[Search] [txt|xml|pdfized|bibtex] [Tracker] [Email] [Nits]
Versions: 00                                                            
Human Rights Protocol Considerations Research Group           B. Martini
Internet-Draft                                    Harvard Kennedy School
Intended status: Informational                              N. ten Oever
Expires: April 25, 2019                          University of Amsterdam
                                                        October 22, 2018

                        QUIC Human Rights Review


   QUIC is a new transport protocol that provides low-latency
   communication and security.  QUIC's key features include faster
   connection establishment, stream-based multiplexing, improved loss
   recovery, and no head-of-line blocking.  This document assesses the
   potential human rights implications emerging from the deployment of
   QUIC.  The assessment is done based on the methodology articulated in

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 25, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must

Martini & ten Oever      Expires April 25, 2019                 [Page 1]

Internet-Draft                   QUIC-HR                    October 2018

   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Vocabulary Used . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Review Methodology and Process  . . . . . . . . . . . . . . .   5
   4.  Human Rights Considerations . . . . . . . . . . . . . . . . .   7
     4.1.  Connectivity  . . . . . . . . . . . . . . . . . . . . . .   7
       4.1.1.  Latency . . . . . . . . . . . . . . . . . . . . . . .   7
       4.1.2.  Congestion Control and Loss Recovery  . . . . . . . .   8
       4.1.3.  Reduced Head-Of-Line Blocking . . . . . . . . . . . .   8
       4.1.4.  Resources . . . . . . . . . . . . . . . . . . . . . .   8
     4.2.  Privacy . . . . . . . . . . . . . . . . . . . . . . . . .   8
       4.2.1.  Encryption  . . . . . . . . . . . . . . . . . . . . .   8
       4.2.2.  Transparent Proxying  . . . . . . . . . . . . . . . .   9
       4.2.3.  Multiple Streams  . . . . . . . . . . . . . . . . . .   9
       4.2.4.  Packet Number Encryption  . . . . . . . . . . . . . .   9
       4.2.5.  Padding . . . . . . . . . . . . . . . . . . . . . . .  10
       4.2.6.  Lawful Intercept  . . . . . . . . . . . . . . . . . .  10
       4.2.7.  Spin Bit  . . . . . . . . . . . . . . . . . . . . . .  10
       4.2.8.  Packet Injection  . . . . . . . . . . . . . . . . . .  11
     4.3.  Content Agnosticism . . . . . . . . . . . . . . . . . . .  12
     4.4.  Security  . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.5.  Internationalization  . . . . . . . . . . . . . . . . . .  12
     4.6.  Censorship Resistance . . . . . . . . . . . . . . . . . .  12
     4.7.  Open Standards  . . . . . . . . . . . . . . . . . . . . .  13
     4.8.  Heterogeneity Support . . . . . . . . . . . . . . . . . .  13
     4.9.  Anonymity . . . . . . . . . . . . . . . . . . . . . . . .  13
     4.10. Pseudonymity  . . . . . . . . . . . . . . . . . . . . . .  13
     4.11. Confidentiality . . . . . . . . . . . . . . . . . . . . .  14
     4.12. Integrity . . . . . . . . . . . . . . . . . . . . . . . .  14
     4.13. Authenticity  . . . . . . . . . . . . . . . . . . . . . .  14
     4.14. Adaptability  . . . . . . . . . . . . . . . . . . . . . .  14
     4.15. Outcome Transparency  . . . . . . . . . . . . . . . . . .  14
       4.15.1.  Encryption . . . . . . . . . . . . . . . . . . . . .  15
       4.15.2.  Permissionless Innovation and Its Challenges . . . .  15
       4.15.3.  Privacy, Power and Consolidation . . . . . . . . . .  16
       4.15.4.  Transparency and IoT . . . . . . . . . . . . . . . .  17
   5.  Conclusions and Recommendations . . . . . . . . . . . . . . .  18
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  19
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  19
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  19
   9.  Review Team Information . . . . . . . . . . . . . . . . . . .  19
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  19
     10.1.  Informative References . . . . . . . . . . . . . . . . .  19

Martini & ten Oever      Expires April 25, 2019                 [Page 2]

Internet-Draft                   QUIC-HR                    October 2018

     10.2.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  23
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  23

1.  Introduction

   This is a review done within the framework of the Human Rights Review
   Team, and it was conducted by Beatrice Martini and Niels ten Oever.
   The Human Rights Review Team aims to implement and improve the
   guidelines for human rights considerations provided in [RFC8280], and
   seeks to mitigate potentially adverse human rights impacts that IETF
   and IRTF documents might have.

