Internet Architecture Board (IAB) N. RooneyInternet-Draft GSMA Intended status: InformationalRequest for Comments: 8462 S. Dawkins, Ed.Expires: November 26, 2018 Wonder Hamster May 25,Category: Informational September 2018 ISSN: 2070-1721 Report from the IAB Workshop on Managing Radio Networks in an Encrypted World (MaRNEW)Report draft-iab-marnew-report-02Abstract The Internet Architecture Board (IAB) and GSM Association (GSMA) held a joint workshop on"ManagingManaging Radio Networks in an EncryptedWorld"World (MaRNEW), on September 24-25, 2015. This workshop aimed to discuss solutions for bandwidthoptimisationoptimization on mobile networks for encrypted content, as current solutions rely on unencryptedcontentcontent, which is not indicative of the security needs of today's Internet users. The workshop gathered IETF attendees, IABmembersmembers, and participants from variousorganisationsorganizations involved in the telecommunications industry including original equipment manufacturers, content providers, and mobile network operators. The group discussedthe currentInternet encryption trends and deployment issues identified within theIETF,IETF and the privacy needs of userswhichthat should beadhered.adhered to. Solutions designed around sharing data from the network to the endpoints and vice versa were thendiscussed as well as analysing whetherdiscussed; in addition, issues experienced when using currenttransport layertransport-layer protocolsarewere alsoplaying a role here.discussed. Content providers andCDNsContent Delivery Networks (CDNs) gave their own views of their experiences delivering their content with mobile network operators. Finally, technical responses to regulationwaswere discussed to help the regulated industries relay the issues of impossible-to-implement orbad-for- privacybad-for-privacy technologies back to regulators. A group of suggested solutions weredeviseddevised, which will be discussed in various IETF groups moving forward. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsnot an Internet Standards Track specification; it is published for informational purposes. This document is a product of the InternetEngineering Task Force (IETF). NoteArchitecture Board (IAB) and represents information thatother groups may also distribute working documents as Internet-Drafts. The listthe IAB has deemed valuable to provide for permanent record. It represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Draftsthe Internet Architecture Board (IAB). Documents approved for publication by the IAB aredraft documents validnot candidates fora maximumany level of Internet Standard; see Section 2 ofsix monthsRFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 26, 2018.https://www.rfc-editor.org/info/rfc8462. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents(http://trustee.ietf.org/license-info)(https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Understanding "Bandwidth Optimization" . . . . . . . . . 3 1.2. Topics . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Organization ofthis reportThis Report . . . . . . . . . . . . . . .54 1.4. Use of Note Well and the Chatham House Rule . . . . . . .. .5 1.5. IETF and GSMA . . . . . . . . . . . . . . . . . . . . . . 5 2.Scene SettingScene-Setting Sessions . . . . . . . . . . . . . . . . . . . 6 2.1. Scene Setting . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2. Encryption Statistics and Radio Access Network Differences . . . . . . . . . . . . . . . . . . . . . 7 2.2. Encryption Deployment Considerations . . . . . . . . . . 8 2.3. Awareness of User Choice (Privacy) . . . . . . . . . . . 8 3. Network or Transport Solution Sessions . . . . . . . . . . . 9 3.1. Sending DataUp / DownUp/Down for Network Management Benefits . . 10 3.1.1. Competition, Cooperation, and Mobile Network Complexities . . . . . . . . . . . . . . . . . . . . 11 4. Transport Layer: Issues,OptimisationOptimization, and Solutions . . . ..11 5.Application Layer Optimisation, CachingApplication-Layer Optimization, Caching, and CDNs . . . . . . 12 6. Technical Analysis and Response to Potential Regulatory Reaction . . . . . . . . . . . . . . . . . . . . . . . . . .1314 7. Suggested Principles and Solutions . . . . . . . . . . . . .1415 7.1. Better Collaboration . . . . . . . . . . . . . . . . . . 17 8. Since MaRNEW . . . . . . . . . . . . . . . . . . . . . . . .1718 9. Security Considerations . . . . . . . . . . . . . . . . . . .1819 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 11.AcknowledgementsInformative References . . . . . . . . . . . . . . . . . . . 19 Appendix A. Workshop Attendees . . .19 12. Informative References. . . . . . . . . . . . . . 22 Appendix B. Workshop Position Papers . . . . .19 Appendix A. Workshop Attendees. . . . . . . . . 24 Acknowledgements . . . . . . . .22 Appendix B. Workshop Position Papers. . . . . . . . . . . . . .24. . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 1. Introduction The Internet Architecture Board (IAB) and GSM Association (GSMA) held a joint workshop on"ManagingManaging Radio Networks in an EncryptedWorld"World (MaRNEW), on September 24-25, 2015. This workshop aimed to discuss solutions for bandwidthoptimisationoptimization on mobile networks for encrypted content, as current solutions rely on unencryptedcontentcontent, which is not indicative of the security needs of today's Internet users. Mobile networks have a set of propertieswhich placesthat place a large emphasis on sophisticated bandwidth optimization.EncryptionThe use of encryption is increasing on theInternetInternet, which is positive for consumer and business privacy and security. Many existing solutions for mobile bandwidth optimizationsolutionsprimarily operate on non-encrypted communications; this can lead to performance issues being amplified on mobile networks. The use of encryption on networks will continue toincrease, andincrease; with thisunderstandingunderstanding, the workshop aimed to understand how we can solve the issues of bandwidth optimization and performance on radio networks in this encrypted world. 1.1. Understanding "Bandwidth Optimization" For the purposes of this workshop, bandwidth optimization encompasses a variety of technical topics related to traffic engineering,prioritisation, optimisationprioritization, optimization, and efficiency enhancements. It also encompasses user-related topics such as specific subscription or billing models, and it may touch upon regulatory aspects or other issues relating to government-initiated regulatory concerns. The first category of bandwidth optimizationincludes:includes the following: o Caching oPrioritisationPrioritization of interactive traffic over background traffic o Per-user bandwidthlimitlimits The second category of bandwidth optimization may depend on one or more of the first category optimization strategies, but may, in particular, also encompass business-related topics such as content delivery arrangements with content providers. Finally, while not strictly speaking of traffic management, some networks employ policy-based filtering (e.g., requested parentalcontrols)controls), and many networks support some form of legal interception functionality per applicable laws. Many of these functions can continue as they are performed today, even withencreasedincreased use of encryption. Others are using methodswhichthat inspect parts of the communication that are not encrypted today, but will be encrypted, and these functions will have to be done differently in an increasingly encrypted Internet. 