术解决方案需要什么,同时维护用户的安全和隐私。与会者评论说,值得添加的内容包括不同的业务环境(例如,云环境)和服务链。鉴于在当今的事件监控中间件中使用URL,事件监控尤其被认为是一个难以解决的问题。

Some of these impacts to mobile networks can be resolved using different methods, and the [NETWORK_MANAGEMENT] document details these methods. The document focuses heavily on methods to manage network traffic without breaching user privacy and security.

其中一些对移动网络的影响可以使用不同的方法加以解决,[NETWORK_MANAGEMENT]文档详细介绍了这些方法。该文件重点介绍了在不侵犯用户隐私和安全的情况下管理网络流量的方法。

By reviewing encryption deployment issues and the alternative methods of network management, MaRNEW attendees were made aware of the issues that affect radio networks, the deployment issues that are solvable and require no further action, and those issues that have not yet been solved but should be addressed within the workshop.

通过审查加密部署问题和网络管理的替代方法,让新与会者了解影响无线网络的问题、可解决且无需进一步行动的部署问题,以及尚未解决但应在研讨会中解决的问题。

2.3. Awareness of User Choice (Privacy)
2.3. 用户选择意识(隐私)

Some solutions intended to improve delivery of encrypted content could affect some or all of the privacy benefits that encryption provides. Understanding user needs and desires for privacy is therefore important when designing these solutions.

一些旨在改进加密内容交付的解决方案可能会影响加密提供的部分或全部隐私好处。因此,在设计这些解决方案时,了解用户对隐私的需求和愿望非常重要。

From a then-current study [Pew2014], 64% of users said concerns over privacy have increased, and 67% of mobile Internet users would like to do more to protect their privacy. The World Wide Web Consortium (W3C) and IETF have both responded to user desires for better privacy by recommending encryption for new protocols and web technologies. Within the W3C, new security standards are emerging, and the design principles for HTML maintain that users are the stakeholders with the highest priority, followed by implementors and other stakeholders, which further enforces the "user first" principle. Users also have certain security expectations from particular contexts and sometimes use new technologies to further protect their privacy, even if those technologies weren't initially developed for that purpose.

根据当时的一项研究[Pew2014],64%的用户表示对隐私的担忧有所增加,67%的移动互联网用户希望做更多的事情来保护他们的隐私。万维网联盟(W3C)和IETF都通过推荐新协议和网络技术的加密来满足用户对更好隐私的需求。在W3C内部,新的安全标准正在出现,HTML的设计原则认为用户是优先级最高的利益相关者,其次是实施者和其他利益相关者,这进一步强化了“用户优先”原则。用户对特定环境也有一定的安全期望,有时使用新技术来进一步保护他们的隐私,即使这些技术最初不是为此目的开发的。

Operators may deploy technologies that can either impact user privacy without being aware of those privacy implications or incorrectly assume that the benefits users gain from the new technology outweigh the loss of privacy. If these technologies are necessary, they should be opt in.

运营商可能部署影响用户隐私的技术,而不知道这些隐私影响,或者错误地认为用户从新技术中获得的好处大于失去的隐私。如果这些技术是必要的,他们应该选择加入。

Internet stakeholders should understand the priority of other stakeholders. Users should be considered the first priority. Other stakeholders include implementors, developers, advertisers, operators, and other ISPs. Some technologies, such as cookie use and JavaScript injection, have been abused by these parties. This has caused some developers to encrypt content to circumvent these technologies that are seen as intrusive or bad for user privacy.

互联网利益相关者应了解其他利益相关者的优先权。用户应被视为第一优先事项。其他利益相关者包括实施者、开发者、广告商、运营商和其他ISP。一些技术,如cookie使用和JavaScript注入,已经被这些方滥用。这导致一些开发人员对内容进行加密,以规避这些被视为侵入性或不利于用户隐私的技术。

If users and content providers are to opt in to network management services with negative privacy impacts, they should see clear value from using these services and understand the impacts of using these services. Users should also have easy abilities to opt out. Some users will always automatically click through consent requests, so any model relying on explicit consent is flawed for these users. Understanding the extent of "auto click-through" may improve decisions about the use of consent requests in the future. One model (Cooperative Traffic Management) works as an agent of the user; by opting in, metadata can be shared. Issues with this involve trust only being applied at endpoints.

如果用户和内容提供商选择使用对隐私有负面影响的网络管理服务,他们应该看到使用这些服务的明确价值,并了解使用这些服务的影响。用户还应该具有选择退出的简单功能。一些用户总是会自动点击同意请求,因此任何依赖于明确同意的模式对这些用户来说都是有缺陷的。了解“自动点击”的范围可能会改进未来使用同意请求的决策。一个模型(协作流量管理)作为用户的代理工作;通过选择in,可以共享元数据。这方面的问题涉及仅在端点应用信任。

3. Network or Transport Solution Sessions
3. 网络或传输解决方案会话

Network or Transport Solution Sessions discussed proposed solutions for managing encrypted traffic on radio access networks. Most solutions focus on metadata sharing, whether this sharing takes place from the endpoint to the network, from the network to the endpoint, or cooperatively in both directions. Transport-layer protocol evolution could be another approach to solve some of the issues radio access networks experience, which cause them to rely on network management middleboxes. By removing problems at the transport layer, reliance on expensive and complex middleboxes could decrease.

网络或传输解决方案会议讨论了在无线接入网络上管理加密流量的拟议解决方案。大多数解决方案侧重于元数据共享,无论这种共享是从端点到网络、从网络到端点,还是在两个方向上协同进行。传输层协议演进可能是解决无线接入网络所遇到的一些问题的另一种方法,这些问题导致无线接入网络依赖于网络管理中间件。通过消除传输层的问题,可以减少对昂贵而复杂的中间盒的依赖。

3.1. Sending Data Up/Down for Network Management Benefits
3.1. 向上/向下发送数据以实现网络管理优势

Collaboration between network elements and endpoints could bring about better content distribution. A number of suggestions were given; these included the following:

网络元素和端点之间的协作可以带来更好的内容分发。提出了若干建议;这些措施包括:

o Mobile Throughput Guidance [MTG]: exchanges metadata between network elements and endpoints via TCP options. It also allows for better understanding of how the transport protocol behaves and further improves the user experience, although additional work on MTG is still required.

o 移动吞吐量指南[MTG]:通过TCP选项在网络元素和端点之间交换元数据。它还允许更好地理解传输协议的行为,并进一步改善用户体验,尽管仍需要对MTG进行额外的工作。

o Session Protocol for User Datagrams [SPUD]: a UDP-based encapsulation protocol to allow explicit cooperation with middleboxes while using, new encrypted transport protocols.

o 用户数据报会话协议[SPUD]:一种基于UDP的封装协议,允许在使用新的加密传输协议时与中间盒进行显式协作。

o Network Status API: an API for operators to share congestion status or the state of a cell before an application starts sending data that could allow applications to change their behavior.

o 网络状态API:在应用程序开始发送允许应用程序更改其行为的数据之前,操作员共享拥塞状态或单元状态的API。

o Traffic Classification: classifying traffic and adding these classifications as metadata for analysis throughout the network. This idea has trust and privacy implications.

o 流量分类:对流量进行分类,并将这些分类添加为元数据,以便在整个网络中进行分析。这一想法涉及到信任和隐私。

o Congestion Exposure [CONEX]: a mechanism where senders inform the network about the congestion encountered by previous packets on the same flow, in-band at the IP layer.

o 拥塞暴露[CONEX]:一种机制,发送方在IP层的带内将同一流上的前一个数据包遇到的拥塞通知网络。

o Latency versus Bandwidth: a bit that allows the content provider to indicate whether higher bandwidth or lower latency is of greater priority and allows the network to react based on that indication. Where this bit resides in the protocol stack and how it is authenticated would need to be decided.

