Internet Architecture Board (IAB) B. Trammell Request for Comments: 8546 M. Kuehlewind Category: Informational April 2019 ISSN: 2070-1721
Internet Architecture Board (IAB) B. Trammell Request for Comments: 8546 M. Kuehlewind Category: Informational April 2019 ISSN: 2070-1721
The Wire Image of a Network Protocol
网络协议的有线映像
Abstract
摘要
This document defines the wire image, an abstraction of the information available to an on-path non-participant in a networking protocol. This abstraction is intended to shed light on the implications that increased encryption has for network functions that use the wire image.
本文档定义了wire映像,它是网络协议中非参与者的路径上可用信息的抽象。此抽象旨在阐明加密增加对使用有线图像的网络功能的影响。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Architecture Board (IAB) and represents information that the IAB has deemed valuable to provide for permanent record. It represents the consensus of the Internet Architecture Board (IAB). Documents approved for publication by the IAB are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.
本文件是互联网体系结构委员会(IAB)的产品,代表IAB认为有价值提供永久记录的信息。它代表了互联网体系结构委员会(IAB)的共识。IAB批准发布的文件不适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8546.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8546.
Copyright Notice
版权公告
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Definition . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. The Extent of the Wire Image . . . . . . . . . . . . . . 4 3.2. Obscuring Timing and Sizing Information . . . . . . . . . 5 3.3. Integrity Protection of the Wire Image . . . . . . . . . 5 4. Engineering the Wire Image . . . . . . . . . . . . . . . . . 6 4.1. Declaring Protocol Invariants . . . . . . . . . . . . . . 7 4.2. Trustworthiness of Engineered Signals . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Informative References . . . . . . . . . . . . . . . . . . . 8 IAB Members at the Time of Approval . . . . . . . . . . . . . . . 9 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Definition . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. The Extent of the Wire Image . . . . . . . . . . . . . . 4 3.2. Obscuring Timing and Sizing Information . . . . . . . . . 5 3.3. Integrity Protection of the Wire Image . . . . . . . . . 5 4. Engineering the Wire Image . . . . . . . . . . . . . . . . . 6 4.1. Declaring Protocol Invariants . . . . . . . . . . . . . . 7 4.2. Trustworthiness of Engineered Signals . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. Informative References . . . . . . . . . . . . . . . . . . . 8 IAB Members at the Time of Approval . . . . . . . . . . . . . . . 9 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
A protocol specification defines a set of behaviors for each participant in the protocol: which lower-layer protocols are used for which services, how messages are formatted and protected, which participant sends which message when, how each participant should respond to each message, and so on.
协议规范为协议中的每个参与者定义了一组行为:哪些较低层协议用于哪些服务、消息如何格式化和保护、哪些参与者何时发送哪些消息、每个参与者应该如何响应每条消息,等等。
Implicit in a protocol specification is the information the protocol radiates toward nonparticipant observers of the messages sent among participants, often including participants in lower-layer protocols. Any information that has a clear definition in the protocol's message format(s), or is implied by that definition, and is not cryptographically confidentiality protected can be unambiguously interpreted by those observers. This information comprises the protocol's wire image, which we define and discuss in this document.
协议规范中隐含的信息是协议向参与者之间发送的消息的非参与者观察者辐射的信息,通常包括较低层协议中的参与者。任何在协议消息格式中有明确定义的信息,或该定义暗示的信息,以及没有加密保密保护的信息,都可以由这些观察者明确解释。该信息包括协议的有线图像,我们在本文档中定义并讨论该图像。
The wire image, not the protocol's specification, determines how third parties on the network paths among protocol participants will interact with that protocol.