1.2. Topics The workshop aimed to answer questionsincluding:that focused on: oUnderstandingunderstanding the bandwidth optimization use cases particular to radionetworksnetworks; oUnderstandingunderstanding existing approaches and how these do not work with encryptedtraffictraffic; oUnderstandingunderstanding reasons why the Internet has notstandardisedstandardized support for lawful intercept and why mobile networkshavehave; oDeterminingdetermining how to match traffic types with bandwidth optimization methods oDiscussingdiscussing minimal information to be shared to manage networks but ensure user security andprivacyprivacy; oDevelopingdeveloping new bandwidth optimization techniques and protocols within these newconstraintsconstraints; oDiscussingdiscussing the appropriate network layer(s) for each managementfunctionfunction; and oCooperativecooperative methods of bandwidth optimization and issues associated withthesethese. The further aim was to gather architectural and engineering guidance on future work in the bandwidthoptimisationoptimization area based on the discussions around the proposed approaches. The workshop also explored possible areas for standardization,e.g.e.g., new protocols that can aid bandwidth optimization whilst ensuring that user securityinlineis in line with new work intransport layertransport-layer protocols. 1.3. Organization ofthis reportThis Report This workshop report summarizes the contributions to and discussions at the workshop, organized by topic. The workshop began withscenescene- setting topicswhichthat covered the issues around deploying encryption, the increased need for privacy on theInternetInternet, and setting a clear understanding that ciphertext should remain unbroken. Later sessions focused on key solution areas; these included evolution on the transport layer and sending data up or down the path. A session on application layers and CDNs aimed to highlight both issues and solutions experienced on the application layer. The workshop ended with a session dedicated to discussing a technical response to regulation with regards to encryption. The contributing documentswere split between identifyingidentified the issues experienced with encryption on radio networks and suggested solutions. Of the solutionssuggestedsuggested, some focused on transport evolution, some on trustedmiddleboxesmiddleboxes, and others on collaborative data exchange. Solutions were discussed within the sessions. All accepted position papers and detailed transcripts of discussion are available at [MARNEW]. The outcomes of the workshop are discussed inSectionSections 7 and8, and8; they discuss the progressaftermade since the workshop toward each of the identified work itemsas ofthrough the timeof publication ofthisreport.document was approved for publication. Report readers should be reminded that this workshop did not aim to discuss regulation or legislation, although policy topics were mentioned in discussions from time to time. 1.4. Use of Note Well and the Chatham House Rule The workshop was conducted under the IETF [NOTE_WELL] with the exception of the "Technical Analysis and Response to Potential Regulatory Reaction"sessionsession, which was conducted under the [CHATHAM_HOUSE_RULE]. 1.5. IETF and GSMA The IETF and GSMA [GSMA] have different working practices,standardsstandards, and processes. IETF is an openorganisationorganization withcommunity drivencommunity-driven standards, with the key aim of functionality and security for the Internet's users, while the GSMA is membership based and serves the needs of its membership base, most of whom are mobile network operators. Unlike IETF, GSMA makes few standards. Within the telecommunicationsindustryindustry, standards are set in various divergent groups depending on their purpose. Perhaps of most relevance to the bandwidthoptimisationoptimization topic here is the work of the 3rd Generation Partnership Project (3GPP)[SDO_3GPP][SDO_3GPP], which works on radio network and core network standards. 3GPP members include mobile operators and original equipment manufacturers. One of the 3GPP standards relevant to this workshop isPCC-QoSPolicy and Charging Control QoS [PCC-QOS].TraditionallyTraditionally, mobile networks have managed different applications and services based on the resources available and priorities given; for instance, emergency services have a top priority, data has a lowerprioritypriority, and voice services are somewhere in-between. 3GPP defined the PCC-QoS mechanism to support this functionality, and this depends on unencrypted communications [EffectEncrypt]. 2.Scene SettingScene-Setting SessionsScene settingScene-setting sessions aimed to bring all attendees up to a basic understanding of the problem and the scope of the workshop. There were threescene settingscene-setting sessions: o Section 2.1: Scene Setting(defining scope),o Section 2.2: Encryption Deployment Considerationsand Trust Models ando Section 2.3: Awareness of User Choice(Privacy).(Privacy) 2.1. Scene Setting The telecommunications industry and Internet standards community are extremely different in terms of ethos and practices. Both groups drive technical standards in their domain and build technical solutions with some policy-driven use cases. These technologies, usecasescases, and technical implementations are different, and the motivators between the two industries are also diverse. To ensure all attendees were aligned with contributing to discussions and drivingsolutionssolutions, this "Scene Setting" session worked on generating a clear scope with all attendees involved. Inshort:short, it was agreed that 1) ciphertext encrypted by one party and intended to be decrypted by a second party should not be decrypted by a third party in any solution,that2) theradio access networkRadio Access Network (RAN) does experience issues with increased encrypted traffic,that we3) the RAN issues need tounderstand what those problems are preciselybe understood precisely, andthat our4) the goal is to improve user experience on the Internet. Proposing new technical solutions based on presumed future regulation was not in scope. The full scope is given below. 2.1.1. Scope The attendees identified and agreed to thefollowing scope: o In discussion wescope described here. We shouldassume: Nodo the following: o in discussion, assume that there is no brokencrypto, Ciphertextcrypto; ciphertext is increasinglycommon,common; congestion does need to be controlledas(as do other transportissuesissues); andNetwork managementnetwork management, including efficient use ofresources,resources in RAN and elsewhere, has toworkwork; oHow/why isidentify how/why RAN is different fortransport; help ustransport, and attempt to understand the complexities oftheRANand(i.e., how hard it is tomanagemanage) and why thosemattercomplexities matter; oWhat areidentify the precise problems caused bymore ciphertextincreased use of encryption; oIdentify players, inidentify players (in addition to endusers,users), the resultingtensionstensions, and how ciphertext changes those tensions; oSomediscuss how some solutions will be radically changed byciphertext, it'sciphertext (it's ok to talk aboutthatthat) oTheassume that the best possible quality of experience for the end user is agoalgoal; and lastly, oOur aimfor the next twodays isdays, aim toanalyseanalyze the situation and identify specific achievable tasks that could be tackled in the IETF or GSMA (orelsewhere?)elsewhere) and that improve the Internet given the assumptionsabove oabove. We should not delveinto: * Waysinto the following: o ways of doinginterception (legalinterception, legal ornot),not, for the reasons described in[RFC2804] * Unpredictable[RFC2804]; and, o unpredictable political actions. 