   Human Rights Reviews are developed by a group of individuals in the
   IRTF and IETF.  They work collaboratively and provide their knowledge
   and input to the assessments, in an effort to contribute to the IETF
   open review process.  Human Rights Reviews are individual
   contributions.  The authors hope that the comments will be taken into
   consideration by the draft authors, Working Groups and the IESG.

   This review concerns the QUIC protocol in general, and the following
   drafts in particular: draft-ietf-quic-transport-12, draft-ietf-quic-
   tls-12, draft-ietf-quic-invariants-01.

2.  Vocabulary Used

   Anonymity  The condition of an identity being unknown or concealed

   Censorship  Technical mechanisms, including both blocking and
      filtering, that state or private actors can use to block or
      degrade Internet traffic.  For further details on the various
      elements of Internet censorship, see [Halletal].

   Censorship resistance  Methods and measures to mitigate Internet

   Confidentiality  The property that data is not disclosed to system
      entities unless they have been authorized to know the data

   Connectivity  The extent to which a device or network is able to
      reach other devices or networks to exchange data.  The Internet is
      the tool for providing global connectivity [RFC1958].  Different
      types of connectivity are further specified in [RFC4084].

   Content agnosticism  Treating network traffic identically regardless
      of content.

Martini & ten Oever      Expires April 25, 2019                 [Page 3]

Internet-Draft                   QUIC-HR                    October 2018

   Heterogeneity  "The Internet is characterized by heterogeneity on
      many levels: devices and nodes, router scheduling algorithms and
      queue management mechanisms, routing protocols, levels of
      multiplexing, protocol versions and implementations, underlying
      link layers (e.g., point-to-point, multi-access links, wireless,
      FDDI, etc.), in the traffic mix and in the levels of congestion at
      different times and places.  Moreover, as the Internet is composed
      of autonomous organizations and Internet service providers, each
      with their own separate policy concerns, there is a large
      heterogeneity of administrative domains and pricing structures."

      As a result, per [FIArch], the heterogeneity principle proposed in
      [RFC1958] needs to be supported by design.

   Human rights  Principles and norms that are indivisible,
      interrelated, inalienable, universal, and mutually reinforcing.
      Human rights have been codified in national and international
      bodies of law.  The Universal Declaration of Human Rights [UDHR]
      is the most well-known document in the history of human rights.
      The aspirations from [UDHR] were later codified into treaties such
      as the International Covenant on Civil and Political Rights
      [ICCPR] and the International Covenant on Economic, Social and
      Cultural Rights [ICESCR], after which signatory countries were
      required to reflect them in their national bodies of law.  It is
      also broadly recognized that not only states, but also non-state
      actors must respect human rights.

   Integrity  The property that data has not been changed, destroyed, or
      lost in an unauthorized or accidental manner [RFC4949].

   Linkability  Establishing the identity of a host across several IP

   Open standards  As stated in [RFC2026]: "Various national and
      international standards bodies, such as ANSI, ISO, IEEE, and ITU-
      T, develop a variety of protocol and service specifications that
      are similar to Technical Specifications defined here.  National
      and international groups also publish "implementors' agreements"
      that are analogous to Applicability Statements, capturing a body
      of implementation-specific detail concerned with the practical
      application of their standards.  All of these are considered to be
      'open external standards' for the purposes of the Internet
      Standards Process."

   Openness  Absence of centralized points of control - "a feature that
      is assumed to make it easy for new users to join and new uses to
      unfold" [Ziewitzetal].

Martini & ten Oever      Expires April 25, 2019                 [Page 4]

Internet-Draft                   QUIC-HR                    October 2018

   Ossification  The increasing inflexibility of the network which
      results in the inability to deploy a new protocol or protocol
      extensions due to the unchangeable nature of infrastructure
      components that have come to rely on particular features of
      current protocols.

   Permissionless innovation  The freedom and ability to freely create
      and deploy new protocols on top of the communications constructs
      that currently exist.

   Privacy  The right of an entity (usually an individual), acting on
      its own behalf, to determine the degree to which it will interact
      with its environment, including the degree to which the entity is
      willing to share its personal information with others [RFC4949].

      The right of individuals to control or influence what information
      related to them may be collected and stored, and by whom and to
      whom that information may be disclosed.

      Privacy is a broad concept regarding the protection of individual
      or group autonomy and the relation between an individual or group
      and society, including government, companies, and private
      individuals.  It encompasses a wide range of rights, including
      protections from intrusions into family and home life, control of
      sexual and reproductive rights, and communications secrecy.  It is
      commonly recognized as a core right that underpins human dignity
      and other values such as freedom of association and freedom of
      speech.  The right to privacy is also recognized in nearly every
      national constitution and in most international human rights
      treaties.  The right to privacy is also legally protected at the
      national level through provisions in civil and/or criminal codes.