有线映像(而不是协议的规范)决定协议参与者之间网络路径上的第三方将如何与该协议交互。
The increasing deployment of transport-layer security [RFC8446] to protect application-layer headers and payload, as well as the definition and deployment of transport protocols with encrypted control information such as QUIC [QUIC], brings new relevance to the question of how third parties on the network paths will interact with a protocol. QUIC is, in effect, the first IETF-defined transport protocol to take care of the minimization of its own wire image to prevent ossification and improve end-to-end privacy by reducing information radiation.
传输层安全性[RFC8446]的不断增加的部署,以保护应用层报头和有效负载,以及使用加密控制信息(如QUIC[QUIC])定义和部署传输协议,为网络路径上的第三方如何与协议交互的问题带来了新的相关性。实际上,QUIC是IETF定义的第一个传输协议,它负责最小化自身的有线图像,以防止僵化,并通过减少信息辐射来改善端到端的隐私。
The flip side of this trend is the impact of a less visible wire image on various functions driven by third-party observation of the wire image. In contrast to ongoing discussions about this tussle, this document treats the wire image as a pure abstraction, with the hope that it can shed some light on these discussions.
这种趋势的另一面是,第三方观察导线图像时,导线图像不太可见会对各种功能产生影响。与正在进行的关于这场争论的讨论相反,本文将wire图像视为一个纯粹的抽象,希望它能对这些讨论提供一些启示。
The wire image of the set of protocols in use for a given communication is the view of that set of protocols as observed by an entity not participating in the communication. It is the sequence of packets sent by each participant in the communication, including the content of those packets and metadata about the observation itself: the time at which each packet is observed and the vantage point of the observer.
用于给定通信的协议集的有线图像是未参与通信的实体观察到的该协议集的视图。它是通信中每个参与者发送的数据包序列,包括这些数据包的内容和关于观察本身的元数据:每个数据包被观察的时间和观察者的有利位置。
This definition illustrates some important properties of the wire image.
此定义说明了导线图像的一些重要特性。
It is key that the wire image is not limited to merely "the unencrypted bits in the header". In particular, the metadata, such as sequences of interpacket timing and packet sizes, can be used to infer other parameters of the behavior of the protocols in use or to fingerprint protocols and/or specific implementations of those protocols; see Section 3.2.
重要的是,有线图像不仅仅限于“报头中的未加密位”。具体而言,元数据,例如分组间定时和分组大小的序列,可用于推断所使用协议的行为的其他参数,或用于指纹协议和/或这些协议的特定实现;见第3.2节。
An important implication of this property is that a protocol that uses confidentiality protection for the headers it needs to operate can be deliberately designed to have a specified wire image that is separate from that machinery; see Section 4. Note that this is a capability unique to encrypted protocols. Parts of a wire image may also be made visible to devices on path, but immutable through end-to-end integrity protection; see Section 3.3.
该属性的一个重要含义是,对其需要操作的报头使用保密保护的协议可以被故意设计为具有与该机器分离的指定有线图像;见第4节。请注意,这是加密协议特有的功能。线路映像的某些部分也可以对路径上的设备可见,但通过端到端完整性保护是不可变的;见第3.3节。
Portions of the wire image of a protocol stack that are neither confidentiality protected nor integrity protected are writable by devices on the path(s) between the endpoints using the protocols. A protocol with a wire image that is largely writable operating over a path with devices that understand the semantics of the protocol's wire image can modify it in order to induce behaviors at the protocol's participants. TCP is one such protocol in the current Internet.
协议栈中既不受机密性保护也不受完整性保护的有线映像部分可由使用协议的端点之间的路径上的设备写入。协议中的线映像在很大程度上是可写的,在路径上运行的设备能够理解协议线映像的语义,因此可以对其进行修改,以诱导协议参与者的行为。TCP就是当前Internet中的一种协议。
The term "wire image" can be applied in different scopes: the wire image of a single packet refers to the information derivable from observing that one packet in isolation, and the wire image of a
术语“线图像”可应用于不同的范围:单个数据包的线图像指的是从孤立地观察该数据包而衍生的信息,以及单个数据包的线图像
single protocol refers to the information derivable from observing only the headers belonging to that protocol on a sequence of packets in isolation from other protocols in use for a communication. See Section 3.1 for more.