2.1.2. Encryption Statistics and Radio Access Network DifferencesAttendeesAccording to then-current statistics, attendees were shown that encrypted contentis reachingreaches around 50%according to then-current statistics[STATE_BROWSER]and[STATE_SERVER]. The IAB is encouraging all IETF working groups to consider the effect encryption being "on by default" will have on new protocolwork, and thework. The IETF is also working on encryption at lower layers. One recent example of this work is opportunistic TCP encryption within the TCP Increased Security [TCPINC] Working Group. The aims of these work items are greater security and privacy for end users and their data. Telecommunications networks often contain middleboxes that operators have previously considered to be trusted, but qualifying trust is difficult and should not be assumed. Some interesting use cases exist with these middleboxes, such as anti-spam and malware detection, but these need to be balanced against their ability to open up cracks in the network for attacks such as pervasive monitoring. When operators increase the number of radio access network cells("Base Stations"),(base stations), this can improve the radio access network quality ofservice , butservice; however, it also adds to radio pollution. This is one example of the balancing act required when devising radio access network architecture. 2.2. Encryption Deployment Considerations Encryption across the Internet is on the rise. However, someorganisationsorganizations and individuals that are mainly driven by commerical perspectives come across a common set of operational issues when deployingencryption, mainly driven by commercial perspectives. The [UBIQUITOUS] draftencryption. [RFC8404] explains these network management function impacts, detailing areas around incident monitoring, access control management, and regulation on mobile networks. The data was collected from various Internet players, including system and network administrators across enterprise, governmentalorganisationsorganizations, and personal use. The aim of the document is to gain an understanding of what is needed for technical solutions to theseissues,issues while maintaining security and privacy for users. Attendees commented that worthwhile additions wouldbe:be different business environments(e.g.(e.g., cloud environments) and service chaining. Incident monitoring in particular was noted as a difficult issue to solve given the use ofURLURLs in today's incident monitoring middleware. Some of these impacts to mobile networks can be resolved usingdifference methodsdifferent methods, and the [NETWORK_MANAGEMENT]draftdocument details these methods. Thedraftdocument focuses heavily on methods to manage network traffic without breaching user privacy and security. By reviewing encryptiondepoymentdeployment issues and the alternative methods of networkmanagementmanagement, MaRNEW attendees were made aware of the issueswhichthat affect radio networks, the deployment issueswhichthat are solvable and require no further action, and thosewhich aren't currently solveable and whichissues that have not yet been solved but should be addressed within the workshop. 2.3. Awareness of User Choice (Privacy) Some solutions intended to improve delivery of encrypted content could affect some or all of the privacy benefits that encryption provides. Understanding user needs and desires for privacy is therefore important when designing these solutions. From a then-current study[Pew2014][Pew2014], 64% of users said concerns over privacy have increased, and 67% of mobile Internet users would like to do more to protect their privacy. The World Wide Web Consortium (W3C) and IETF have both responded to user desires for better privacy by recommending encryption for new protocols and web technologies. Within theW3CW3C, new security standards areemergingemerging, and the design principles for HTMLholdmaintain that users are the stakeholders withmostthe highest priority, followed by implementors and other stakeholders, which furtherenforcingenforces the "user first" principle. Users also have certain security expectations from particularcontexts,contexts and sometimes use new technologies to further protect theirprivacyprivacy, even if those technologies weren't initially developed for that purpose. Operators may deploy technologieswhichthat can either impact user privacy without being aware of those privacy implications or incorrectly assume that the benefits users gain from the new technology outweigh the loss of privacy. If these technologies arenecessarynecessary, they should beopt-in.opt in. Internet stakeholders should understand the priority of other stakeholders. Users should be considered the first priority. Other stakeholders include implementors, developers, advertisers,operatorsoperators, and other ISPs. Sometechnologiestechnologies, such as cookie use and JavaScriptinjectioninjection, have been abused by these parties. This has caused some developers to encrypt content to circumvent these technologieswhichthat are seen as intrusive or bad for user privacy. If users and content providers are toopt-inopt in to network management services with negative privacy impacts, they should see clear value from using theseservices,services and understand the impacts of using these services. Users should also have easy abilities toopt-out.opt out. Some users will always automatically click through consent requests, so any model relying on explicit consent is flawed for these users. Understanding the extent of "autoclick through"click-through" may improve decisions about the use of consent requests in the future. One model (Cooperative Traffic Management) works as an agent of the user; byopting-inopting in, metadata can be shared. Issues with this involve trust only being applied at endpoints. 3. Network or Transport Solution Sessions Network or Transport Solution Sessionsaimed to discussdiscussed proposed solutions for managing encrypted traffic on radio access networks. Most solutions focus on metadata sharing, whether this sharing takes place from the endpoint to the network, from the network to the endpoint, or cooperatively in both directions.Transport layerTransport-layer protocol evolution could be another approach to solve some of the issues radio access networkserienceexperience, which cause them to rely on network management middleboxes. By removing problems at the transport layer, reliance on expensive and complex middleboxes could decrease. 