I’m on the train this morning after the two-day Stack Evolution in a Middlebox Internet (SEMI) workshop at the Swiss Federal Institute of Technology (ETH) in Zürich. We had a very successful discussion sponsored by the IAB, the Internet Society, and the Communication Systems Group at ETH. Many thanks to the sponsors, organizers, and participants. Each played a vital role in making the workshop a success.
The IAB Stack Evolution Program provided the vision for the workshop, and some served on the workshop program committee. The forty attendees were selected based on position papers and expertise, allowing the program committee to bring together many viewpoints.
The problems we explored have been discussed before at the IETF, but not all at the same time. They included:
- Application developers have tried to use UDP, but find that many middleboxes, including corporate firewalls, block or degrade the performance of their protocols. This has been particularly evident with WebRTC deployment experience.
- There are a variety of new services that desire a more direct communication between applications and the network path. This has proven difficult in the past because each protocol that uses UDP requires special handling, often needing custom code in each middlebox on the path.
- Network operators sometimes find UDP challenging because it is hard to determine flow context on a per-datagram basis. Information about the flow would improve their ability to reason about the flow with respect to policy and performance.
- In November, the IAB issued a Statement on Internet Confidentiality. Increasing levels of encryption will amplify the above problems. As we noted in that statement, hard work will be needed to reach confidential operation by default.
During the workshop, we discussed what information could be exposed outside an end-to-end encryption context that would allow good policy decisions by middleboxes on the path without compromising the confidentiality or privacy of end-user data.
We concluded that there must be clear incentives for application developers, network operators, and equipment vendors to spur real-world deployment. Possible incentives might include:
- Easier to deploy new Internet applications
- More effective use of UDP by applications on more networks
- Increased confidence for firewall administrators in the coherence of UDP flows
- Ability for network operators to add value to traffic transiting their networks
- Improved user confidentiality and privacy
We will write a workshop report to describe the discussion in detail. Several people signed up to write Internet-Drafts, which will hopefully lead to one or more BoFs in the next year.
Russ Housley, IAB Chair