o 延迟与带宽:允许内容提供商指示更高带宽或更低延迟是否具有更高优先级的位,并允许网络根据该指示作出反应。需要确定该位在协议栈中的位置以及如何对其进行身份验证。

o No Network Management Tools: disabling all network management tools from the network and relying only on end-to-end protocols to manage congestion.

o 无网络管理工具:禁用网络中的所有网络管理工具,仅依靠端到端协议来管理拥塞。

o Flow Queue Controlled Delay (FQ-CoDel) [FLOWQUEUE]: a hybrid packet scheduler / Active Queue Management (AQM) [RFC7567] algorithm aiming to reduce bufferbloat and latency. FQ-CoDel manages packets from multiple flows and reduces the impact of head-of-line blocking from bursty traffic.

o 流队列控制延迟(FQ CoDel)[FLOWQUEUE]:一种混合数据包调度器/主动队列管理(AQM)[RFC7567]算法,旨在减少缓冲区膨胀和延迟。FQ CoDel管理来自多个流的数据包,并减少突发流量造成的线端阻塞的影响。

Some of these suggestions rely on signaling from network elements to endpoints. Others aim to create "hop-by-hop" solutions, which could be more aligned with how congestion is managed today but with greater privacy implications.

其中一些建议依赖于从网络元素到端点的信令。其他人的目标是创建“一跳一跳”的解决方案,该解决方案可以更符合当今的拥塞管理方式,但对隐私的影响更大。

Still others rely on signaling from endpoints to network elements. Some of these rely on implicit signaling and others on explicit signaling. Some workshop attendees agreed that relying on applications to explicitly declare the quality of service they require was not a good path forward given the lack of success with this model in the past.

还有一些依赖于从端点到网络元素的信令。其中一些依赖于隐式信号,另一些依赖于显式信号。一些研讨会与会者一致认为,鉴于过去这种模式缺乏成功,依靠应用程序明确声明他们所需的服务质量不是一条好的前进道路。

3.1.1. Competition, Cooperation, and Mobile Network Complexities
3.1.1. 竞争、合作和移动网络复杂性

One of the larger issues in sharing data about the problems encountered with encrypted traffic in wireless networks is the matter of competition; network operators are reluctant to relinquish data about their own networks because it contains information that is valuable to competitors, and application providers wish to protect their users and reveal as little information as possible to the network. Some people think that if middleboxes were authenticated and invoked explicitly, this would be an improvement over current transparent middleboxes that intercept traffic without endpoint consent. Some workshop attendees suggested any exchange of information should be bidirectional in an effort to improve cooperation between the elements. A robust incentive framework could provide a solution to these issues or at least help mitigate them.

在共享有关无线网络中加密通信遇到的问题的数据时,一个更大的问题是竞争问题;网络运营商不愿意放弃自己网络的数据,因为其中包含对竞争对手有价值的信息,而应用程序提供商希望保护其用户,并尽可能少地向网络透露信息。一些人认为,如果对中间盒进行身份验证并显式调用,这将是对当前在未经端点同意的情况下拦截流量的透明中间盒的改进。一些研讨会与会者建议,任何信息交流都应该是双向的,以改善各要素之间的合作。一个强有力的激励框架可以为这些问题提供解决方案,或者至少有助于缓解这些问题。

The radio access network is complex because it must deal with a number of conflicting demands. Base stations reflect this environment, and information within these base stations can be of value to other entities on the path. Some workshop participants thought solutions for managing congestion on radio networks should involve the base station if possible. For instance, understanding how the radio resource controller and AQM [RFC7567] interact (or don't interact) could provide valuable information for solving

无线接入网是复杂的,因为它必须处理许多相互冲突的需求。基站反映了这种环境,这些基站内的信息对路径上的其他实体可能有价值。一些研讨会参与者认为,如果可能的话,管理无线网络拥塞的解决方案应该包括基站。例如,了解无线资源控制器和AQM[RFC7567]如何交互(或不交互)可以为解决问题提供有价值的信息

issues. Although many workshop attendees agreed that even though there is a need to understand the base station, not all agreed that the base station should be part of a future solution.

问题。尽管许多研讨会参与者都同意,尽管需要了解基站,但并非所有人都同意基站应该是未来解决方案的一部分。

Some suggested solutions were based on network categorization and on providing this information to the protocols or endpoints. Completely categorizing radio networks could be impossible due to their complexity, but categorizing essential network properties could be possible and valuable.

一些建议的解决方案基于网络分类以及向协议或端点提供这些信息。由于无线网络的复杂性,完全对其进行分类是不可能的,但对基本网络属性进行分类是可能的,也是有价值的。

4. Transport Layer: Issues, Optimization, and Solutions
4. 传输层:问题、优化和解决方案

TCP has been the dominant transport protocol since TCP/IP replaced the Network Control Protocol (NCP) on the ARPANET in March 1983. TCP was originally devised to work on a specific network model that did not anticipate the high error rates and highly variable available bandwidth scenarios experienced on modern radio access networks.

自从1983年3月TCP/IP取代ARPANET上的网络控制协议(NCP)以来,TCP一直是主要的传输协议。TCP最初设计用于一种特定的网络模型,这种网络模型没有预见到现代无线接入网络上出现的高错误率和高度可变的可用带宽情况。

Furthermore, new network elements have been introduced (NATs and network devices with large buffers creating bufferbloat), and considerable peer-to-peer traffic is competing with traditional client-server traffic. Consequently, the transport layer today has requirements beyond what TCP was designed to meet. TCP has other issues as well; too many services rely on TCP and only TCP, blocking deployment of new transport protocols like the Stream Control Transmission Protocol (SCTP) and Datagram Congestion Control Protocol (DCCP). This means that true innovation on the transport layer becomes difficult because deployment issues are more complicated than just building a new protocol.

此外,还引入了新的网络元素(NAT和具有大缓冲区的网络设备创建了bufferbloat),大量的对等通信量正在与传统的客户机-服务器通信量竞争。因此,今天的传输层的需求超出了TCP的设计目的。TCP还有其他问题;太多的服务依赖于TCP且仅依赖于TCP,从而阻碍了新传输协议(如流控制传输协议(SCTP)和数据报拥塞控制协议(DCCP))的部署。这意味着传输层的真正创新变得困难,因为部署问题比构建新协议更复杂。

The IETF is trying to solve these issues through the IAB's IP Stack Evolution program, and the first step in this program is to collect data. Network and content providers can provide data including: the cost of encryption, the advantages of network management tools, the deployment of protocols, and the effects when network management tools are disabled. For mostly competitive reasons, network operators do not tend to reveal network information and so are unlikely to donate this information freely to the IETF. The GSMA is in a position to try to collect this data and anonymize it before bringing it to IETF, which should alleviate the network operator worries but still provide IETF with some usable data.

IETF正试图通过IAB的IP堆栈演进计划来解决这些问题,该计划的第一步是收集数据。网络和内容提供商可以提供以下数据:加密成本、网络管理工具的优势、协议的部署以及禁用网络管理工具时的效果。出于主要竞争原因,网络运营商不愿意透露网络信息,因此不太可能将这些信息免费提供给IETF。GSMA可以尝试收集这些数据,并在将其提交给IETF之前对其进行匿名化,这将缓解网络运营商的担忧,但仍为IETF提供一些可用数据。

Although congestion is only detected when packet loss is encountered and better methods based on detecting congestion would be beneficial, a considerable amount of work has already been done on TCP, especially innovation in bandwidth management and congestion control.