3.1. Sending DataUp / DownUp/Down for Network Management Benefits Collaboration between network elements and endpoints could bring about better content distribution. A number of suggestions were given; theseincluded:included the following: o Mobile Throughput Guidance [MTG]: exchanges metadata between network elements and endpoints via TCPOptions.options. It also allows for better understanding of how the transport protocol behaves andimprovingfurther improves the userexperience further,experience, although additional work on MTG is still required. oSPUDSession Protocol for User Datagrams [SPUD]: a UDP-based encapsulation protocol to allow explicit cooperation with middleboxes whileusing new,using, new encrypted transport protocols. o Network Status API:Anan API for operators to share congestion status or the state of a cell before an application starts sending data that could allow applications to change theirbehaviour.behavior. o Trafficclassification:Classification: classifying traffic and adding these classifications as metadata for analysis throughout the network. This idea has trust and privacy implications. oConExCongestion Exposure [CONEX]: a mechanism where senders inform the network about the congestion encountered by previous packets on the same flow, in-band at the IP layer. o Latency versus Bandwidth:allowinga bit that allows the content provider to indicate whether higher bandwidth or lower latency is of greater priority andallowingallows the network to react based on that indication. Where this bit resides in the protocol stack and how it is authenticated would need to be decided. o Nonetwork management tools:Network Management Tools: disabling all network management tools from the network andrelyrelying only on end-to-end protocols to manage congestion. oFairness-aware Delay-controlledFlow Queue Controlled Delay(FD-CoDel)(FQ-CoDel) [FLOWQUEUE]: a hybrid packetscheduler/Activescheduler / Active Queue Management(AQM, [RFC7567]) algorithm,(AQM) [RFC7567] algorithm aiming to reduce bufferbloat and latency. FQ-CoDel manages packets from multiple flows and reduces the impact of head-of-line blocking from bursty traffic. Some of these suggestions rely on signaling from network elements toendpoint.endpoints. Others aim to create"hop-to-hop""hop-by-hop" solutions, which could be more aligned with how congestion is managedtoday,today but with greater privacy implications. Still others rely on signaling from endpoints to network elements. Some of these rely on implicitsignaling,signaling and others on explicit signaling. Some workshop attendees agreed that relying on applications to explicitly declare the quality of service they require was not a good pathforward,forward given the lack of success with this model in the past. 3.1.1. Competition, Cooperation, and Mobile Network Complexities One of the larger issues inthesharingofdata about the problems encountered with encrypted traffic in wireless networks is the matter of competition; network operators are reluctant to relinquish data about their own networks because it contains information that is valuable to competitors, and application providers wish to protect their users and reveal as little information as possible to the network. Some people think that if middleboxes were authenticated and invoked explicitly, this would be an improvement over current transparent middleboxes that intercept traffic without endpoint consent. Some workshop attendees suggested any exchange of information should bebidirectional,bidirectional in an effort to improve cooperation between the elements. A robust incentive framework could provide a solution to theseissues,issues or at least help mitigate them. The radio access network is complex because it must deal with a number of conflicting demands. Base stations reflect this environment, and information within these base stations can be of value to other entities on the path. Some workshop participants thought solutions for managing congestion on radio networks should involve the base station if possible. For instance, understanding how theRadio Resource Controllerradio resource controller and AQM [RFC7567] interact (or don't interact) could provide valuable information for solving issues. Although many workshop attendees agreed that even though there is a need to understand the base station, not all agreed that the base station should be part of a future solution. Some suggested solutions were based on networkcategorisationcategorization and on providing this information to the protocols or endpoints. Completelycategorisingcategorizing radio networks could be impossible due to their complexity, butcategorisingcategorizing essential network properties could be possible and valuable. 4. Transport Layer: Issues,OptimisationOptimization, and Solutions TCP has been the dominant transport protocol since TCP/IP replaced theNCPNetwork Control Protocol (NCP) on theArpanetARPANET in March 1983. TCP was originally devised to work on a specific network model that did not anticipate the high error rates and highly variable available bandwidth scenarios experienced on modern radio access networks.FurthermoreFurthermore, new network elements have been introduced (NATs and network devices with large buffers creating bufferbloat), and considerable peer-to-peer traffic is competing with traditional client-server traffic.ConsequentlyConsequently, the transport layer today has requirements beyond what TCP was designed to meet. TCP has other issues as well; too many services rely on TCP and only TCP, blocking deployment of new transport protocols likeSCTPthe Stream Control Transmission Protocol (SCTP) andDCCP.Datagram Congestion Control Protocol (DCCP). This means that true innovation on the transport layer becomes difficult because deployment issues are more complicated than just building a new protocol. The IETF is trying to solve these issues through the IAB's"Stack Evolution" programme,IP Stack Evolution program, and the first step in thisprogrammeprogram is to collect data. Network and content providers can provide data including: the cost of encryption, the advantages of network management tools, the deployment of protocols, and the effects when network management tools are disabled.NetworkFor mostly competitive reasons, network operators do not tend to reveal network informationmostly for competitive reasonsand so are unlikely to donate this information freely to the IETF. The GSMA is in a position to try to collect this data andanonymiseanonymize it before bringing it toIETFIETF, which should alleviate the network operator worries but still provide IETF with some usable data.A considerable amount of work has already been done on TCP, especially innovation in bandwidth management and congestion control; althoughAlthough congestion is only detected when packet loss isencountered,encountered and better methods based on detecting congestion would bebeneficial.beneficial, a considerable amount of work has already been done on TCP, especially innovation in bandwidth management and congestion control. Furthermore, although the deficiencies of TCP are often consideredaskey issues in the evolution of the Internet protocol stack, the main route to resolve these issues may not be a new TCP, but an evolved stack. Some workshop participantsthoughtsuggested that SPUD [SPUD] andICNInformation-Centric Networking (ICN) [RFC7476]are two suggestions whichmay help here.QUICQuick UDP Internet Connection [QUIC] engineers stated that the problems solved by QUIC are general