- When we do achieve internet wide QoS contracts at the network layer, a privacy issue (depending on your threat model) will be which QoS modes to utilize - e.g. you may be better off using "bulk fill", rather than "telephone audio" class QoS, in order to better hide your important phone call.
One way to use bulk fill for real time data, is for links (i.e. peer nodes), to simply "maintain excess headroom during requisite (phone call) time". This implies the need to hide a node's (downwards) phys link utilization: - either all nodes always reserve a relevant phys link %, e.g.: - 2%, or 10KiB/s, whichever is greater, - unless total phys link is less than 30 KiB/s, in which case this node must essentially act as a client only node (a comparatively unsafe option (presumably)) Protocol for bulk-fill "telephone audio" link nego: Step 1: Nodes A and N agree intention to make "max secure" phone call: - node A originates the phone call request, contacting N: - phone call request - asap - using only bulk fill link QoS class - only via "trusted" middle node(s) - A "trusts" B to some degree - N replies to A with "ACK, please set up the links" Node A now attempts to nego "headroom links", to minimize packet drop outs and thereby maximize audio quality of the AN phone link: Step 2: Node A and middle node B, nego "headroom" links AB, and BN: - A requests of B to "reserve excess headroom for real time b/w W, of intended duration ~T, beginning "asap". - B checks its current link undertakings (bulk, r/t, total b/w vs b/w availability etc), and offers to A something like: - I can ACK your request not before 13 minutes, (presumably due to current link contracts); I will hold open this offer for you, for 10 seconds, i.e. I will not enter new link contracts before $NOW + 10s. - A considers this, and since B is the only node A is presently willing to entrust with such a request, A re negos with B: - A first calculates two random time periods, to be buffer time before and after its phone call with N, say: 347 seconds and 13 seconds; we note that statistically significant (in a cryptographic sense) random extensions of such time windows, is something that needs careful mathematical analysis by someone competent in the field - usually, we reduce, not increase, randomness when we do such things (math don't care how good our intention is); and for "moar headroom" windows to be useful, such windows need to not only be random in respect of an actual phone call, but also random in respect of "no phone call at this time period, but we reserved headroom anyway", so that headroom reservations all appear normal and more importantly, completely random; "Achieving randomness in practice, is not trivial." - A to B: Please reserve headroom for me, and a link for me, as follows: - begin time $NOW + 10 mins - b/w 7KiB/s (effectively an audio phone call) - duration 347s + 30 minutes + 13s - we note that human phone calls can vary wildly in their actual duration, as compared with expected duration when a user first attempts a phone call - a half hour call may end up being under 20 seconds, or over an hour and a half, etc - maximising hiding of high value phone calls, means the users (the people in the phone call/ conference), MUST be aware of the "max security" window within which they are operating, and that the call quality may reduce after that time window. - Node B: - accepts this request - sends an ACK to A - sends an ACK/ intent to connect, to N - N sends an ACK back to B (optional, and possibly not done, just "virtually ACKed" ie. assumed - we assume A did its job properly and first nego'ed with N, and we don't introduce unnecessary additional ACKs without reason.) - it may be that A should ACK to N Step 3: - at agreed time, A phones N An open question TODO: if all nodes in iqnets are bound to implement random "headroom" windows, at random times, and for random durations, can the actual headroom be measured and/ or tested by peer nodes? - if so, we would have a mechanism to empirically test and therefore utilize untrusted nodes, albeit at entirely random (unpredictable times), to make high value phone calls using "bulk fill contracts", without the untrusted nodes knowing that this is what we are doing! - this would be a very desirable property for any overlay network - but we must think like the government stalkers (who are out to illegally monitor us), and who have very deep pockets, and who run an abundance of trojan nodes: - such tojan nodes will say to their peer nodes that they are undertaking "headroom" contracts at random times for random durations, and yet may be doing no such thing at all, in order to firetruck us over a barrell Next we consider that our effort to push QoS down to the network physical layer and up through the entire stack, may well ultimately result in much greater ability for us all to maximal utilize global network b/w, at the same time as reducing packet loss to an absolute minimum. This would be an absolute win for everyone, including ISPs and GT* backhauls. - bittorrent peers know exactly how much they request of one another, and can therefore readily use nego net "NegoNet, for n_ggers who can't configure their torrent client!" - phone calls are an instant win - nego b/w, choose optimal codec for agreed b/w - web servers could rate limit per nego'ed link, per client etc