虽然只有在遇到数据包丢失时才会检测到拥塞,并且基于检测拥塞的更好方法将是有益的,但是在TCP方面已经做了大量的工作,特别是在带宽管理和拥塞控制方面的创新。

Furthermore, although the deficiencies of TCP are often considered key issues in the evolution of the Internet protocol stack, the main route to resolve these issues may not be a new TCP, but an evolved stack. Some workshop participants suggested that SPUD [SPUD] and Information-Centric Networking (ICN) [RFC7476] may help here. Quick UDP Internet Connection [QUIC] engineers stated that the problems solved by QUIC are general problems, rather than TCP issues. This view was not shared by all attendees of the workshop. Moreover, TCP has had some improvements in the last few years, which may mean some of the network lower layers should be investigated to see whether improvements can be made.

此外,尽管TCP的缺陷通常被认为是Internet协议栈演进过程中的关键问题,但解决这些问题的主要途径可能不是新的TCP,而是演进的协议栈。一些研讨会参与者建议,SPUD[SPUD]和以信息为中心的网络(ICN)[RFC7476]可能在这方面有所帮助。快速UDP互联网连接[QUIC]工程师表示,QUIC解决的问题是一般问题,而不是TCP问题。研讨会的所有与会者未共享此视图。此外,TCP在过去几年中有了一些改进,这可能意味着应该调查一些网络较低层,看看是否可以进行改进。

5. Application-Layer Optimization, Caching, and CDNs
5. 应用层优化、缓存和CDN

Many discussions on the effects of encrypted traffic on radio access networks happen between implementers and the network operators. This session aimed to gather the opinions of the content and caching providers regarding their experiences running over mobile networks, the quality of experience their users expect, and the content and caching that providers would like to achieve by working with or using the mobile network.

关于加密流量对无线接入网络的影响的许多讨论发生在实施者和网络运营商之间。本次会议旨在收集内容和缓存提供商对其在移动网络上运行的体验、用户期望的体验质量以及提供商希望通过使用移动网络实现的内容和缓存的意见。

Content providers explained how even though this workshop cited encrypted data over radio access networks as the main issue, the real issue is network management generally, and all actors (applications providers, networks, and devices) need to work together to overcome these general network management issues. Content providers explained how they assume the mobile networks are standards compliant. When the network is not standards compliant (e.g., using non-standards-compliant intermediaries), content providers can experience real costs as users contact their support centers to report issues that are difficult to test for and resolve.

内容提供商解释了尽管本次研讨会将无线接入网络上的加密数据列为主要问题,但真正的问题通常是网络管理,所有参与者(应用程序提供商、网络和设备)都需要共同努力克服这些一般网络管理问题。内容提供商解释了他们如何假设移动网络符合标准。当网络不符合标准(例如,使用不符合标准的中介机构)时,当用户联系其支持中心报告难以测试和解决的问题时,内容提供商可能会经历实际成本。

Content providers cited other common issues concerning data traffic over mobile networks. Data subscription limits (known as "caps") cause issues for users; users are confused about how data caps work or are unsure how expensive media is and how much data it consumes. Developers build products on networks not indicative of the networks their customers are using, and not every organization has the finances to build a caching infrastructure.

内容提供商列举了其他有关移动网络数据流量的常见问题。数据订阅限制(称为“上限”)会给用户带来问题;用户对数据上限的工作原理感到困惑,或者不确定媒体的价格和消耗的数据量。开发人员在网络上构建的产品并不表示其客户正在使用的网络,而且并非每个组织都有资金构建缓存基础设施。

Strongly related to content providers, content owners consider CDNs to be trusted deliverers of content, and CDNs have shown great success in fixed networks. Now that more traffic is moving to mobile networks, there is a need to place caches near the user at the edge of the mobile network. Placing caches at the edge of the mobile network is a solution, but it requires standards developed by content providers and mobile network operators. The IETF's CDN

内容提供商与内容提供商密切相关,内容所有者认为CDNs是内容的可信交付者,而CDN在固定网络中显示出巨大的成功。现在越来越多的流量流向移动网络,需要在移动网络边缘的用户附近放置缓存。在移动网络边缘放置缓存是一种解决方案,但需要内容提供商和移动网络运营商制定标准。IETF的CDN

Interconnection [CDNI] Working Group aims to allow global CDNs to interoperate with mobile CDNs, but this causes huge issues for the caching of encrypted data between these CDNs. Some CDNs are experimenting with approaches like "Keyless SSL" [KeylessSSL] to enable safer storage of content without passing private keys to the CDN. Blind Caching [BLIND_CACHING] is another proposal aimed at caching encrypted content closer to the user and managing the authentication at the original content provider servers.

互联[CDNI]工作组的目标是允许全球CDN与移动CDN互操作,但这会给这些CDN之间的加密数据缓存带来巨大问题。一些CDN正在试验“无密钥SSL”[KeyleSSSL]等方法,以实现更安全的内容存储,而无需向CDN传递私钥。盲缓存[Blind_Caching]是另一个旨在缓存更靠近用户的加密内容并在原始内容提供商服务器上管理身份验证的方案。

At the end of the session, each panelist was asked to identify one key collaborative work item. Work items named were: evolving to cache encrypted content, using one bit for latency / bandwidth trade-off (explained below), better collaboration between the network and application, better metrics to aid troubleshooting and innovation, and indications from the network to allow the application to adapt.

在会议结束时,要求每位小组成员确定一个关键的协作工作项目。命名的工作项包括:发展到缓存加密内容,使用一位进行延迟/带宽权衡(如下所述),网络和应用程序之间更好的协作,更好的指标以帮助故障排除和创新,以及来自网络的指示以允许应用程序适应。

6. Technical Analysis and Response to Potential Regulatory Reaction
6. 技术分析和对潜在监管反应的回应

This session was conducted under the Chatham House Rule. The session aimed to discuss regulatory and political issues, but not their worth or need, and to understand the laws that exist and how technologists can properly respond to them.

这次会议是在查塔姆大厦规则下进行的。本次会议旨在讨论监管和政治问题,但不是它们的价值或需要,并了解现有法律以及技术专家如何正确应对这些法律。

Mobile networks are regulated; compliance is mandatory and can incur costs on the mobile network operator, while non-compliance can result in service license revocation in some nations. Regulation does vary geographically. Some regulations are court orders and others are self-imposed regulations, for example, "block lists" of websites such as the Internet Watch Foundation [IWF] list. Operators are not expected to decrypt sites, so those encrypted sites will not be blocked because of content.

移动网络受到监管;合规是强制性的,可能会给移动网络运营商带来成本,而在某些国家,不合规可能导致服务许可证被吊销。监管在地域上确实有所不同。有些法规是法院命令,有些则是自我规定的规则,例如“互联网观察基金会[IWF]名单”之类的网站的“阻止名单”。运营商不需要解密站点,因此这些加密的站点不会因为内容而被阻止。

Parental-control-type filters also exist on the network and are easily bypassed today, vastly limiting their effectiveness. Better solutions would allow for users to easily set these restrictions themselves. Other regulations are also hard to meet, such as user data patterns, or will become harder to collect, such as Internet of Things (IoT) cases. Most attendees agreed that if a government cannot get information it needs (and is legally entitled to have) from network operators, they will approach content providers. Some governments are aware of the impact of encryption and are working with, or trying to work with, content providers. The IAB has concluded that blocking and filtering can be done at the endpoints of the communication.

家长控制型过滤器也存在于网络上,目前很容易被绕过,极大地限制了其有效性。更好的解决方案将允许用户自己轻松设置这些限制。其他法规也很难满足,如用户数据模式,或将变得更难收集,如物联网(IoT)案例。大多数与会者一致认为,如果政府无法从网络运营商处获得其所需(并且在法律上有权获得)的信息,他们将与内容提供商接洽。一些政府意识到加密的影响,正在与或试图与内容提供商合作。IAB得出结论,可以在通信的端点进行阻塞和过滤。

Not all of these regulations apply to the Internet, and the Internet community is not always aware of their existence. Collectively, the Internet community can work with GSMA and 3GPP and act together to alleviate the risk imposed by encrypted traffic. Some participants expressed concern that governments might require operators to provide information that they no longer have the ability to provide because previously unencrypted traffic is now being encrypted, and this might expose operators to new liability, but no specific examples were given during the workshop. A suggestion from some attendees was that if any new technical solutions are necessary, they should easily be "switched off".