problems, rather than TCP issues. This view was not shared by all attendees of the workshop. Moreover, TCP has had some improvements in the last fewyearsyears, which may mean some of the network lower layers should be investigated to see whether improvements can bemade here.made. 5.Application Layer Optimisation, CachingApplication-Layer Optimization, Caching, and CDNs Many discussions on the effects of encrypted traffic on radio access networks happen between implementers and the networkoperators; thisoperators. This session aimed to gather the opinions of the content and caching providersincludingregarding their experiences running over mobile networks, the quality of experience their users expect, andwhatthe content and caching that providers would like to achieve by working with or using the mobile network. Content providers explained how even though this workshop cited encrypted data over radio access networks as the main issue, the real issue is network management generally, and all actors (applications providers,networksnetworks, and devices) need to work together to overcome these general network management issues. Content providers explained how they assume the mobile networks arestandardstandards compliant. When the network is not standards compliant(e.g.(e.g., using non-standards- compliantintermediaries)intermediaries), content providers can experience real costs as users contact their supportcentrescenters to report issueswhichthat are difficult to test for and resolve. Content providers cited other common issues concerning data traffic over mobile networks. Data subscription limits("caps")(known as "caps") cause issues for users; users are confused about how data caps work or are unsure how expensive media is and how much data it consumes. Developers build products on networks not indicative of the networks their customers areusingusing, and not everyorganisationorganization has the finances to build a caching infrastructure. Strongly related to content providers, content owners consider CDNs to be trusted deliverers ofcontentcontent, and CDNs have shown great success in fixed networks. Now that more traffic is moving to mobilenetworksnetworks, there is a need to place caches near the user at the edge of the mobilenetwork, near the users.network. Placing caches at the edge of the mobile network is a solution, but it requires standards developed by content providers and mobile network operators. TheCNDiIETF's CDN Interconnection [CDNI] Working Group[CDNI] at IETFaims to allow global CDNs to interoperate with mobileCDNs;CDNs, but this causes huge issues for the caching of encrypted data between these CDNs. Some CDNs are experimenting with approaches like "Keyless SSL" [KeylessSSL] to enable safer storage of content without passing private keys to the CDN. Blind Caching [BLIND_CACHING] is another proposal aimed at caching encrypted content closer to the user and managing the authentication at the original content provider servers. At the end of thesessionsession, each panelist was asked to identify one key collaborative work item. Work items named were: evolving to cache encrypted content, usingone-bitone bit for latency / bandwidthtrade-offtrade- off (explained below), better collaboration between the network and application, better metrics to aid troubleshooting and innovation, and indications from the network to allow the application to adapt. 6. Technical Analysis and Response to Potential Regulatory Reaction This session was conducted under the Chatham House Rule. The session aimed to discuss regulatory and political issues, but not their worth orneed; ratherneed, and to understand the laws that exist and how technologists can properly respond tothese.them. Mobile networks areregulated,regulated; compliance is mandatory(and non- compliance can result in service license revocation in some nations)and can incur costs on the mobile networkoperator.operator, while non-compliance can result in service license revocation in some nations. Regulation does vary geographically. Some regulations are courtorders,orders and others are self-imposed regulations, for example, "block lists" of websites such as the Internet Watch Foundationlist [IWF].[IWF] list. Operators are not expected to decrypt sites, so those encrypted sites will not be blocked because of content.Parental control-typeParental-control-type filters also exist on the network and are easily bypassed today, vastly limiting their effectiveness. Better solutions would allow for users to easily set these restrictions themselves. Other regulations are also hard to meet, such as user data patterns, or will become harder tocollect -collect, such as"InternetInternet ofThings"Things (IoT) cases. Most attendees agreed that if a government cannot get information it needsand(and is legally entitled tohavehave) from networkoperatorsoperators, they will approach content providers. Some governments are aware of the impact of encryption and are working with, or trying to work with, content providers. The IAB has concluded that blocking and filtering can be done at the endpoints of the communication. Not all of these regulations apply to the Internet, and the Internet community is not always aware of their existence.CollectivelyCollectively, the Internet community can work with GSMA and 3GPP and actcollectivelytogether to alleviate the risk imposed by encrypted traffic. Some participants expressed concern that governments might require operators to provide information that they no longer have the ability toprovide,provide becausepreviously-unencryptedpreviously unencrypted traffic is now being encrypted, and this might expose operators to new liability, but no specific examples were given during the workshop. A suggestion from some attendees was that if any new technical solutions are necessary, they should easily be "switched off". Some mobile network operators are producing transparency reports covering regulations including lawful intercept. Operators who have done this already are encouraging others to do the same. 7. Suggested Principles and Solutions Based on the talks and discussions throughout theworkshopworkshop, a set of suggested principles and solutions has been collected. This is not an exhaustive list, and no attempt was made to come to consensus during the workshop, so there are likely at least some participants who would not agree with any particular principle listed below. The list is a union of participant thinking, not an intersection. o Encrypted Traffic:anyAny solution should encourage and support encrypted traffic. o Flexibility:radioRadio access network qualities varyvastlyvastly, and the network needs of content can differ significantly, so any new solution should be flexible across either the network type, content type, or both. o Privacy:newNew solutions should not introduce new wayswherefor informationcanto be discovered and attributed to individual users. o Minimum data only for collaborative work:userUser data, application data, and network data allneedsneed protection, so new solutions should usethe minimumminimal information to make a working solution. A collection of solutions suggested by various participants during the workshop is given below. Inclusion in this list does not imply that other workshop participants agreed. Again, the list is a union of proposed solutions, not an intersection. o Evolving TCP or evolution on the transport layer:thisThis could take a number offormsforms, and some of this work is already underway within the IETF. o Congestion Control:manyMany attendees cited congestion control as a key issue. Further analysis,investigationinvestigation, and work could be done in this space. oSPROUT: researchSprout [SPROUT]: Researched atMIT whichMIT, Sprout is a transport protocol for applications that desire high throughput and low delay.