   Pseudonymity  The ability to use a persistent identifier that is not
      immediately linked to an individual's offline identity.
      Pseudonymity is an critical feature for many end users, as it
      allows them different degrees of disguised identity and privacy
      online.  "Pseudonymity is strengthened when less personal data can
      be linked to the pseudonym; when the same pseudonym is used less
      often and across fewer contexts; and when independently chosen
      pseudonyms are more frequently used for new actions (making them,
      from an observer's or attacker's perspective, unlinkable)."

3.  Review Methodology and Process

   This section describes how the review was undertaken.

Martini & ten Oever      Expires April 25, 2019                 [Page 5]

Internet-Draft                   QUIC-HR                    October 2018

   We started our review by examining the Internet Drafts which were
   active on June 7, 2018 on the QUIC Working Group Datatracker

   Inferential reading of the documents resulted in the decision to
   focus our efforts on three specific drafts: draft-ietf-quic-
   transport-12, draft-ietf-quic-tls-12, draft-ietf-quic-invariants-01.

   From the study of these documents through the perspective of the
   Guidelines for Human Rights Protocol Considerations outlined in
   [RFC8280], we formulated a questionnaire, to be used as a tool to
   guide semi-structured interviews with QUIC Working Group chairs and
   document authors.

   We engaged in a total of seven interviews, which took place during
   IETF102 (July 14-20, 2018).  These were then transcribed and
   analyzed.  The analysis focused on the identification of potential
   positive or negative impacts on human rights, and on the
   categorization of our findings according to the Guidelines for Human
   Rights Protocol Considerations outlined in [RFC8280].

   One particular aspect that is critical to consider is the pace at
   which the QUIC Working Group operates, which is regarded across the
   IETF community as notably faster than usual.  This means that while
   the general design that is outlined in the QUIC Internet Drafts is
   fairly stable, numerous details are in constant change.  When it
   comes to conducting an interview-based research, this also means that
   some of the expressed points of view might be overtaken by
   intervening changes.  To address this specific characteristic of the
   work on the QUIC protocol, we decided to set a time point to examine
   active Internet Drafts and current Working Group discussions.  The
   time point is June 7, 2018.  In addition to that, we also kept
   discussing with the interviewees, reviewing notes from the following
   New York interim meeting (September 19-20), and following selected
   mailing list threads, until our final review of this very document,
   on October 17, 2018.

   The content examined until the set time point (June 7, 2018) is what
   should be considered the core subject of our examination.  However,
   as we aim to helpfully contribute to the efforts of the QUIC Working
   Group, we also decided to monitor potential updates and emerging
   discussions which took place in the following months, with the aim to
   provide relevant and applicable feedback.

Martini & ten Oever      Expires April 25, 2019                 [Page 6]

Internet-Draft                   QUIC-HR                    October 2018

4.  Human Rights Considerations

   The Human Rights Protocols Considerations Research Group (HRPC)
   welcomes the drafts draft-ietf-quic-transport, draft-ietf-quic-tls,

   In particular, we welcome the efforts to improve connectivity on high
   latency, low bandwidth and high loss connections, and the application
   of encryption by default.  Conclusions and recommendations can be
   found at the end of this document.

   No implications for Accessibility ([RFC8280], sec. 6.2.11),
   Localization ([RFC8280], sec. 6.2.12), Decentralization ([RFC8280],
   sec. 6.2.13), and Reliability ([RFC8280], sec 6.2.14) have been

4.1.  Connectivity

   Overall, QUIC is expected to result in a greatly improved Internet
   service for users worldwide, and in particular for those who
   currently do not have high bandwidth or lossless connections.
   Regions that currently do not benefit from reliable connectivity,
   would be provided with a significantly improved service.  These
   advancements have positive implications in regards to human rights
   such as freedom of expression, freedom of association, right to
   political participation.

4.1.1.  Latency

   QUIC was designed as a new transport protocol to provide connections
   with lower latency than previous protocols.

   One of the most important differences between TCP and QUIC
   connections is that QUIC connection establishment takes 0 RTTs when a
   server is known by a client and up to a few RTTs for the first
   connection to an unknown server.

   By allowing for Zero-Round Trip Time (0-RTT) resumption of
   connections, QUIC performs better than TCP on high latency and high
   loss connections.  When a web client uses TCP and TLS, it requires
   two to three round trips with a server to establish a secure
   connection before the browser can send a request.  With QUIC, if a
   client has communicated with a server before (within a specific time
   period), it can start sending data without any round trips, so that
   web pages will load faster.