单一协议是指在与通信中使用的其他协议隔离的情况下,仅在数据包序列上观察属于该协议的报头而得到的信息。详见第3.1节。
For a given packet observed at a given point in the network, the wire image contains information from the entire stack of protocols in use at that observation point. This implies that the wire image depends on the observer as well: each observer may see a slightly different image of the same communication.
对于在网络中的给定点观察到的给定数据包,wire映像包含来自该观察点使用的整个协议栈的信息。这意味着有线图像也取决于观察者:每个观察者可能会看到同一通信的稍有不同的图像。
In this document, we assume that only information at the transport layer and above is delivered end-to-end, and we focus on the "Internet" wire image: that portion of the wire image at the network layer and above. While confidentiality and integrity protection may be added at multiple layers in the stack, protection below the network layer does not prevent modification either by the devices terminating those security associations or by devices on different segments of the path.
在本文档中,我们假设只有传输层及以上的信息是端到端传送的,我们将重点放在“Internet”线路映像上:网络层及以上的线路映像部分。虽然可以在堆栈的多个层上添加机密性和完整性保护,但网络层下的保护不会阻止终止这些安全关联的设备或路径不同段上的设备进行修改。
While we begin this definition as the properties of a sequence of packets in isolation, this is not how wire images are typically used by passive observers. A passive observer will generally consider the union of all the information in the wire image in all the packets generated by a given conversation.
虽然我们从孤立的数据包序列的属性开始定义,但被动观察者通常不会使用有线图像。被动观察者通常会考虑由给定会话生成的所有分组中的有线图像中的所有信息的联合。
Similarly, the wire image of a single protocol is rarely seen in isolation. The dynamics of the application and network stacks on each endpoint use multiple protocols for any higher-level task. Most protocols involving user content, for example, are often seen on the wire together with DNS traffic; the information from the wire image from each protocol in use for a given communication can be correlated to infer information about the dynamics of the overlying application.
类似地,单个协议的有线映像很少单独出现。每个端点上的应用程序和网络堆栈的动态使用多个协议来执行任何更高级别的任务。例如,大多数涉及用户内容的协议通常与DNS流量一起出现在网络上;来自用于给定通信的每个协议的有线图像的信息可以相互关联,以推断关于覆盖应用程序的动态的信息。
Information from protocol wire images is also not generally used on its own but is rather additionally correlated with other context information available to the observer, e.g., information about other communications engaged in by each endpoint, information about the implementations of the protocols at each endpoint, information about the network and internetwork topology near those endpoints, and so on. This context can be used together with information from the wire image to reach more detailed inferences about endpoint and end-user behavior.
来自协议线图像的信息也通常不单独使用,而是与观察者可用的其他上下文信息(例如,关于每个端点参与的其他通信的信息、关于每个端点处的协议实现的信息)额外相关,有关这些端点附近的网络和网络间拓扑的信息,等等。此上下文可以与wire图像中的信息一起使用,以获得关于端点和最终用户行为的更详细推断。
Note also that the wire image is multidimensional. This implies that the name "image" is not merely metaphorical and that general image recognition techniques may be applicable to extracting patterns and information from it.
还要注意,导线图像是多维的。这意味着“图像”的名称不仅仅是隐喻,一般的图像识别技术可能适用于从中提取模式和信息。
Cryptography can protect the confidentiality of a protocol's headers to the extent that forwarding devices do not need the confidentiality-protected information for basic forwarding operations. Ciphersuites and other transmission techniques designed to prevent timing analysis can also be applied at the sender to reduce the information content of the metadata portion of the wire image. However, there are limits to these techniques. Packets cannot be made smaller than their information content, be sent faster than processing time requirements at the sender allow, or be transmitted through the network faster than the speed of light. Since these techniques operate at the expense of bandwidth efficiency and latency, they are also limited to the application's tolerance for latency and bandwidth inefficiency.