[SPROUT]oPCC:PCC [PCC]: Performance-oriented CongestionControl:Control is a new architecture that aims for consistent highperformanceperformance, even in challenging scenarios. PCC endpoints observe the connection between their actions and their known performance, which allows them to adapt their actions.[PCC]o CDNs and Caches: This suggests that placing caches closer to the edge of the radio network, as close as possible to the mobile user, or making more intelligentCDNsCDNs, would result in faster content delivery and less strain on the network. o BlindCaching:Caching [BLIND_CACHING]: This is a proposal for caching of encryptedcontent [BLIND_CACHING].content. o CDNimprovements: including keylessImprovements: This includes Keyless SSL and better CDN placement. o Mobile ThroughputGuidance:Guidance [MTG]: This is a mechanism and protocol elements that allow the cellular network to provide near real-time information on capacity available to the TCP server.[MTG]o OnebitBit forlatencyLatency /bandwidth trade-off:Bandwidth Trade-Off: This suggests determining whether using a single bit in an unencrypted transport header to distinguish between traffic that the sender prefers to be queued and traffic that the sender would prefer to drop rather than delay provides additional benefits beyond what can be achieved without this signaling. o Base Station:someSome suggestions involved"usingusing theBase Station",base station, but this was not defined in detail. TheBase Stationbase station holds theRadio Resource Controllerradio resource controller andschedulerscheduler, which could provide a place to host solutions, or data from theBase Stationbase station could help in devising new solutions. o Identifytraffic typesTraffic Types via5-tuple: information5-Tuple: Information from the 5-tuple could provide understanding of the traffic type, and network management appropriate for that traffic type could then be applied. o Heuristics: Networks can sometimes identify traffic types by observingcharacteristicscharacteristics, such as data flowraterate, and then apply network management to these identified flows. This is notrecommendedrecommended, ascategorisationscategorizations can be incorrect. o APIs: An API for operators to share congestion status or the state of a cell before an application starts sending data could allow applications to change theirbehaviour. Alternativelybehavior. Alternatively, an API could provide the network with information on the data type, allowing appropriate network management for that datatype, althoughtype; however, this method exposes privacy issues. o Standard approach for the operator to offer services to Content Providers:mobileMobile network operators could provide caching services or other services for content providers to use for faster and smoother content delivery. o AQM [RFC7567] and ECN [RFC3168] deployments:queuingQueuing and congestion management methods have existed for some time in the form of AQM,ECNECN, andothersothers, which can help the transport and Internet protocol layers adapt to congestion faster. o Trust Model or Trust Framework:someSome solutions in this area(e.g.(e.g., SPUD) have a reliance on trust when content providers or the network are being asked to add classifiers to their traffic. o Keyless SSL [KeylessSSL]: This allows content providers to maintain their private keys on a"key server"key server and host the content elsewhere(e.g.(e.g., on a CDN). This could becomestandardisedstandardized in the IETF. [LURK] o Meaningful capacity sharing:includingThis includes the ConEx [CONEX]workwork, which exposes information about congestion to the network nodes. o Hop-by-hop:someSome suggestions offer hop-by-hop methodsallowingthat allow nodes to adapt flow given the qualities of the networks around them and the congestion they are experiencing. o Metrics and metric standards:inIn order to evolve current protocols to be best suited to today's networks, data is needed about current network conditions, protocol deployments, packettracestraces, and middleboxbehaviour.behavior. Beyond this, proper testing and debugging on networks could provide great insight for stack evolution. o 5G: Mobile operator standards bodies are in the process of setting the requirements for 5G. Requirements for network management could be added. In the workshop, attendees identified other areas where greater understanding could help the standards process. These were identified as: oGreatergreater understanding of the RANat IETF.within the IETF; oReviewsreviews and comments on 3GPPperspective.perspective; and, oHowhow to do congestion control in the RAN. 7.1. Better Collaboration Throughout theworkshopworkshop, attendees placed emphasis on the need for better collaboration between the IETF and telecommunications bodies andorganisations.organizations. The workshop was one such way to achieve this, but the good work and relationships built in the workshop should continue so the two groups can work on solutionswhichthat are better for both technologies and users. 8. Since MaRNEW SinceMaRNEWMaRNEW, a number of activities have taken place in various IETF workinggroups,groups and in groups external to IETF. TheACCORDAlternatives to Content Classification for Operator Resource Deployment (ACCORD) BoF was held at IETF 95 in November 2015, which brought the workshop discussion to the wider IETF audiences by providing an account of the discussions that had taken place within the workshop and highlighting key areas to progress on. Key areas to progress on and an update on their current status are as follows: o The collection ofuseableusable metrics and data were requested by a number of MaRNEW attendees, especially for use within the IRTF Measurement and Analysis for Protocols (MAP) Research Group; this data has been difficult to collect due to the closed nature of mobile network operators. o Understanding impediments to protocol stack evolution has continued within the IAB's IP Stack Evolutionprogrammeprogram and throughout transport-related IETF working groups such as the Transport Area Working Group (TSVWG). o The Mobile Throughput Guidancedraftdocument [MTG] has entered into a testing and data collectionphase;phase, although further advancements in transport technologies(among others, QUIC)(QUIC, among others) may have stalled efforts in TCP-related proposals. o Work on proposals for caching encrypted content continue, albeit with some security flawswhichthat proponents are working on further proposals to fix. Mostoftenoften, these are discussed within the IETF HTTPbisworking group.Working Group. o ThePLUSPath Layer UDP Substrate (PLUS) BOF at IETF 96 in July 2016 did not result in the formation of a working group,withas attendeesexpressingexpressed concern on the privacy issues associated with thedata sharingproposed data-sharing possibilities of the shimlayer proposed.layer. o TheLURKLimited Use of Remote Keys (LURK) BOF at IETF 96 in July 2016 did not result in the formation of a workinggroup,group because the BOF identified more problems with the presumed approach than anticipated. The most rewarding output of MaRNEW is perhaps the most intangible. MaRNEW gave two rather divergent industry groups the opportunity to connect and discuss common technologies and issues affecting users and operations. MobileNetworknetwork providers and key Internet engineers and experts have developed a greater collaborative relationship to aid development of further standardswhichthat work across networks in a secure manner. 