并非所有这些规定都适用于互联网,互联网社区也并非总是意识到它们的存在。作为一个整体,互联网社区可以与GSMA和3GPP合作,共同减轻加密流量带来的风险。一些与会者表示关切的是,政府可能会要求运营商提供他们不再有能力提供的信息,因为以前未加密的流量现在正在加密,这可能使运营商承担新的责任,但研讨会期间没有给出具体的例子。一些与会者建议,如果需要任何新的技术解决方案,应该很容易“关闭”。

Some mobile network operators are producing transparency reports covering regulations including lawful intercept. Operators who have done this already are encouraging others to do the same.

一些移动网络运营商正在制作包括合法拦截在内的监管透明度报告。已经这样做的运营商正在鼓励其他运营商也这样做。

7. Suggested Principles and Solutions
7. 建议的原则和解决办法

Based on the talks and discussions throughout the workshop, a set of suggested principles and solutions has been collected. This is not an exhaustive list, and no attempt was made to come to consensus during the workshop, so there are likely at least some participants who would not agree with any particular principle listed below. The list is a union of participant thinking, not an intersection.

根据整个研讨会的会谈和讨论,收集了一套建议的原则和解决方案。这不是一份详尽的清单,在研讨会期间也没有试图达成共识,因此可能至少有一些与会者不同意下面列出的任何特定原则。列表是参与者思维的结合,而不是交叉点。

o Encrypted Traffic: Any solution should encourage and support encrypted traffic.

o 加密流量:任何解决方案都应该鼓励并支持加密流量。

o Flexibility: Radio access network qualities vary vastly, and the network needs of content can differ significantly, so any new solution should be flexible across either the network type, content type, or both.

o 灵活性:无线接入网络的质量差异很大,而且内容的网络需求可能会有很大差异,因此任何新的解决方案都应该在网络类型、内容类型或两者之间具有灵活性。

o Privacy: New solutions should not introduce new ways for information to be discovered and attributed to individual users.

o 隐私:新的解决方案不应引入新的方式来发现信息并将其归于个人用户。

o Minimum data only for collaborative work: User data, application data, and network data all need protection, so new solutions should use minimal information to make a working solution.

o 仅用于协作工作的最少数据:用户数据、应用程序数据和网络数据都需要保护,因此新的解决方案应使用最少的信息来制定有效的解决方案。

A collection of solutions suggested by various participants during the workshop is given below. Inclusion in this list does not imply that other workshop participants agreed. Again, the list is a union of proposed solutions, not an intersection.

以下是各与会者在研讨会期间提出的一系列解决方案。列入本清单并不意味着其他研讨会参与者同意。同样,该列表是建议解决方案的联合,而不是交叉点。

o Evolving TCP or evolution on the transport layer: This could take a number of forms, and some of this work is already underway within the IETF.

o 演进TCP或传输层上的演进:这可能有多种形式,其中一些工作已经在IETF中进行。

o Congestion Control: Many attendees cited congestion control as a key issue. Further analysis, investigation, and work could be done in this space.

o 拥塞控制:许多与会者认为拥塞控制是一个关键问题。可以在这个空间进行进一步的分析、调查和工作。

o Sprout [SPROUT]: Researched at MIT, Sprout is a transport protocol for applications that desire high throughput and low delay.

o Sprout[Sprout]:麻省理工学院研究的Sprout是一种传输协议,适用于需要高吞吐量和低延迟的应用程序。

o PCC [PCC]: Performance-oriented Congestion Control is a new architecture that aims for consistent high performance, even in challenging scenarios. PCC endpoints observe the connection between their actions and their known performance, which allows them to adapt their actions.

o PCC[PCC]:面向性能的拥塞控制是一种新的体系结构,旨在实现一致的高性能,即使在具有挑战性的场景中也是如此。PCC端点观察其操作与其已知性能之间的连接,这允许它们调整其操作。

o CDNs and Caches: This suggests that placing caches closer to the edge of the radio network, as close as possible to the mobile user, or making more intelligent CDNs, would result in faster content delivery and less strain on the network.

o CDN和缓存:这表明,将缓存放在靠近无线网络边缘、尽可能靠近移动用户的位置,或制作更智能的CDN,将加快内容交付,减少网络压力。

o Blind Caching [BLIND_CACHING]: This is a proposal for caching of encrypted content.

o 盲缓存[盲缓存]:这是一个用于缓存加密内容的方案。

o CDN Improvements: This includes Keyless SSL and better CDN placement.

o CDN改进:这包括无密钥SSL和更好的CDN布局。

o Mobile Throughput Guidance [MTG]: This is a mechanism and protocol elements that allow the cellular network to provide near real-time information on capacity available to the TCP server.

o 移动吞吐量指南[MTG]:这是一种机制和协议元素,允许蜂窝网络提供有关TCP服务器可用容量的近实时信息。

o One Bit for Latency / Bandwidth Trade-Off: This suggests determining whether using a single bit in an unencrypted transport header to distinguish between traffic that the sender prefers to be queued and traffic that the sender would prefer to drop rather than delay provides additional benefits beyond what can be achieved without this signaling.

o 一位用于延迟/带宽权衡:这建议确定在未加密的传输报头中使用单个位来区分发送方希望排队的通信量和发送方希望丢弃而不是延迟的通信量是否提供了超出无此信令所能实现的额外好处。

o Base Station: Some suggestions involved using the base station, but this was not defined in detail. The base station holds the radio resource controller and scheduler, which could provide a place to host solutions, or data from the base station could help in devising new solutions.

o 基站:一些建议涉及使用基站,但没有详细定义。基站拥有无线电资源控制器和调度器,可以提供一个托管解决方案的位置,或者来自基站的数据可以帮助设计新的解决方案。

o Identify Traffic Types via 5-Tuple: Information from the 5-tuple could provide understanding of the traffic type, and network management appropriate for that traffic type could then be applied.

o 通过5元组识别流量类型:来自5元组的信息可以提供对流量类型的理解,然后可以应用适合该流量类型的网络管理。

o Heuristics: Networks can sometimes identify traffic types by observing characteristics, such as data flow rate, and then apply network management to these identified flows. This is not recommended, as categorizations can be incorrect.

o 启发式:网络有时可以通过观察数据流量等特征来识别流量类型,然后对这些已识别的流量应用网络管理。不建议这样做,因为分类可能不正确。

o APIs: An API for operators to share congestion status or the state of a cell before an application starts sending data could allow applications to change their behavior. Alternatively, an API could provide the network with information on the data type, allowing appropriate network management for that data type; however, this method exposes privacy issues.

o API:在应用程序开始发送数据之前,操作员共享拥塞状态或单元状态的API可允许应用程序更改其行为。或者,API可以向网络提供关于数据类型的信息,从而允许对该数据类型进行适当的网络管理;但是,此方法会暴露隐私问题。

o Standard approach for the operator to offer services to Content Providers: Mobile network operators could provide caching services or other services for content providers to use for faster and smoother content delivery.

o 运营商向内容提供商提供服务的标准方法:移动网络运营商可以为内容提供商提供缓存服务或其他服务,以实现更快、更流畅的内容交付。

o AQM [RFC7567] and ECN [RFC3168] deployments: Queuing and congestion management methods have existed for some time in the form of AQM, ECN, and others, which can help the transport and Internet protocol layers adapt to congestion faster.