密码学可以保护协议头的机密性,只要转发设备不需要基本转发操作的机密性保护信息。设计用于防止定时分析的密码套件和其他传输技术也可应用于发送方,以减少有线图像的元数据部分的信息内容。然而,这些技术也有局限性。数据包不能小于其信息内容,发送速度不能超过发送方允许的处理时间要求,或通过网络传输速度不能超过光速。由于这些技术以牺牲带宽效率和延迟为代价进行操作,因此它们也仅限于应用程序对延迟和带宽效率低下的容忍度。
Adding end-to-end integrity protection to portions of the wire image makes it impossible for on-path devices to modify them without detection by the endpoints, which can then take action in response to those modifications, making these portions of the wire image effectively immutable. However, they can still be observed by devices on path. This allows the creation of signals intended by the endpoints solely for the consumption of these on-path devices.
将端到端完整性保护添加到导线图像的部分,使得路径上的设备不可能在未经端点检测的情况下对其进行修改,而端点随后可以对这些修改采取响应措施,从而使导线图像的这些部分有效地不可变。然而,它们仍然可以被路径上的设备观察到。这允许创建端点仅用于消耗这些路径上设备的信号。
Integrity protection can only practically be applied to the sequence of bits in each packet, which implies that a protocol's visible wire image cannot be made completely immutable in a packet-switched network. Interarrival timings, for instance, cannot be easily protected, as the observable delay sequence is modified as packets move through the network and experience different delays on different links. Message sequences are also not practically protectable, because packets may be dropped or reordered at any point in the network as a consequence of the network's operation. Intermediate systems with knowledge of the protocol semantics in the readable portion of the wire image can also purposely delay or drop packets in order to affect the protocol's operation.
完整性保护实际上只能应用于每个数据包中的位序列,这意味着协议的可视线映像不能在数据包交换网络中完全不变。例如,到达时间间隔不容易保护,因为当数据包在网络中移动并在不同链路上经历不同的延迟时,可观察到的延迟序列会被修改。消息序列实际上也不可保护,因为作为网络操作的结果,数据包可能在网络中的任何点被丢弃或重新排序。在有线图像的可读部分中具有协议语义知识的中间系统也可以故意延迟或丢弃数据包以影响协议的操作。
Understanding the nature of a protocol's wire image allows it to be engineered. The general principle at work here, observed through experience with deployability and non-deployability of protocols at the network and transport layers in the Internet, is that all observable parts of a protocol's wire image will eventually be used by devices on path. Consequently, changes or future extensions that affect the observable part of the wire image become difficult or impossible to deploy.
了解协议的有线映像的性质可以对其进行工程设计。根据互联网网络和传输层协议的可部署性和不可部署性的经验,这里工作的一般原则是,协议的有线映像的所有可观察部分最终将由路径上的设备使用。因此,影响有线图像可观察部分的更改或未来扩展变得难以部署或不可能部署。
A network function that serves a purpose useful to its deployer will use the information it needs from the wire image and will tend to get that information from the wire image in the simplest way possible.
为部署人员提供有用用途的网络功能将使用它从wire映像中需要的信息,并倾向于以尽可能简单的方式从wire映像中获取该信息。
For example, consider the case of the ubiquitous TCP [RFC793] transport protocol. As described in [RFC8558], several key in-network functions have evolved to take advantage of implicit signals in TCP's wire image, which, as TCP provides neither integrity or confidentiality protection for its headers, is inseparable from its internal operation. Some of these include:
例如,考虑普遍存在的TCP [RCF793]传输协议的情况。如[RFC8558]中所述,几个关键网络功能已经演变为利用TCP的有线映像中的隐式信号,由于TCP既不为其报头提供完整性保护,也不为其报头提供保密保护,因此与其内部操作密不可分。其中包括:
o Determining return routability and consent: For example, TCP's wire image contains both an implicit indication that the sender of a packet is at least on the path toward its source address (in the acknowledgement number during the handshake), as well as an implicit indication that a receiving device consents to continue communication. These are used by stateful network firewalls.