   An example of QUIC's performance can be observed on a well-optimized
   site like Google Search, where connections are often pre-established,

Martini & ten Oever      Expires April 25, 2019                 [Page 7]

Internet-Draft                   QUIC-HR                    October 2018

   and QUIC's faster connections can only speed up some requests.
   Still, QUIC improves mean page load time by 8% globally, and up to
   13% in regions where latency is higher.  [Behretal]

4.1.2.  Congestion Control and Loss Recovery

   QUIC's congestion control is based on TCP NewReno [RFC6582], a
   congestion window based congestion control.  The signals QUIC
   provides for congestion control are generic and are designed to
   support different algorithms.  In this way, QUIC can be configured to
   fit best in different contexts.

   Compared to TCP, QUIC offers more detailed feedback information for
   loss detection.  For example, it uses a monotonically increasing
   packet number and does not retransmit on the packet-level but on the
   content-level.  This allows QUIC to distinguish retransmissions from
   the originally sent packets, avoiding retransmission ambiguities.

   Overall, comparing it to previously existing protocols, QUIC
   implements better estimation of connection RTTs and detects and
   recovers from loss more efficiently.

4.1.3.  Reduced Head-Of-Line Blocking

   HTTP/2 allows multiple objects to be fetched over the same
   connection, using multiple streams within a single flow.

   In TCP, if a loss occurs in one stream, all streams stall while
   waiting for packet recovery.  Differently, QUIC allows other streams
   to continue to exchange packets even if one stream is blocked due to
   a missing packet [MolaviKakhkietal].

4.1.4.  Resources

   QUIC is relatively expensive to implement, both in terms of code
   (size and complexity) and processing (including memory overheads).
   This can represent a barrier to adoption and the benefits that come
   with that.

4.2.  Privacy

4.2.1.  Encryption

   QUIC incorporates the key negotiation features of TLS 1.3, requiring
   all connections to be encrypted.

   Encryption improves the security and privacy of user data.  It is
   built into QUIC, using AEAD algorithms such as AES-GCM and ChaCha20

Martini & ten Oever      Expires April 25, 2019                 [Page 8]

Internet-Draft                   QUIC-HR                    October 2018

   for both privacy and integrity.  QUIC authenticates the parts of its
   headers that it does not encrypt, so attackers cannot modify any part
   of a message [Behretal].

   Furthermore, in addition to improving privacy, encryption helps to
   address the ossification of network protocols caused by middleboxes
   that assume certain information to be present in the clear

4.2.2.  Transparent Proxying

   Many cellular and high-latency networks use transparent TCP proxies
   to reduce end-to-end delays and improve loss recovery.  However, by
   encrypting the transport headers, QUIC prevents transparent proxying,
   thus protecting their integrity [MolaviKakhkietal].

4.2.3.  Multiple Streams

   By establishing connection with multiple streams, QUIC creates higher
   opacity for the observer.

   Comparing QUIC to TLS over TCP, QUIC significantly reduces the amount
   of information that an observer can acquire about communications they
   are looking at.

   In TCP, all of the information regarding the protocol flow at a
   transport layer is exposed, and can be used to identify active

   In QUIC, it is possible to have an established connection with an end
   point and to run multiple streams over that connection.
   Consequently, an observer who is looking at someone's connection,
   would not be able to tell the difference between the streams.

4.2.4.  Packet Number Encryption

   In QUIC packet numbers are encrypted.

   From a general standpoint, the number assigned to each packet carries
   very little information.  For example, it is possible to observe that
   a packet sent a certain time and the packet that was sent immediately
   after probably have increasing packet numbers.

   But when traffic is carried over multiple paths, it becomes
   observable at many points, and this has privacy implications.  For
   example, as stated in [draft-huitema-quic-mpath-req-01]: "[...] if
   packets belonging to a given connection carry some unique
   identifiers, observers could use these identifiers to track client

Martini & ten Oever      Expires April 25, 2019                 [Page 9]

Internet-Draft                   QUIC-HR                    October 2018

   migrations through several paths, and thus potentially expose the
   successive locations of a particular user."

4.2.5.  Padding

   Bit padding is the addition of one or more extra bits to a
   transmission or storage unit to make it conform to a standard size.