o AQM[RFC7567]和ECN[RFC3168]部署:队列和拥塞管理方法已经以AQM、ECN等形式存在了一段时间,可以帮助传输层和Internet协议层更快地适应拥塞。

o Trust Model or Trust Framework: Some solutions in this area (e.g., SPUD) have a reliance on trust when content providers or the network are being asked to add classifiers to their traffic.

o 信任模型或信任框架:当要求内容提供商或网络向其流量添加分类器时,该领域的一些解决方案(例如SPUD)依赖于信任。

o Keyless SSL [KeylessSSL]: This allows content providers to maintain their private keys on a key server and host the content elsewhere (e.g., on a CDN). This could become standardized in the IETF. [LURK]

o 无密钥SSL[无密钥SSL]:这允许内容提供商在密钥服务器上维护其私钥,并将内容托管在其他位置(例如,在CDN上)。这可以在IETF中标准化。[潜伏]

o Meaningful capacity sharing: This includes the ConEx [CONEX] work, which exposes information about congestion to the network nodes.

o 有意义的容量共享:这包括ConEx[ConEx]工作,它向网络节点公开有关拥塞的信息。

o Hop-by-hop: Some suggestions offer hop-by-hop methods that allow nodes to adapt flow given the qualities of the networks around them and the congestion they are experiencing.

o 逐跳:一些建议提供逐跳方法,允许节点根据其周围网络的质量和所经历的拥塞来适应流量。

o Metrics and metric standards: In order to evolve current protocols to be best suited to today's networks, data is needed about current network conditions, protocol deployments, packet traces, and middlebox behavior. Beyond this, proper testing and debugging on networks could provide great insight for stack evolution.

o 度量和度量标准:为了发展最适合当今网络的当前协议,需要有关当前网络状况、协议部署、数据包跟踪和中间盒行为的数据。除此之外,在网络上进行适当的测试和调试可以为堆栈演化提供很好的洞察力。

o 5G: Mobile operator standards bodies are in the process of setting the requirements for 5G. Requirements for network management could be added.

o 5G:移动运营商标准机构正在制定5G的要求。可以增加对网络管理的要求。

In the workshop, attendees identified other areas where greater understanding could help the standards process. These were identified as:

在研讨会上,与会者确定了更多理解有助于标准过程的其他领域。这些被确定为:

o greater understanding of the RAN within the IETF;

o 更好地理解IETF中的RAN;

o reviews and comments on 3GPP perspective; and,

o 对3GPP前景的审查和评论;和

o how to do congestion control in the RAN.

o 如何在RAN中进行拥塞控制。

7.1. Better Collaboration
7.1. 更好的合作

Throughout the workshop, attendees placed emphasis on the need for better collaboration between the IETF and telecommunications bodies and organizations. The workshop was one such way to achieve this, but the good work and relationships built in the workshop should continue so the two groups can work on solutions that are better for both technologies and users.

在整个研讨会期间,与会者强调IETF与电信机构和组织之间需要更好的合作。研讨会是实现这一目标的一种方式,但研讨会中建立的良好工作和关系应该继续下去,以便两个小组能够制定对技术和用户都更有利的解决方案。

8. Since MaRNEW
8. 自从MaRNEW

Since MaRNEW, a number of activities have taken place in various IETF working groups and in groups external to IETF. The Alternatives to Content Classification for Operator Resource Deployment (ACCORD) BoF was held at IETF 95 in November 2015, which brought the workshop discussion to the wider IETF audiences by providing an account of the discussions that had taken place within the workshop and highlighting key areas to progress on. Key areas to progress on and an update on their current status are as follows:

自MaRNEW以来,在IETF的各个工作组和IETF之外的小组中开展了许多活动。2015年11月,在IETF 95上举行了运营商资源部署内容分类(ACCORD)BoF的替代方案会议,通过介绍研讨会内进行的讨论并强调需要改进的关键领域,将研讨会讨论带到了更广泛的IETF受众中。需要取得进展的关键领域及其当前状态的更新如下:

o The collection of usable metrics and data were requested by a number of MaRNEW attendees, especially for use within the IRTF Measurement and Analysis for Protocols (MAP) Research Group; this data has been difficult to collect due to the closed nature of mobile network operators.

o 许多新与会者要求收集可用的指标和数据,特别是用于IRTF协议测量和分析(MAP)研究小组;由于移动网络运营商的封闭性,这些数据一直难以收集。

o Understanding impediments to protocol stack evolution has continued within the IAB's IP Stack Evolution program and throughout transport-related IETF working groups such as the Transport Area Working Group (TSVWG).

o 在IAB的IP堆栈演进计划中,以及整个与传输相关的IETF工作组(如传输区工作组(TSVWG))中,对协议堆栈演进障碍的理解一直在继续。

o The Mobile Throughput Guidance document [MTG] has entered into a testing and data collection phase, although further advancements in transport technologies (QUIC, among others) may have stalled efforts in TCP-related proposals.

o 移动吞吐量指导文件[MTG]已进入测试和数据收集阶段,尽管传输技术(QUIC等)的进一步进步可能会阻碍TCP相关提案的努力。

o Work on proposals for caching encrypted content continue, albeit with some security flaws that proponents are working on further proposals to fix. Most often, these are discussed within the IETF HTTPbis Working Group.

o 关于缓存加密内容的建议仍在继续,尽管存在一些安全缺陷,支持者正在制定进一步的建议来修复这些缺陷。这些问题通常在IETF HTTPbis工作组内讨论。

o The Path Layer UDP Substrate (PLUS) BOF at IETF 96 in July 2016 did not result in the formation of a working group, as attendees expressed concern on the privacy issues associated with the proposed data-sharing possibilities of the shim layer.

o 2016年7月IETF 96上的路径层UDP基板(PLUS)BOF并未形成工作组,因为与会者对与垫片层拟议数据共享可能性相关的隐私问题表示关注。

o The Limited Use of Remote Keys (LURK) BOF at IETF 96 in July 2016 did not result in the formation of a working group because the BOF identified more problems with the presumed approach than anticipated.

o 2016年7月在IETF 96上有限使用远程钥匙(潜伏)BOF并没有导致成立工作组,因为BOF发现了比预期更多的假定方法问题。

The most rewarding output of MaRNEW is perhaps the most intangible. MaRNEW gave two rather divergent industry groups the opportunity to connect and discuss common technologies and issues affecting users and operations. Mobile network providers and key Internet engineers and experts have developed a greater collaborative relationship to aid development of further standards that work across networks in a secure manner.

MaRNEW最有价值的成果也许是最无形的。MaRNEW为两个截然不同的行业团体提供了联系和讨论影响用户和运营的常见技术和问题的机会。移动网络提供商和关键互联网工程师和专家建立了更紧密的合作关系,以帮助制定进一步的标准,从而以安全的方式跨网络工作。

9. Security Considerations
9. 安全考虑

This document is an IAB report from a workshop on interactions between network security, especially privacy, and network performance.

本文档是一份IAB报告,来自网络安全(尤其是隐私)与网络性能之间的交互研讨会。

It does not affect the security of the Internet, taken on its own.

它不会影响互联网本身的安全性。

10. IANA Considerations
10. IANA考虑

This document has no IANA actions.

本文档没有IANA操作。

11. Informative References
11. 资料性引用

[BLIND_CACHING] Thomson, M., Eriksson, G., and C. Holmberg, "Caching Secure HTTP Content using Blind Caches", Work in Progress, draft-thomson-http-bc-01, October 2016.

[BLIND_CACHING]Thomson,M.,Eriksson,G.,和C.Holmberg,“使用盲缓存缓存安全HTTP内容”,正在进行的工作,draft-Thomson-HTTP-bc-01,2016年10月。

[CDNI] IETF, "Content Delivery Networks Interconnection (cdni)", <https://datatracker.ietf.org/wg/cdni/charter/>.

[CDNI]IETF,“内容交付网络互连(CDNI)”<https://datatracker.ietf.org/wg/cdni/charter/>.