o 确定返回可路由性和同意:例如,TCP的有线映像包含一个隐式指示,表明数据包的发送者至少在通往其源地址的路径上(在握手期间的确认号中),以及一个隐式指示,表明接收设备同意继续通信。这些被有状态网络防火墙使用。
o Measuring loss and latency: For example, examining the sequence of TCP's sequence and acknowledgement numbers, as well as the ECN [RFC3168] control bits, allows the inference of congestion, loss, and retransmission along the path. The sequence and acknowledgement numbers together with the timestamp option [RFC7323] allow the measurement of application-experienced latency.
o 测量丢失和延迟:例如,检查TCP序列号和确认号的序列,以及ECN[RFC3168]控制位,可以推断路径上的拥塞、丢失和重传。序列号和确认号以及时间戳选项[RFC7323]允许测量应用程序经历的延迟。
During the design of a protocol, the utility of features like these should be considered. The protocol's wire image can be designed to explicitly expose information to those network functions deemed important by the designers. The wire image should expose as little other information as possible.
在设计协议的过程中,应该考虑这些特性的效用。协议的有线映像可以设计为明确地将信息暴露给设计者认为重要的网络功能。导线图像应尽可能少地暴露其他信息。
However, even when information is explicitly provided to the network, any information that is exposed by the wire image, even information not intended to be consumed by an observer, must be designed carefully, as deployed network functions using that information may render it immutable for future versions of the protocol. For
然而,即使当信息被明确地提供给网络时,有线图像所暴露的任何信息,甚至不打算被观察者使用的信息,都必须仔细地设计,因为使用该信息部署的网络功能可能使其在协议的未来版本中不可变。对于
example, information needed to support decryption by the receiving endpoint (cryptographic handshakes, sequence numbers, and so on) may be used by devices along the path for their own purposes.
例如,支持接收端点解密所需的信息(加密握手、序列号等)可由沿路径的设备用于其自身目的。
One potential approach to reduce the extent of the wire image that will be used by devices on the path is to define a set of invariants for a protocol during its development. Declaring a protocol's invariants represents a promise made by the protocol's developers that certain bits in the wire image, and behaviors observable in the wire image, will be preserved through the specification of all future versions of the protocol. QUIC's invariants [QUIC-INVARIANTS] are an initial attempt to apply this approach to QUIC.
减少路径上设备将使用的有线图像范围的一种潜在方法是在协议开发期间为协议定义一组不变量。声明一个协议的不变量代表了该协议的开发人员做出的一个承诺,即有线图像中的某些位以及有线图像中可观察到的行为将通过该协议的所有未来版本的规范得到保留。QUIC的不变量[QUIC-不变量]是将这种方法应用于QUIC的初步尝试。
While static aspects of the wire image (bits with simple semantics at fixed positions in protocol headers) can easily be made invariant, different aspects of the wire image may be more or less appropriate to define as invariants. For a protocol with a version and/or extension negotiation mechanism, the bits in the header and the behaviors tied to those bits, which implement version negotiation, should be made invariant. More fluid aspects of the wire image and behaviors that are not necessary for interoperability are not appropriate as invariants.
虽然有线图像的静态方面(在协议头的固定位置具有简单语义的位)可以容易地保持不变,但有线图像的不同方面可能或多或少适合定义为不变量。对于具有版本和/或扩展协商机制的协议,头中的位以及与实现版本协商的位相关的行为应保持不变。对于互操作性来说,电线图像和行为的更多流动性方面不适合作为不变量。
Parts of a protocol's wire image not declared invariant but intended to be visible to devices on path should be protected against "accidental invariance": the deployment of on-path devices over time that make simplifying assumptions about the behavior of those parts of the wire image, making new behaviors not meeting those assumptions difficult to deploy. Integrity protection of the wire image may itself help protect against accidental invariance, because read-only wire images invite less meddling than path-writable wire images. The techniques discussed in [USE-IT] may also be useful in further preventing accidental invariance and ossification.