   QUIC (like HTTP/2 and TLS) offers a padding mechanism that can be
   used as a defense against traffic analysis for protected packets.  It
   is important to note that its use is discretionary by

4.2.6.  Lawful Intercept

   The lawful intercept of content in QUIC works similarly to TLS over
   TCP.  An intercept can: force the acceptance of an alternate
   certificate; cooperate with or coerce the non-monitored endpoints to
   obtain session keys for decryption of traffic; exploit endpoint
   vulnerabilities to place monitoring devices directly on the endpoint
   on the other side of the crypto boundary.

   Forcing TLS 1.3 avoids some common exploit vectors in TLS 1.2 and
   strengthens the ciphersuites.

4.2.7.  Spin Bit

   When Google offered the IETF the opportunity to take the work on QUIC
   and produce an open standard that could be used by all [Wilketal], it
   sparked off a debate within the IETF as to how much transport
   information should be deliberately kept unknown to the network.

   As an explicit design goal, QUIC provides far less information about
   its operation to devices on path than TCP does.  In TCP, the sequence
   and acknowledgement numbers and timestamps (if the respective option
   is in use) can be seen by on-path observers, and used to estimate
   end-to-end latency.

   Differently from previous transport protocols, QUIC splits the
   information it uses for its own operation from its wire image.  As a
   consequence, QUIC's wire image currently does not expose any
   information that can be used for passive latency measurement
   techniques [draft-ietf-quic-spin-exp-00].

   At the June 2017 interim meeting of the QUIC Working Group, a
   proposal was made to add a latency spin bit to QUIC's wire image, in
   order to allow for passive measurability of RTT equivalent to TCP

Martini & ten Oever      Expires April 25, 2019                [Page 10]

Internet-Draft                   QUIC-HR                    October 2018

   The spin bit is an explicit signal for passive measurability of
   round-trip time.  It causes one bit in the header to 'spin',
   generating one edge (a transition from 0 to 1 or from 1 to 0) once
   per end-to-end RTT.

   During the following months, the proposal to add this facility to the
   QUIC protocol has been further discussed and researched.  At IETF101
   the Working Group agreed upon the reservation of three bits for
   experimentation with passive RTT measurement, with the result of this
   experimentation to inform an eventual working group decision whether
   to include the bit in the shipping version 1 of the protocol,
   scheduled to be complete by November 2018.  [Trammell02]

   From its designers' perspective, the spin bit was formulated to be a
   minimal-risk, maximum-utility signal fit for a single purpose: on-
   path measurement of end-to-end RTT, to generate RTT samples for a
   variety of passive latency measurement tasks.

   The key argument in favor of the spin bit originates from the notion
   that measurement is fundamental to the operation of networks and at-
   scale services, whether for management, security, optimization, and
   that if it is at all possible to safely design passive measurability
   of any metric explicitly into a protocol, this signal represents how
   to do it.  [Trammell01]

   The argument made by those who are not in favor of the addition of
   the spin bit to the protocol, is that the exposure of any information
   beyond the IP header and the base essentials of a UDP header is not
   necessary and not safe.  They point out that how this bit may be
   used, were it to be added to the protocol, is unknown.

   This could represent an infringement of the user privacy.
   Furthermore, an exposed bit might cause for ossification of the bit
   itself, which would, to some extent, defeat QUIC's efforts to elude
   the intrusive and ossifying grip of network middleware.  [Huston]

4.2.8.  Packet Injection

   It is viable for network operators to add data to packets in order to
   do traffic monitoring and/or management.  It is not uncommon for
   network operators to routinely tag packets as they enter the network
   for their own purposes, and simply erase the tag when they leave the
   network.  Packet modification or injection cannot be prevented in
   QUIC.  However, the protocol takes steps to ensure that its own state
   is not affected by this kind of activity.

Martini & ten Oever      Expires April 25, 2019                [Page 11]

Internet-Draft                   QUIC-HR                    October 2018

4.3.  Content Agnosticism

   The QUIC protocol itself is content agnostic.  While it is currently
   being optimized for HTTP traffic, it can also be used with other
   application layer protocols (e.g. see

4.4.  Security

   QUIC improves security by making encryption an inherent part of the
   transport protocol, instead of adding it as a optional layer on top
   of it.  This protects the integrity of the data by preventing
   tampering on the path, and ensures end-to-end confidentiality between
   the two communicating hosts.  Furthermore, it ensure that no on-path
   party can emulate an endpoint.

   By encrypting all Internet traffic by default it is harder for
   researchers and network operators to analyze network traffic.  This
   is a specific design goal, but it also makes research into the
   promulgation of malware, cookies and other artefacts much harder,
   since in this case access to the stream needs to be provided by the
   end point.