[CHATHAM_HOUSE_RULE] Chatham House, "Chatham House Rule | Chatham House", <https://www.chathamhouse.org/about/chatham-house-rule>.

[CHATHAM_HOUSE_RULE]CHATHAM HOUSE,“CHATHAM HOUSE RULE | CHATHAM HOUSE”<https://www.chathamhouse.org/about/chatham-house-rule>.

[CONEX] IETF, "Congestion Exposure (conex) - Documents", <https://datatracker.ietf.org/wg/conex/documents/>.

[CONEX]IETF,“拥塞暴露(CONEX)-文件”<https://datatracker.ietf.org/wg/conex/documents/>.

[EffectEncrypt] Xiong, C. and M. Patel, "The effect of encrypted traffic on the QoS mechanisms in cellular networks", August 2015, <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf>.

[EffectEncrypt]Xiong,C.和M.Patel,“加密流量对蜂窝网络QoS机制的影响”,2015年8月<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW\u 1\u paper\u 25.pdf>。

[FLOWQUEUE] Hoeiland-Joergensen, T., McKenney, P., Taht, D., Gettys, J., and E. Dumazet, "FlowQueue-Codel", Work in Progress, draft-hoeiland-joergensen-aqm-fq-codel-01, November 2014.

[FLOWQUEUE]Hoeiland Joergensen,T.,McKenney,P.,Taht,D.,Getty,J.,和E.Dumazet,“FLOWQUEUE Codel”,在建工程,草稿-Hoeiland-Joergensen-aqm-fq-Codel-012014年11月。

[GSMA] GSMA, "GSMA Homepage", <http://gsma.com>.

[GSMA]GSMA,“GSMA主页”<http://gsma.com>.

[IWF] IWF, "Internet Watch Foundation Homepage", <https://www.iwf.org.uk/>.

[IWF] IWF,“互联网观察基金会主页”,<https://www.iwf.org.uk/>.

[KeylessSSL] Sullivan, N., "Keyless SSL: The Nitty Gritty Technical Details", September 2014, <https://blog.cloudflare.com/ keyless-ssl-the-nitty-gritty-technical-details/>.

[Keylesssl]Sullivan,N.,“无钥匙SSL:基本技术细节”,2014年9月<https://blog.cloudflare.com/ 无密钥ssl详细技术信息/>。

[LURK] Migault, D., Ma, K., Salz, R., Mishra, S., and O. Dios, "LURK TLS/DTLS Use Cases", Work in Progress, draft-mglt-lurk-tls-use-cases-02, June 2016.

[潜伏]Migault,D.,Ma,K.,Salz,R.,Mishra,S.,和O.Dios,“潜伏TLS/DTLS用例”,正在进行的工作,草稿-mglt-潜伏-TLS-用例-022016年6月。

[MARNEW] IAB, "Managing Radio Networks in an Encrypted World (MaRNEW) Workshop 2015", <https://www.iab.org/activities/workshops/marnew/>.

[MARNEW]IAB,“在加密世界中管理无线电网络(MARNEW)研讨会2015”<https://www.iab.org/activities/workshops/marnew/>.

[MTG] Jain, A., Terzis, A., Flinck, H., Sprecher, N., Arunachalam, S., Smith, K., Devarapalli, V., and R. Yanai, "Mobile Throughput Guidance Inband Signaling Protocol", Work in Progress, draft-flinck-mobile-throughput-guidance-04, March 2017.

[MTG]Jain,A.,Terzis,A.,Flinck,H.,Sprecher,N.,Arunachalam,S.,Smith,K.,Devarapalli,V.,和R.Yanai,“移动吞吐量指引带内信令协议”,正在进行中,草稿-Flinck-Mobile-Throughts-Guidence-042017年3月。

[NETWORK_MANAGEMENT] Smith, K., "Network management of encrypted traffic", Work in Progress, draft-smith-encrypted-traffic-management-05, May 2016.

[NETWORK_MANAGEMENT]Smith,K.,“加密流量的网络管理”,正在进行的工作,草稿-Smith-encrypted-traffic-MANAGEMENT-052016年5月。

[NOTE_WELL] IETF, "IETF Note Well", <https://www.ietf.org/about/note-well.html>.

[NOTE_WELL]IETF,“IETF NOTE WELL”<https://www.ietf.org/about/note-well.html>.

[PCC] Dong, M., Li, Q., Zarchy, D., Brighten Godfrey, P., and M. Schapira, "PCC: Re-architecting Congestion Control for Consistent High Performance", Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15), USENIX Association, May 2015, <https://www.usenix.org/system/files/conference/nsdi15/ nsdi15-paper-dong.pdf>.

[PCC]Dong,M.,Li,Q.,Zarchy,D.,Brighlight Godfrey,P.,和M.Schapira,“PCC:重新设计拥塞控制以实现一致的高性能”,第12届USENIX网络系统设计和实施研讨会论文集(NSDI'15),USENIX协会,2015年5月, <https://www.usenix.org/system/files/conference/nsdi15/ nsdi15文件dong.pdf>。

[PCC-QOS] 3GPP, "Policy and charging control signalling flows and Quality of Service (QoS) parameter mapping", 3GPP TS 29.213, version 15.3.0, Release 15, June 2018, <http://www.3gpp.org/DynaReport/29213.htm>.

[PCC-QOS]3GPP,“策略和计费控制信令流和服务质量(QOS)参数映射”,3GPP TS 29.213,版本15.3.0,版本15,2018年6月发布<http://www.3gpp.org/DynaReport/29213.htm>.

[Pew2014] Madden, M., "Public Perceptions of Privacy and Security in the Post-Snowden Era", November 2014, <http://www.pewinternet.org/2014/11/12/ public-privacy-perceptions/>.

[Pew2014]Madden,M.“后斯诺登时代公众对隐私和安全的看法”,2014年11月<http://www.pewinternet.org/2014/11/12/ 公众隐私感知/>。

[QUIC] Hamilton, R., Iyengar, J., Swett, I., and A. Wilk, "QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2", Work in Progress, draft-tsvwg-quic-protocol-02, January 2016.

[QUIC]Hamilton,R.,Iyengar,J.,Swett,I.,和A.Wilk,“QUIC:HTTP/2基于UDP的安全可靠传输”,正在进行的工作,草案-tsvwg-QUIC-protocol-02,2016年1月。

[RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, DOI 10.17487/RFC2804, May 2000, <https://www.rfc-editor.org/info/rfc2804>.

[RFC2804]IAB和IESG,“IETF关于窃听的政策”,RFC 2804,DOI 10.17487/RFC2804,2000年5月<https://www.rfc-editor.org/info/rfc2804>.

[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, DOI 10.17487/RFC3168, September 2001, <https://www.rfc-editor.org/info/rfc3168>.

[RFC3168]Ramakrishnan,K.,Floyd,S.,和D.Black,“向IP添加显式拥塞通知(ECN)”,RFC 3168,DOI 10.17487/RFC3168,2001年9月<https://www.rfc-editor.org/info/rfc3168>.

[RFC7476] Pentikousis, K., Ed., Ohlman, B., Corujo, D., Boggia, G., Tyson, G., Davies, E., Molinaro, A., and S. Eum, "Information-Centric Networking: Baseline Scenarios", RFC 7476, DOI 10.17487/RFC7476, March 2015, <https://www.rfc-editor.org/info/rfc7476>.

[RFC7476]Pentikousis,K.,Ed.,Ohlman,B.,Corujo,D.,Boggia,G.,Tyson,G.,Davies,E.,Molinaro,A.,和S.Eum,“以信息为中心的网络:基线场景”,RFC 7476,DOI 10.17487/RFC7476,2015年3月<https://www.rfc-editor.org/info/rfc7476>.