协议的线映像部分未声明为不变,但打算对路径上的设备可见,应防止“意外不变性”:随着时间的推移,路径上设备的部署会简化对这些线映像部分行为的假设,使不符合这些假设的新行为难以部署。导线图像的完整性保护本身可能有助于防止意外不变性,因为只读导线图像比路径可写导线图像引起的干扰更少。[USE-IT]中讨论的技术也可能有助于进一步防止意外不变性和骨化。
Likewise, parts of a protocol's wire image not declared invariant and not intended to be visible to the path should be encrypted to protect their confidentiality. When confidentiality protection is either not possible or not practical, then, as above, the approaches discussed in [USE-IT] may be useful in ossification prevention.
同样,协议的有线映像中未声明为不变且不打算对路径可见的部分也应进行加密,以保护其机密性。当保密保护不可能或不实用时,如上所述,[USE-IT]中讨论的方法可能有助于骨化预防。
Since signals in the wire image that are engineered to be exposed are separate from the signals that drive an encrypted protocol's mechanisms, the accuracy of these signals intended for consumption by the path may not be verifiable by on-path devices; see [RFC8558].
由于设计为暴露的有线图像中的信号与驱动加密协议的机制的信号分离,因此路径上设备可能无法验证这些拟由路径消耗的信号的准确性;见[RFC8558]。
Indeed, any two endpoints with a secret channel between them (in this case, the encrypted protocol itself) may collude to change the semantics and information content of these signals. This is an unavoidable consequence of the separation of the wire image from the protocol's operation afforded by confidentiality protection of the protocol's headers.
事实上,任何两个端点之间有一个秘密通道(在这种情况下,加密协议本身)都可能串通来改变这些信号的语义和信息内容。这是由于协议头的保密保护将有线图像与协议操作分离而产生的不可避免的后果。
This document has no IANA actions.
本文档没有IANA操作。
This document explores the information exposed by the wire image that may be relevant to end-to-end communication privacy and security. When designing the wire image of a network protocol, care must be taken to expose only that information to the network deemed necessary in the protocol's design, and careful design is necessary to reduce the risk that information not explicitly included in the wire image is derivable from its observation.
本文档探讨wire image所公开的可能与端到端通信隐私和安全相关的信息。在设计网络协议的有线图像时,必须注意仅将协议设计中认为必要的信息暴露给网络,并且必须仔细设计,以降低有线图像中未明确包含的信息从其观察中衍生出来的风险。
[QUIC] Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed and Secure Transport", Work in Progress, draft-ietf-quic-transport-19, March 2019.
[QUIC]Iyengar,J.和M.Thomson,“QUIC:基于UDP的多路复用和安全传输”,正在进行的工作,草案-ietf-QUIC-Transport-19,2019年3月。
[QUIC-INVARIANTS] Thomson, M., "Version-Independent Properties of QUIC", Work in Progress, draft-ietf-quic-invariants-04, April 2019.
[QUIC-INVARIANTS]Thomson,M.,“QUIC的版本无关属性”,正在进行的工作,草稿-ietf-QUIC-INVARIANTS-042019年4月。
[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <https://www.rfc-editor.org/info/rfc793>.
[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,DOI 10.17487/RFC0793,1981年9月<https://www.rfc-editor.org/info/rfc793>.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, DOI 10.17487/RFC3168, September 2001, <https://www.rfc-editor.org/info/rfc3168>.
[RFC3168]Ramakrishnan,K.,Floyd,S.,和D.Black,“向IP添加显式拥塞通知(ECN)”,RFC 3168,DOI 10.17487/RFC3168,2001年9月<https://www.rfc-editor.org/info/rfc3168>.
