Traffic analysis is a VERY powerful tool. Identifying in detail the tunneled protocol is hard, but identifying the general theme (interactive session, VoIP, bulk data) is trivial, as cover traffic can only be added, and cover-jitter only removed.
On Tue, Jul 1, 2008 at 6:51 AM, bj <[EMAIL PROTECTED]> wrote: > [ It is unfortunately reasonable to assume -- based on observed > behaviors to date -- that some ISPs may have few reservations > about extracting as much information as possible from > encrypted data streams and then potentially "tampering" with > them in furtherance of their own objectives -- to the maximal > extent that they believe won't create unacceptable levels of > negative PR or place them in legal jeopardy. > > -- Lauren Weinstein > NNSquad Moderator ] At the same time, you can expect this technology to IMPROVE user service as well. If an ISP can cleanly identify VoIP from interactive sessions from bulk data (which it can, trivially), when it does need to drop a user's traffic level to under some threshold, by selectively throttling the user's bulk-data flow first, this will generally provide maximum benefit to the user. (Make it opt-out, just so that if users insist on doing QoS themselves at their gateway, they can.) Yes, we can all dream of a world where everyone tags QoS properly, and where the bandwidth fairy ensures that everyone gets 100 Mbps dedicated circuits on pristine new fiber pulled to every house, but the reality is user-fairness based shaping is necessary [1] and, when needing to limit a user's traffic, traffic shaping which is protocol aware can be deployed today without changing the end host software. Overall, I believe this group is on the verge of doing more harm than good: The many negative reactions to Comcast's fairness proposal, for instance (which is really a very simple, very elegant solution [2]) seem intent on forcing ISPs to go with low caps instead. [3] The ISP is not your enemy. It is not your friend, either, but this assumption that just about any active traffic management is somehow bad, and that application-aware traffic management is always bad, seems a significant limitation. [1] Humans expect that "fairness" means allocate based on long duration (minutes to hours) between individuals. What the network provides is either nothing (UDP) or allocation based on flows measured on short duration (TCP RTT times). [2] Who's, IMO, biggest limitation is it doesn't go far enough: it can't do distinguishing of Skype from BitTorrent, so if a user is in QoS low, all his traffic is in QoS low. This is unavoidable on the outbound link in their method, as the DOCSIS access protocol only gives layer 2 information. [3] Notice the two threads of response. Time/Warner is trying to go for very low caps (~30 GB). Comcast is trying to fairly allocate their network, and any caps are very high (>250 GB+).