4.5.  Internationalization

   [draft-ietf-quic-transport-12] does not define human readable
   strings, except for where it states that the Reason Phrase in the
   encoded string [RFC3629]".  The QUIC protocol demands that this
   SHOULD be an UTF-8 string, while UTF-8 is actually not required.
   Also, there is currently no space to declare the charset used.  So it
   is recommended that this SHOULD becomes a MUST.

   [draft-ietf-quic-transport-12] does not allow for the use of language
   tags.  If it would request these tags, it would allow implementations
   to signal in which language Reason Phrases are rendered.

4.6.  Censorship Resistance

   Encryption makes monitoring and filtering of the traffic more
   complex, thus hindering fine-grained censorship.

   Furthermore, in QUIC it is also harder to terminate connections,
   since in the protocol the only parties that can terminate the
   connection are those actually involved in the connection once it
   exists.  This means that a middlebox cannot reset a connection, but
   needs to continue to block it, keeping state.  Considering this, it

Martini & ten Oever      Expires April 25, 2019                [Page 12]

Internet-Draft                   QUIC-HR                    October 2018

   can be stated that QUIC makes censorship harder because it requires
   the censor to invest more resources and efforts.

   QUIC is also improving the protection against DDoS through
   observation of the handshake for connection confirmation, and through
   the need to validate new connections in case of a connection

   It is worth noting that it is almost impossible to make the handshake
   resilient to injection attacks, and the general consensus has been
   not to spend cycles trying.  This means that handshakes can easily be
   disrupted by a censor.  Post-handshake, QUIC is very resilient to
   attempts to reset the connection by a third party.

4.7.  Open Standards

   QUIC is published as open standard.

4.8.  Heterogeneity Support

   The design of the QUIC transport protocol is currently specifically
   tailored to be used with TLS1.3 and HTTP2.  It is explicitly
   constructed in a modular manner and is designed to support other
   application layer protocols in the future as well.

4.9.  Anonymity

   Persistent static identifiers, consistently linking to a particular
   person or small, well-defined group of people, are one of the main
   threats to anonymity.  This is especially concerning when the
   identifier is used in repeatedly used in multiple contexts, thus
   raising an issue of linkability.

   In QUIC, linkability would occur in case a connection ID was used on
   multiple network paths.  In order to provide some protection against
   linkability in case of connection migration, QUIC uses different
   connection IDs when different local addresses are used.  Furthermore,
   packet numbers are encrypted to ensure they are not used to establish
   a link between different connection IDs.

   However, it is important to note that traffic analysis might still
   allow to correlate different streams.

4.10.  Pseudonymity

   Keeping different identities isolated from each other is critical to
   protect and preserve pseudonymity.  QUIC contributes to this by using
   different connections IDs for different local addresses.

Martini & ten Oever      Expires April 25, 2019                [Page 13]

Internet-Draft                   QUIC-HR                    October 2018

4.11.  Confidentiality

   Through the use of cryptography, QUIC integrates security,
   confidentiality, authenticity, and integrity directly into the
   transport protocol rather than having them layered on top of it.  Any
   server that offers QUIC to benefit from its latency improvements will
   automatically provide all the aforementioned attributes to their

4.12.  Integrity

   The use of TLS1.3 in QUIC makes on-path attacks either visible or
   nearly impossible to carry out.  So, if an actor forces the traffic
   to go through one middlebox and decrypt the traffic itself, their
   action is made detectable.  This also protects the integrity of the
   datastream, prevents tampering, and averts the injection of extra
   data in the stream.

4.13.  Authenticity

   Except for the initial handshake, the encryption in QUIC is provided
   by TLS1.3, which uses asymmetric cryptography to authenticate the
   hosts.  This enables verification of authenticity.

4.14.  Adaptability

   QUIC has a modular approach, and is designed for adaptation.  The
   only commitments in the protocol are the requirement to run on UDP,
   the packet header, and the version negotiation phase.  The remainder
   of the protocol is quite flexible and can be further adapted.

   By preventing the ossification of the protocol by middleboxes through
   the encryption of transport headers, QUIC enhances the adaptability
   of the architecture.

   As a transport protocol, QUIC tries to be agnostic for application
   layer protocols, even though it is currently tailored to work with

4.15.  Outcome Transparency

   Outcome transparency concerns the intelligibility of the effects of a
   protocol in relation to its users, protocol developers, and
   implementers, and its potential consequences (e.g. lack of
   authenticity may lead to lack of integrity and negative

Martini & ten Oever      Expires April 25, 2019                [Page 14]

Internet-Draft                   QUIC-HR                    October 2018

   QUIC represents a remarkable evolution of the transport layer with
   significant impact on the Internet architecture and, most
   importantly, the service provided to users.