[RFC7567] Baker, F., Ed. and G. Fairhurst, Ed., "IETF Recommendations Regarding Active Queue Management", BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015, <https://www.rfc-editor.org/info/rfc7567>.

[RFC7567]Baker,F.,Ed.和G.Fairhurst,Ed.,“IETF关于主动队列管理的建议”,BCP 197,RFC 7567,DOI 10.17487/RFC7567,2015年7月<https://www.rfc-editor.org/info/rfc7567>.

[RFC8404] Moriarty, K., Ed. and A. Morton, Ed., "Effects of Pervasive Encryption on Operators", RFC 8404, DOI 10.17487/RFC8404, July 2018, <https://www.rfc-editor.org/info/rfc8404>.

[RFC8404]Moriarty,K.,Ed.和A.Morton,Ed.,“普及加密对运营商的影响”,RFC 8404,DOI 10.17487/RFC8404,2018年7月<https://www.rfc-editor.org/info/rfc8404>.

[SDO_3GPP] 3GPP, "3GPP Homepage", <http://www.3gpp.org/>.

[SDO_3GPP]3GPP,“3GPP主页”<http://www.3gpp.org/>.

[SPROUT] Winstein, K., Sivaraman, A., and H. Balakrishnan, "Stochastic Forecasts Achieve High Throughput and Low Delay over Cellular Networks", 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI '13), USENIX Association, April 2013, <https://www.usenix.org/system/files/conference/nsdi13/ nsdi13-final113.pdf>.

[SPROUT]Winstein,K.,Sivaraman,A.,和H.Balakrishnan,“随机预测在蜂窝网络上实现高吞吐量和低延迟”,第十届USENIX网络系统设计和实施研讨会(NSDI'13),USENIX协会,2013年4月<https://www.usenix.org/system/files/conference/nsdi13/ nsdi13-final113.pdf>。

[SPUD] IETF, "Session Protocol for User Datagrams (spud)", <https://datatracker.ietf.org/wg/spud/about/>.

[SPUD]IETF,“用户数据报会话协议(SPUD)”<https://datatracker.ietf.org/wg/spud/about/>.

[STATE_BROWSER] Barnes, R., "Some observations of TLS in the web", July 2015, <https://www.ietf.org/proceedings/93/slides/ slides-93-saag-3.pdf>.

[STATE_BROWSER]Barnes,R.,“网络中TLS的一些观察”,2015年7月<https://www.ietf.org/proceedings/93/slides/ 幻灯片-93-saag-3.pdf>。

[STATE_SERVER] Salz, R., "Some observations of TLS in the web", July 2015, <https://www.ietf.org/proceedings/93/slides/ slides-93-saag-4.pdf>.

[STATE_SERVER]Salz,R.,“网络中TLS的一些观察”,2015年7月<https://www.ietf.org/proceedings/93/slides/ 幻灯片-93-saag-4.pdf>。

[TCPINC] "TCP Increased Security (tcpinc)", <https://datatracker.ietf.org/wg/tcpinc/charter/>.

[TCPINC]“TCP增强安全性(TCPINC)”<https://datatracker.ietf.org/wg/tcpinc/charter/>.

Appendix A. Workshop Attendees
附录A.研讨会与会者

o Rich Salz, Akamai

o Rich Salz,Akamai

o Aaron Falk, Akamai

o Aaron Falk,Akamai

o Vinay Kanitkar, Akamai

o Vinay Kanitkar,Akamai

o Julien Maisonneuve, Alcatel Lucent

o 朱利安·梅森纽夫,阿尔卡特朗讯

o Dan Druta, AT&T

o 丹德鲁塔,美国电话电报公司

o Humberto La Roche, Cisco

o 亨贝托·拉罗什,思科

o Thomas Anderson, Cisco

o 托马斯·安德森,思科

o Paul Polakos, Cisco

o 保罗波拉科斯,思科

o Marcus Ihlar, Ericsson

o 马库斯·伊拉尔,爱立信

o Szilveszter Nadas, Ericsson

o Szilveszter Nadas,爱立信

o John Mattsson, Ericsson

o 约翰·马特森,爱立信

o Salvatore Loreto, Ericsson

o 爱立信萨尔瓦托雷·洛雷托

o Blake Matheny, Facebook

o 布莱克·马蒂尼,Facebook

o Andreas Terzis, Google

o Andreas Terzis,谷歌

o Jana Iyengar, Google

o Jana Iyengar,谷歌

o Natasha Rooney, GSMA

o 娜塔莎·鲁尼,GSMA

o Istvan Lajtos, GSMA

o 伊斯特万·拉伊托斯,GSMA

o Emma Wood, GSMA

o 艾玛·伍德,GSMA

o Jianjie You, Huawei

o 华为尤建杰

o Chunshan Xiong, Huawei

o 熊春山,华为

o Russ Housley, IAB

o 国际律师协会Russ Housley

o Mary Barnes, IAB

o 玛丽·巴恩斯,国际律师协会

o Joe Hildebrand, IAB / Cisco

o 乔·希尔德布兰德,IAB/思科

o Ted Hardie, IAB / Google

o Ted Hardie,IAB/谷歌

o Robert Sparks, IAB / Oracle

o 罗伯特·斯帕克斯,IAB/甲骨文

o Spencer Dawkins, IETF AD

o 斯宾塞·道金斯,IETF广告

o Benoit Claise, IETF AD / Cisco

o Benoit Claise,IETF AD/Cisco

o Kathleen Moriarty, IETF AD / EMC

o Kathleen Moriarty,IETF AD/EMC

o Barry Leiba, IETF AD / Huawei

o Barry Leiba,IETF广告/华为

o Ben Campbell, IETF AD / Oracle

o 本·坎贝尔,IETF广告/甲骨文

o Stephen Farrell, IETF AD / Trinity College Dublin

o Stephen Farrell,IETF AD/都柏林三一学院

o Jari Arkko, IETF Chair / Ericsson

o Jari Arkko,IETF主席/爱立信

o Karen O'Donoghue, ISOC

o 凯伦·奥多诺霍,ISOC

o Phil Roberts, ISOC

o 菲尔·罗伯茨,ISOC

o Olaf Kolkman, ISOC

o 奥拉夫·科尔克曼

o Christian Huitema, Microsoft

o 微软公司克里斯蒂安·惠特马

o Patrick McManus, Mozilla

o 帕特里克·麦克马纳斯,莫兹拉

o Dirk Kutscher, NEC Europe Network Laboratories

o Dirk Kutscher,NEC欧洲网络实验室

o Mark Watson, Netflix

o 马克·沃森,Netflix

o Martin Peylo, Nokia

o 马丁·佩洛,诺基亚

o Mohammed Dadas, Orange

o 穆罕默德·达达斯,橙色

o Diego Lopez, Telefonica

o 迭戈·洛佩斯,西班牙电视台

o Matteo Varvello, Telefonica

o 马特奥·瓦维洛,西班牙电信公司

o Zubair Shafiq, The University of Iowa

o Zubair Shafiq,爱荷华大学

o Vijay Devarapalli, Vasona Networks

o Vijay Devarapalli,Vasona Networks

o Sanjay Mishra, Verizon

o 桑杰·米什拉,威瑞森

o Gianpaolo Scassellati, Vimplecom

o 吉安帕罗·斯卡塞拉蒂,维姆普莱科姆

o Kevin Smith, Vodafone

o 凯文·史密斯,沃达丰

o Wendy Seltzer, W3C

o 温迪·萨尔茨,W3C

Appendix B. Workshop Position Papers
附录B.研讨会职位文件

o Mohammed Dadas, Emile Stephan, Mathilde Cayla, Iuniana Oprescu, "Cooperation Framework between Application layer and Lower Layers" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_33.pdf>