[RFC7323] Borman, D., Braden, B., Jacobson, V., and R. Scheffenegger, Ed., "TCP Extensions for High Performance", RFC 7323, DOI 10.17487/RFC7323, September 2014, <https://www.rfc-editor.org/info/rfc7323>.
[RFC7323]Borman,D.,Braden,B.,Jacobson,V.,和R.Scheffenegger,编辑,“高性能TCP扩展”,RFC 7323,DOI 10.17487/RFC73232014年9月<https://www.rfc-editor.org/info/rfc7323>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>.
[RFC8446]Rescorla,E.“传输层安全(TLS)协议版本1.3”,RFC 8446,DOI 10.17487/RFC8446,2018年8月<https://www.rfc-editor.org/info/rfc8446>.
[RFC8558] Hardie, T., Ed., "Transport Protocol Path Signals", RFC 8558, DOI 10.17487/RFC8558, April 2019, <https://www.rfc-editor.org/info/rfc8558>.
[RFC8558]Hardie,T.,Ed.,“传输协议路径信号”,RFC 8558,DOI 10.17487/RFC8558,2019年4月<https://www.rfc-editor.org/info/rfc8558>.
[USE-IT] Thomson, M., "Long-term Viability of Protocol Extension Mechanisms", Work in Progress, draft-thomson-use-it-or-lose-it-03, January 2019.
[USE-IT]Thomson,M.,“协议扩展机制的长期可行性”,正在进行的工作,draft-Thomson-USE-IT-or-lose-IT-032019年1月。
IAB Members at the Time of Approval
批准时的IAB成员
Jari Arkko Alissa Cooper Ted Hardie Christian Huitema Gabriel Montenegro Erik Nordmark Mark Nottingham Melinda Shore Robert Sparks Jeff Tantsura Martin Thomson Brian Trammell Suzanne Woolf
雅丽·阿尔科·艾莉莎·库珀·泰德·哈迪·克里斯蒂安·惠特玛·加布里埃尔·黑山埃里克·诺德马克·马克·诺丁汉·梅林达海岸罗伯特·斯帕克斯·杰夫·坦特拉·马丁·汤姆森·布莱恩·特拉梅尔·苏珊娜·伍尔夫
Acknowledgments
致谢
Thanks to Martin Thomson, Stephen Farrell, Thomas Fossati, Ted Hardie, Mark Nottingham, Tommy Pauly, and the membership of the IAB Stack Evolution Program for text, feedback, and discussions that have improved this document.
感谢Martin Thomson、Stephen Farrell、Thomas Fossati、Ted Hardie、Mark Nottingham、Tommy Pauly以及IAB Stack Evolution Program的成员,他们的文字、反馈和讨论改进了本文档。
This work is partially supported by the European Commission under Horizon 2020 grant agreement No. 688421, Measurement and Architecture for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for Education, Research, and Innovation under contract No. 15.0268. This support does not imply endorsement.
这项工作得到了欧盟委员会第688421号地平线2020赠款协议“中盒互联网的测量和架构”(MAMI)的部分支持,以及瑞士教育、研究和创新国家秘书处第15.0268号合同的部分支持。这种支持并不意味着认可。
Authors' Addresses
作者地址
Brian Trammell ETH Zurich Gloriastrasse 35 8092 Zurich Switzerland
Brian Trammell ETH苏黎世格洛里亚酒店35 8092苏黎世瑞士
Email: ietf@trammell.ch
Email: ietf@trammell.ch
Mirja Kuehlewind ETH Zurich Gloriastrasse 35 8092 Zurich Switzerland
Mirja Kuehlewind ETH苏黎世Gloriastrasse 35 8092苏黎世瑞士
Email: ietf@kuehlewind.net
Email: ietf@kuehlewind.net