9. Security Considerations This document is an IAB report from a workshop on interactions between network security, especially privacy, and network performance. It does not affect the security of the Internet, taken on its own. 10. IANA Considerations This documentmakeshas norequests of IANA. 12.IANA actions. 11. Informative References [BLIND_CACHING]Holmberg,Thomson, M., Eriksson, G., and C. Holmberg, "Caching Secure HTTP Content using Blind Caches", Work in Progress, draft-thomson-http-bc-01, October2016, <https://www.ietf.org/archive/id/ draft-thomson-http-bc-01.txt>.2016. [CDNI] IETF, "Content Delivery Networks InterconnectionWorking Group", n.d.,(cdni)", <https://datatracker.ietf.org/wg/cdni/charter/>. [CHATHAM_HOUSE_RULE] Chatham House, "Chatham HouseRule", n.d.,Rule | Chatham House", <https://www.chathamhouse.org/about/chatham-house-rule>. [CONEX] IETF, "Congestion ExposureWorking Group", n.d.,(conex) - Documents", <https://datatracker.ietf.org/wg/conex/documents/>. [EffectEncrypt] Xiong, C. and M. Patel,C.,"The effect of encrypted traffic on the QoS mechanisms in cellular networks", August 2015, <https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf>. [FLOWQUEUE]Dumazet,Hoeiland-Joergensen, T., McKenney, P., Taht, D., Gettys, J., and E. Dumazet, "FlowQueue-Codel",March 2014, <https://tools.ietf.org/html/draft-hoeiland-joergensen- aqm-fq-codel-00>.Work in Progress, draft-hoeiland-joergensen-aqm-fq-codel-01, November 2014. [GSMA] GSMA, "GSMA Homepage",n.d.,<http://gsma.com>. [IWF] IWF, "Internet WatchFoundation", n.d.,Foundation Homepage", <https://www.iwf.org.uk/>. [KeylessSSL] Sullivan, N., "Keyless SSL: The Nitty Gritty Technical Details", September 2014, <https://blog.cloudflare.com/ keyless-ssl-the-nitty-gritty-technical-details/>. [LURK]Ma,Migault, D.,"TLS/DTLS Content Provider Edge Server SplitMa, K., Salz, R., Mishra, S., and O. Dios, "LURK TLS/DTLS UseCase", January 2016, <https://tools.ietf.org/html/draft- mglt-lurk-tls-use-cases-00>.Cases", Work in Progress, draft-mglt- lurk-tls-use-cases-02, June 2016. [MARNEW]"MaRNEWIAB, "Managing Radio Networks in an Encrypted World (MaRNEW) WorkshopIAB Homepage", n.d.,2015", <https://www.iab.org/activities/workshops/marnew/>. [MTG]Smith,Jain, A., Terzis, A., Flinck, H., Sprecher, N., Arunachalam, S., Smith, K., Devarapalli, V., and R. Yanai, "Mobile Throughput Guidance Inband Signaling Protocol",September 2015, <https://www.ietf.org/archive/id/draft-flinck-mobile- throughput-guidance-03.txt>.Work in Progress, draft-flinck-mobile-throughput-guidance- 04, March 2017. [NETWORK_MANAGEMENT] Smith, K., "Network management of encrypted traffic", Work in Progress, draft-smith-encrypted-traffic-management-05, May2015, <https://tools.ietf.org/html/draft-smith-encrypted- traffic-management-00>.2016. [NOTE_WELL] IETF, "IETF Note Well",n.d., <https://www.ietf.org/about/note- well.html>.<https://www.ietf.org/about/note-well.html>. [PCC]Schapira,Dong, M.,"PCC,Li, Q., Zarchy, D., Brighten Godfrey, P., and M. Schapira, "PCC: Re-architecting Congestion Control for Consistent High Performance", Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15), USENIX Association, May 2015,<http://arxiv.org/pdf/1409.7092v3.pdf>.<https://www.usenix.org/system/files/conference/nsdi15/ nsdi15-paper-dong.pdf>. [PCC-QOS] 3GPP, "Policy and charging control signalling flows and Quality of Service (QoS) parameter mapping",March 2016,3GPP TS 29.213, version 15.3.0, Release 15, June 2018, <http://www.3gpp.org/DynaReport/29213.htm>. [Pew2014] Madden, M., "Public Perceptions of Privacy and Security in thePost- SnowdenPost-Snowden Era", November 2014, <http://www.pewinternet.org/2014/11/12/ public-privacy-perceptions/>. [QUIC]Swett,Hamilton, R., Iyengar, J.,"QUIC,Swett, I., and A. Wilk, "QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2",June 2015, <https://tools.ietf.org/html/draft-tsvwg-quic-protocol- 00>.Work in Progress, draft-tsvwg-quic-protocol-02, January 2016. [RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, DOI 10.17487/RFC2804, May 2000,<https://www.rfc- editor.org/info/rfc2804>.<https://www.rfc-editor.org/info/rfc2804>. [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, DOI 10.17487/RFC3168, September 2001, <https://www.rfc-editor.org/info/rfc3168>. [RFC7476] Pentikousis, K., Ed., Ohlman, B., Corujo, D., Boggia, G., Tyson, G., Davies, E., Molinaro, A., and S. Eum, "Information-Centric Networking: Baseline Scenarios", RFC 7476, DOI 10.17487/RFC7476, March 2015, <https://www.rfc-editor.org/info/rfc7476>. [RFC7567] Baker, F., Ed. and G. Fairhurst, Ed., "IETF Recommendations Regarding Active Queue Management", BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015, <https://www.rfc-editor.org/info/rfc7567>. [RFC8404] Moriarty, K., Ed. and A. Morton, Ed., "Effects of Pervasive Encryption on Operators", RFC 8404, DOI 10.17487/RFC8404, July 2018, <https://www.rfc-editor.org/info/rfc8404>. [SDO_3GPP] 3GPP, "3GPP Homepage",n.d.,<http://www.3gpp.org/>. [SPROUT]Balakrishnan,Winstein, K., Sivaraman, A., and H. Balakrishnan, "Stochastic Forecasts Achieve High Throughput and Low Delay over Cellular Networks", 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI '13), USENIX Association, April 2013, <https://www.usenix.org/system/files/conference/nsdi13/ nsdi13-final113.pdf>. [SPUD] IETF, "Session Protocol for UserDatagrams", n.d., <https://datatracker.ietf.org/wg/spud/documents/>.Datagrams (spud)", <https://datatracker.ietf.org/wg/spud/about/>. [STATE_BROWSER] Barnes, R., "Some observations of TLS in the web", July 2015,<https://www.ietf.org/proceedings/93/slides/slides- 93-saag-3.pdf>.<https://www.ietf.org/proceedings/93/slides/ slides-93-saag-3.pdf>. [STATE_SERVER] Salz, R., "Some observations of TLS in the web", July 2015,<https://www.ietf.org/proceedings/93/slides/slides- 93-saag-4.pdf>.<https://www.ietf.org/proceedings/93/slides/ slides-93-saag-4.pdf>. [TCPINC] "TCP Increased SecurityWorking Group", n.d.,(tcpinc)", <https://datatracker.ietf.org/wg/tcpinc/charter/>.