iqnets: opportunistic XYZ, e.g. "begin xmit"
Zenaan Harkness
zen at freedbms.net
Wed Oct 30 20:36:27 PDT 2019
> - When we do achieve internet wide QoS contracts at the network
> layer, a privacy issue (depending on your threat model) will be
> which QoS modes to utilize - e.g. you may be better off using
> "bulk fill", rather than "telephone audio" class QoS, in order to
> better hide your important phone call.
One way to use bulk fill for real time data, is for links (i.e. peer
nodes), to simply "maintain excess headroom during requisite (phone
call) time".
This implies the need to hide a node's (downwards) phys link
utilization:
- either all nodes always reserve a relevant phys link %, e.g.:
- 2%, or 10KiB/s, whichever is greater,
- unless total phys link is less than 30 KiB/s,
in which case this node must essentially act as a client only
node (a comparatively unsafe option (presumably))
Protocol for bulk-fill "telephone audio" link nego:
Step 1:
Nodes A and N agree intention to make "max secure" phone call:
- node A originates the phone call request, contacting N:
- phone call request
- asap
- using only bulk fill link QoS class
- only via "trusted" middle node(s)
- A "trusts" B to some degree
- N replies to A with "ACK, please set up the links"
Node A now attempts to nego "headroom links", to minimize packet drop
outs and thereby maximize audio quality of the AN phone link:
Step 2:
Node A and middle node B, nego "headroom" links AB, and BN:
- A requests of B to "reserve excess headroom for real time b/w W,
of intended duration ~T, beginning "asap".
- B checks its current link undertakings (bulk, r/t, total b/w vs
b/w availability etc), and offers to A something like:
- I can ACK your request not before 13 minutes, (presumably due
to current link contracts);
I will hold open this offer for you, for 10 seconds, i.e. I
will not enter new link contracts before $NOW + 10s.
- A considers this, and since B is the only node A is presently
willing to entrust with such a request, A re negos with B:
- A first calculates two random time periods, to be buffer time
before and after its phone call with N, say:
347 seconds and 13 seconds;
we note that statistically significant (in a cryptographic
sense) random extensions of such time windows, is something
that needs careful mathematical analysis by someone competent
in the field - usually, we reduce, not increase, randomness
when we do such things (math don't care how good our
intention is);
and for "moar headroom" windows to be useful, such windows
need to not only be random in respect of an actual phone
call, but also random in respect of "no phone call at this
time period, but we reserved headroom anyway", so that
headroom reservations all appear normal and more importantly,
completely random;
"Achieving randomness in practice, is not trivial."
- A to B: Please reserve headroom for me, and a link for me,
as follows:
- begin time $NOW + 10 mins
- b/w 7KiB/s (effectively an audio phone call)
- duration 347s + 30 minutes + 13s
- we note that human phone calls can vary wildly in their
actual duration, as compared with expected duration when a
user first attempts a phone call - a half hour call may end
up being under 20 seconds, or over an hour and a half, etc
- maximising hiding of high value phone calls, means the
users (the people in the phone call/ conference), MUST be
aware of the "max security" window within which they are
operating, and that the call quality may reduce after
that time window.
- Node B:
- accepts this request
- sends an ACK to A
- sends an ACK/ intent to connect, to N
- N sends an ACK back to B (optional, and possibly not done,
just "virtually ACKed" ie. assumed - we assume A did its
job properly and first nego'ed with N, and we don't
introduce unnecessary additional ACKs without reason.)
- it may be that A should ACK to N
Step 3:
- at agreed time, A phones N
An open question TODO: if all nodes in iqnets are bound to implement
random "headroom" windows, at random times, and for random durations,
can the actual headroom be measured and/ or tested by peer nodes?
- if so, we would have a mechanism to empirically test and
therefore utilize untrusted nodes, albeit at entirely random
(unpredictable times),
to make high value phone calls using "bulk fill contracts",
without the untrusted nodes knowing that this is what we are
doing!
- this would be a very desirable property for any overlay network
- but we must think like the government stalkers (who are out to
illegally monitor us), and who have very deep pockets, and who
run an abundance of trojan nodes:
- such tojan nodes will say to their peer nodes that they are
undertaking "headroom" contracts at random times for random
durations, and yet may be doing no such thing at all, in order
to firetruck us over a barrell
Next we consider that our effort to push QoS down to the network
physical layer and up through the entire stack, may well ultimately
result in much greater ability for us all to maximal utilize global
network b/w, at the same time as reducing packet loss to an absolute
minimum. This would be an absolute win for everyone, including ISPs
and GT* backhauls.
- bittorrent peers know exactly how much they request of one
another, and can therefore readily use nego net
"NegoNet, for n_ggers who can't configure their torrent client!"
- phone calls are an instant win - nego b/w, choose optimal codec
for agreed b/w
- web servers could rate limit per nego'ed link, per client
etc
More information about the cypherpunks
mailing list