4.15.1.  Encryption

   The IETF has reached consensus on the fact that pervasive monitoring
   is an attack (see [RFC7258]), and that a response to mitigate this is
   represented by ubiquitous encryption, which would also reinforce the
   end-to-end nature of the network [RFC2775] [RFC3724] [RFC7754].

   With the advent of QUIC, encryption becomes the default on the
   transport level.  This has a critical impact on the protection of
   user privacy.

   Furthermore, it has implications concerning network operators that
   had previously used visible parts of protocols to, among other
   things, manage, operate, and secure their networks [RFC8404].

   Encryption also improves the integrity of the datastream, as QUIC
   allows to protect users against injections of ads by network

4.15.2.  Permissionless Innovation and Its Challenges

   As suggested by interviewees during the research phase of this
   review, and to acquire a more contextualized understanding of
   protocol development efforts over time, it is relevant to pay
   attention to the history of SCTP (Stream Control Transmission
   Protocol).  SCTP is a protocol for transmitting multiple streams of
   data at the same time between two end points that have established a
   connection in a network, standardized in [RFC4960].

   As outlined in the comparison between SCTP and QUIC presented in
   [draft-joseph-quic-comparison-quic-sctp-00], the deployment of SCTP
   is not particularly widespread.  In-network devices, like NAT
   gateways for example, do not support SCTP well.  NAT gateways need to
   be upgraded to be SCTP-aware, the modification of middleboxes is very
   expensive, and Internet service providers, focusing on the
   sustainability of their business, update the devices in accordance
   with the benefit that this can represent for their revenues.

   Furthermore, an early version of QUIC (now popularly called gQUIC)
   was initially designed and deployed by a large content provider,
   Google.  It was implemented in 2012, and the company invested
   significant resources to develop it, for example conducting thorough
   A/B-testing in order to assess how the protocol would interact with

Martini & ten Oever      Expires April 25, 2019                [Page 15]

Internet-Draft                   QUIC-HR                    October 2018

   the network, and how the middleboxes would respond.  QUIC is now
   widely used in Chrome clients accessing Google services.

   In 2015, an Internet Draft of a specification for QUIC was submitted
   to the IETF for standardization, and the following year the QUIC
   Working Group was established.  A growing number of contributors from
   the corporate, academic, nonprofit sector have joined the protocol
   development work since, and what has been achieved to date is the
   result of a notable and labor-intensive collaborative effort.

   So, on one hand, the history of QUIC shows that permissionless
   innovation is still possible.  On the other hand, it also shows what
   remarkable efforts and resources are needed to carry out such an
   ambitious project.  While permissionless innovation still exists, the
   threshold and costs for innovation seem to rise significantly and

   Also, a look at the actors and dynamics involved in QUIC's history
   should not underestimate the power of Google's authority.  A
   different developing actor might have been able to invest a similar
   amount of resources into the development of a protocol.  Still,
   without an impressive user base and traffic stream as Google's, they
   might have received a less supportive response from network

   Having said that, it is expected that QUIC will improve the current
   situation by providing a more capable transport which aims to
   overcome ossification and allow for changes in the protocol due to
   its modularity.

4.15.3.  Privacy, Power and Consolidation

   The most relevant privacy advantage provided by QUIC is gained by
   users who have different kinds of traffic relations with one end
   point.  In fact, QUIC does not allow network providers to easily
   differentiate between, for instance, HTTP requests, DNS requests and
   real time voice packets, thus strengthening user privacy, and also
   improving performance.  It is important to note, though, that QUIC
   does not actually hide or attempt to hide the application protocol
   being used on a connection.  The ALPN offered by the client is
   protected only by a key which can be calculated by any party who can
   work with the QUIC version in use.

   On the other hand, this creates a concentration of different kinds of
   traffic with one end point, thus giving the service provider access
   to more categories of privacy sensitive information.

Martini & ten Oever      Expires April 25, 2019                [Page 16]

Internet-Draft                   QUIC-HR                    October 2018

   In the current reality of the Internet, the biggest hosts are
   controlled by large, consolidated, transnational corporations.  This
   creates an extreme power differential between end users on the one
   hand, and service providers and content operators on the other hand.

   In order to protect privacy and secure information, it is important
   that the user makes a careful and informed decision about the hosting
   provider and plan they choose.

   While ubiquitous encryption changes the relation between service
   providers and content operators, placing them at the same end of the
   spectrum, it remains to be seen whether if it can help users take and
   retain control within the overall power structures of Internet
   governance and economics.