[UBIQUITOUS] Morton, K., "Effect of Ubiquitous Encryption", March 2015, <https://tools.ietf.org/html/draft-mm-wg-effect-encrypt- 01>.Appendix A. Workshop Attendees o Rich Salz, Akamai o Aaron Falk, Akamai o Vinay Kanitkar, Akamai o Julien Maisonneuve, Alcatel Lucent o Dan Druta, AT&T o Humberto La Roche, Cisco o Thomas Anderson, Cisco o Paul Polakos, Cisco o Marcus Ihlar, Ericsson o Szilveszter Nadas, Ericsson o John Mattsson, Ericsson o Salvatore Loreto, Ericsson o Blake Matheny, Facebook o Andreas Terzis, Google o Jana Iyengar, Google o Natasha Rooney, GSMA o Istvan Lajtos, GSMA o Emma Wood, GSMA o Jianjie You, Huawei o Chunshan Xiong, Huawei o Russ Housley, IAB o Mary Barnes, IAB o Joe Hildebrand, IAB / Cisco o Ted Hardie, IAB / Google o Robert Sparks, IAB / Oracle o Spencer Dawkins, IETF AD o Benoit Claise, IETF AD / Cisco o Kathleen Moriarty, IETF AD / EMC o Barry Leiba, IETF AD / Huawei o Ben Campbell, IETF AD / Oracle o Stephen Farrell, IETF AD / Trinity College Dublin o Jari Arkko, IETF Chair / Ericsson o Karen O'Donoghue, ISOC o Phil Roberts, ISOC o Olaf Kolkman, ISOC o Christian Huitema, Microsoft o Patrick McManus, Mozilla o Dirk Kutscher, NEC Europe Network Laboratories o Mark Watson, Netflix o Martin Peylo, Nokia o Mohammed Dadas, Orange o Diego Lopez, Telefonica o Matteo Varvello, Telefonica o Zubair Shafiq, The University of Iowa o Vijay Devarapalli, Vasona Networks o Sanjay Mishra, Verizon o Gianpaolo Scassellati, Vimplecom o Kevin Smith, Vodafone o Wendy Seltzer, W3C Appendix B. Workshop Position Papers o Mohammed Dadas, Emile Stephan, Mathilde Cayla, Iuniana Oprescu, "Cooperation Framework between Application layer and Lower Layers" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_33.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_33.pdf> o Julien Maisonneuve,Thomas Fossati andVijay Gurbani, and Thomas Fossati, "The securitypendulum and the network"pendulum" athttps://www.iab.org/wp- content/IAB-uploads/2015/08/MaRNEW_1_paper_4.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_4.pdf> o Martin Peylo, "Enabling Secure QoE Measures for Internet Applications over Radio Networks is a MUST" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_32.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_32.pdf> o Vijay Devarapalli, "Thebandwidth balancing act:Bandwidth Balancing Act: Managing QoE as encrypted services change the traffic optimization game" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_10.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_10.pdf> o Humberto J. La Roche, "Use Cases for Communicating End-Points in Mobile NetworkMiddle-Boxes"Middleboxes" athttps://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_12.pdf<https://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_12.pdf> oRichard Barnes andPatrickMcManus,McManus and Richard Barnes, "User Consent and Security as a Public Good" athttps://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_13.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_13.pdf> o Iuniana Oprescu, JonPetersonPeterson, and Natasha Rooney, "A Framework for Consent and Permissions in Mediating TLS" athttps://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_31.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_31.pdf> o Jari Arkko andGoeranGoran Eriksson, "Characteristics of Traffic Type Changes and Their Architectural Implications" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_15.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_15.pdf> o Szilveszter Nadas and Attila Mihaly,"Traffic Management"Concept forEncryptedCooperative Trafficfocusing on Cellular Networks"Management" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_16.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_16.pdf> o Gianpaolo Scassellati, "Vimpelcom PositionPaperpaper for MaRNEWMeeting"Workshop" athttps://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_17.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_17.pdf> o MirjaKuehlewind,Kuhlewind, DirkKutscherKutscher, and Brian Trammell, "Enabling Traffic Management without DPI" athttps://www.iab.org/wp-content/ IAB-uploads/2015/08/MaRNEW_1_paper_18.pdf<https://www.iab.org/wp- content/IAB-uploads/2015/08/MaRNEW_1_paper_18.pdf> o Andreas Terzis and Chris Bentzel, "Sharing network state with application endpoints" athttps://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_19.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_19.pdf> o Marcus Ihlar,Robert Skog andSalvatore Loreto, and Robert Skog, "The needed existence ofPerformance Enhancing ProxiesPEP in anEncrypted World"encrypted world" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_20.pdf<https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_20.pdf> o John Mattsson, "Network Operation in an All-Encrypted World" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_21.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_21.pdf> o Dirk Kutscher, Giovanna Carofiglio, LucaMuscarielloMuscariello, and Paul Polakos, "Maintaining Efficiency and Privacy in Mobile Networks through Information-Centric Networking" athttps://www.iab.org/wp- content/IAB-uploads/2015/08/MaRNEW_1_paper_23.pdf<https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_23.pdf> o Chunshan Xiong and Milan Patel, "The effect of encrypted traffic on the QoS mechanisms in cellular networks" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_25.pdf> o Thomas Anderson, PeterBoschBosch, and Alessandro Duminuco, "Bandwidth Control and Regulation in Mobile Networks via SDN/NFV-Based Platforms" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_26.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_26.pdf> o Karen O'Donoghue and Phil Roberts,Barriers"Barriers to Deployment:"ProbingProbing the Potential Differences in Developed and Developing Infrastructure" athttps://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_27.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_27.pdf> o Wendy Seltzer,"Performance, Security,"Security, Privacy, andPrivacyPerformance Considerations for the Mobile Web" athttps://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_28.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_28.pdf> o Jianjie You, HanyuWeiWei, and Huaru Yang, "Use Case Analysis and Potential Bandwidth Optimization Methods for Encrypted Traffic" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_29.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_29.pdf> o Mangesh Kasbekar and Vinay Kanitkar, "CDNs, Network Services and Encrypted Traffic" athttps://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_30.pdf<https://www.iab.org/wp-content/IAB- uploads/2015/08/MaRNEW_1_paper_30.pdf> o Yves Hupe, Claude Rocray,Mark SantelliandYves Hupe,Mark Santelli, "Providing Optimization of Encrypted HTTP Traffic" athttps://www.iab.org/wp- content/IAB-uploads/2015/08/MaRNEW_1_paper_341.pdf<https://www.iab.org/ wp-content/IAB-uploads/2015/08/MaRNEW_1_paper_341.pdf> o M. Zubair Shafiq, "Tracking Mobile Video QoE in the Encrypted Internet" athttps://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_35.pdf<https://www.iab.org/wp-content/IAB-uploads/2015/08/ MaRNEW_1_paper_35.pdf> o Kevin Smith, "Encryption and government regulation: what happens now?" athttps://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_1.pdf 11.<https://www.iab.org/wp-content/IAB-uploads/2015/09/ MaRNEW_1_paper_1.pdf> Acknowledgements Stephen Farrell reviewed this report in draft form and provided copious comments and suggestions. Barry Leiba provided some clarifications on specific discussions about Lawful Intercept that took place during the workshop. Bob Hinden and Warren Kumari provided comments and suggestions during the IAB Call for Comments. Amelia Andersdotter and Shivan Kaul Sahib provided comments from the Human Rights Review Team during the IAB Call for Comments. Authors' Addresses Natasha Rooney GSMA Email: nrooney@gsma.com URI: https://gsma.com Spencer Dawkins (editor) Wonder Hamster Email: spencerdawkins.ietf@gmail.com