o Mohammed Dadas,Emile Stephan,Mathilde Cayla,Iuniana Oprescu,“应用层和底层之间的合作框架”,位于<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_33.pdf>

o Julien Maisonneuve, Vijay Gurbani, and Thomas Fossati, "The security pendulum" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_4.pdf>

o Julien Maisonneuve、Vijay Gurbani和Thomas Fossati在<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_4.pdf>

o Martin Peylo, "Enabling Secure QoE Measures for Internet Applications over Radio Networks is a MUST" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_32.pdf>

o Martin Peylo,“为无线网络上的互联网应用实现安全QoE措施是必须的”<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_32.pdf>

o Vijay Devarapalli, "The Bandwidth Balancing Act: Managing QoE as encrypted services change the traffic optimization game" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_10.pdf>

o Vijay Devarapalli,“带宽平衡法案:在加密服务改变流量优化游戏时管理QoE”,在<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_10.pdf>

o Humberto J. La Roche, "Use Cases for Communicating End-Points in Mobile Network Middleboxes" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_12.pdf>

o Humberto J.La Roche,“移动网络中间盒中通信端点的用例”,位于<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_12.pdf>

o Patrick McManus and Richard Barnes, "User Consent and Security as a Public Good" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_13.pdf>

o Patrick McManus和Richard Barnes,“用户同意和安全作为公共品”在<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_13.pdf>

o Iuniana Oprescu, Jon Peterson, and Natasha Rooney, "A Framework for Consent and Permissions in Mediating TLS" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_31.pdf>

o Iuniana Oprescu、Jon Peterson和Natasha Rooney,“调解TLS的同意和许可框架”在<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_31.pdf>

o Jari Arkko and Goran Eriksson, "Characteristics of Traffic Type Changes and Their Architectural Implications" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_15.pdf>

o Jari Arkko和Goran Eriksson,“交通类型变化的特征及其建筑含义”,在<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_15.pdf>

o Szilveszter Nadas and Attila Mihaly, "Concept for Cooperative Traffic Management" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_16.pdf>

o Szilveszter Nadas和Attila Mihaly,“合作交通管理概念”,在<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_16.pdf>

o Gianpaolo Scassellati, "Vimpelcom Position paper for MaRNEW Workshop" at <https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_17.pdf>

o Gianpaolo Scassellati,“MaRNEW研讨会Vimpelcom立场文件”,在<https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_17.pdf>

o Mirja Kuhlewind, Dirk Kutscher, and Brian Trammell, "Enabling Traffic Management without DPI" at <https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_18.pdf>

o Mirja Kuhlewind、Dirk Kutscher和Brian Trammell在<https://www.iab.org/ wp content/IAB uploads/2015/08/MaRNEW_1_paper_18.pdf>

o Andreas Terzis and Chris Bentzel, "Sharing network state with application endpoints" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_19.pdf>

o Andreas Terzis和Chris Bentzel在<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_19.pdf>

o Marcus Ihlar, Salvatore Loreto, and Robert Skog, "The needed existence of PEP in an encrypted world" at <https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_20.pdf>

o Marcus Ihlar、Salvatore Loreto和Robert Skog,“加密世界中PEP的必要存在”在<https://www.iab.org/ wp content/IAB uploads/2015/08/MaRNEW\u 1\u paper\u 20.pdf>

o John Mattsson, "Network Operation in an All-Encrypted World" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_21.pdf>

o John Mattsson,“全加密世界中的网络操作”在<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_21.pdf>

o Dirk Kutscher, Giovanna Carofiglio, Luca Muscariello, and Paul Polakos, "Maintaining Efficiency and Privacy in Mobile Networks through Information-Centric Networking" at <https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_23.pdf>

o Dirk Kutscher、Giovanna Carofiglio、Luca Muscariello和Paul Polakos,“通过以信息为中心的网络维护移动网络的效率和隐私”,在<https://www.iab.org/ wp content/IAB uploads/2015/08/MaRNEW\u 1\u paper\u 23.pdf>

o Chunshan Xiong and Milan Patel, "The effect of encrypted traffic on the QoS mechanisms in cellular networks" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf>

o 熊春山和Milan Patel,“加密流量对蜂窝网络QoS机制的影响”,在<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf>

o Thomas Anderson, Peter Bosch, and Alessandro Duminuco, "Bandwidth Control and Regulation in Mobile Networks via SDN/NFV-Based Platforms" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_26.pdf>

o Thomas Anderson、Peter Bosch和Alessandro Duminuco,“通过基于SDN/NFV的平台在移动网络中进行带宽控制和监管”,位于<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_26.pdf>

o Karen O'Donoghue and Phil Roberts, "Barriers to Deployment: Probing the Potential Differences in Developed and Developing Infrastructure" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_27.pdf>

o Karen O'Donoghue和Phil Roberts,“部署障碍:探索发达和发展中基础设施的潜在差异”,在<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_27.pdf>

o Wendy Seltzer, "Security, Privacy, and Performance Considerations for the Mobile Web" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_28.pdf>

o Wendy Seltzer,“移动网络的安全、隐私和性能注意事项”,网址:<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_28.pdf>

o Jianjie You, Hanyu Wei, and Huaru Yang, "Use Case Analysis and Potential Bandwidth Optimization Methods for Encrypted Traffic" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_29.pdf>

o You Jianjie、Hanyu Wei和Huaru Yang,“加密流量的用例分析和潜在带宽优化方法”,网址:<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_29.pdf>

o Mangesh Kasbekar and Vinay Kanitkar, "CDNs, Network Services and Encrypted Traffic" at <https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_30.pdf>

o Mangesh Kasbekar和Vinay Kanitkar,“CDN、网络服务和加密流量”,网址:<https://www.iab.org/wp-content/ IAB uploads/2015/08/MaRNEW_1_paper_30.pdf>

o Yves Hupe, Claude Rocray, and Mark Santelli, "Providing Optimization of Encrypted HTTP Traffic" at <https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_341.pdf>

o Yves Hupe、Claude Rocray和Mark Santelli在<https://www.iab.org/ wp content/IAB uploads/2015/08/MaRNEW_1_paper_341.pdf>

o M. Zubair Shafiq, "Tracking Mobile Video QoE in the Encrypted Internet" at <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_35.pdf>

o M.Zubair Shafiq,“在加密互联网上跟踪移动视频QoE”,网址:<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_35.pdf>

o Kevin Smith, "Encryption and government regulation: what happens now?" at <https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_1.pdf>

o Kevin Smith,“加密和政府监管:现在发生了什么?”在<https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_1.pdf>

Acknowledgements

致谢

Stephen Farrell reviewed this report in draft form and provided copious comments and suggestions.

斯蒂芬·法雷尔(Stephen Farrell)以草稿形式审查了这份报告,并提出了大量的意见和建议。

Barry Leiba provided some clarifications on specific discussions about Lawful Intercept that took place during the workshop.

Barry Leiba就研讨会期间关于合法拦截的具体讨论作了一些澄清。

Bob Hinden and Warren Kumari provided comments and suggestions during the IAB Call for Comments.

Bob Hinden和Warren Kumari在IAB征求意见期间提供了意见和建议。

Amelia Andersdotter and Shivan Kaul Sahib provided comments from the Human Rights Review Team during the IAB Call for Comments.

Amelia Andersdotter和Shivan Kaul Sahib在IAB征求意见期间提供了人权审查小组的意见。

Authors' Addresses

作者地址

Natasha Rooney GSMA

娜塔莎·鲁尼·格斯玛

   Email: nrooney@gsma.com
   URI:   https://gsma.com
        
   Email: nrooney@gsma.com
   URI:   https://gsma.com
        

Spencer Dawkins (editor) Wonder Hamster

斯宾塞·道金斯(编辑)神奇仓鼠

   Email: spencerdawkins.ietf@gmail.com
        
   Email: spencerdawkins.ietf@gmail.com