   One of the problems with deploying fully encrypted protocols like
   QUIC is that deployment is far easier for organizations that already
   have integrated observability, traceability, and tooling in their
   back-ends, which not surprisingly happen to be the big players.

   If there was any chance to make running a QUIC server relatively
   easy, thus enabling a greater diversification of end points, QUIC
   could contribute to a power shift in favor of the end user.

   However, running a QUIC infrastructure is currently expected to be
   more demanding than running a HTTP/2 or HTTP/1 infrastructure.  It
   would be truly compelling if this consideration could be discussed
   further, and ideally addressed by the development and release of
   openly available tooling allowing for more accessible ways to run a
   QUIC server.

4.15.4.  Transparency and IoT

   End-to-end encryption on the transport layer makes monitoring and
   filtering of the traffic more complex, and can lead to the adoption
   of other network management practices to obtain this information.

   This has implications on the management of Internet of Things (IoT)
   devices.  If an IoT device adopts QUIC, it will be harder for the
   user who owns the device to monitor what data is communicated with
   third parties.  It would also be more difficult to conduct research
   into the promulgation of malware, cookies and other artefacts.

   Adequate tooling to protect the right to privacy of IoT users has not
   yet been developed.

Martini & ten Oever      Expires April 25, 2019                [Page 17]

Internet-Draft                   QUIC-HR                    October 2018

5.  Conclusions and Recommendations

   The QUIC protocol provides significant human rights improvements for
   end users.

   It dramatically improves connectivity for users on high-loss, high-
   latency connections.  Users will benefit from lower latencies and
   will not need to restart sessions as often.  And in those cases in
   which they will need to restart a session, they will able to do so
   without having to re-do the initial handshake.

   Another key improvement is represented by the use of encryption by
   default, which provides authentication, stream integrity,
   adaptability of the protocol by overcoming ossification, and improved
   protection from third party monitoring and metadata analysis.

   The following is a list of potential improvements that we invite the
   QUIC Working group to take into consideration, wishing for the
   protocol to have even greater positive implications for human rights.

   -  As the QUIC Working Group is expected to deliberate on the
      potential inclusion of the spin bit in the main specification of
      the protocol at the upcoming IETF103 (November 3-9, 2018), we
      suggest to consider not to include it.  Our recommendation is
      motivated by the concerns raised in regards to its implications on
      user privacy, as reported in this very document, and also shared
      by some of the interviewees.

   -  Consider deploying IP header encryption as an optional extension.

   -  Evaluate the addition of language tagging and charset
      identification in the case of Reason Phrase in the

   -  Examine the opportunity to translate the QUIC specification into
      other languages.

   -  Discuss the viability to make tooling for running QUIC servers
      openly available.

   -  Observe and iteratively assess the implications of QUIC on the
      power relations between end user on one end of the spectrum, and
      network operators and service providers on the other one.

Martini & ten Oever      Expires April 25, 2019                [Page 18]

Internet-Draft                   QUIC-HR                    October 2018

6.  Acknowledgements

   The authors thank (in alphabetical order) Mike Bishop, Janardhan
   Iyengar, Daniel Kahn Gillmor, Mirja Kuehlewind, Mark Nottingham,
   Martin Thomson, and Brian Trammell for their generous contribution to
   our research and review.  This document does not necessarily reflect
   their opinion, but solely that of the authors.

7.  Security Considerations

   As this draft concerns a research document, there are no security

8.  IANA Considerations

   This document has no actions for IANA.

9.  Review Team Information

   The discussion list for the Human Rights Review Team is located at
   the e-mail address hr-rt@irtf.org [1].  Information on the group and
   information on how to subscribe to the list is at
   https://www.irtf.org/mailman/listinfo/hr-rt [2]

   Archives of the list can be found at: https://www.irtf.org/mail-
   archive/web/hr-rt/current/index.html [3]

10.  References

10.1.  Informative References

              Behr, M. and I. Swett, "Introducing QUIC Support for HTTPS
              Load Balancing", June 2018,

   [Cuietal]  Cui, Y., Li, T., Liu, C., Wang, X., and M. Kuehlewind,
              "Innovating Transport with QUIC: Design Approaches and
              Research Challenges", IEEE Internet Computing, Vol 21(2),
              pp. 72-76 , March 2017, <https://mami-project.eu/wp-

Martini & ten Oever      Expires April 25, 2019                [Page 19]

Internet-Draft                   QUIC-HR                    October 2018

              Huitema, C., Shore, M., Mankin, A., Dickinson, S., and J.
              Iyengar, "Specification of DNS over Dedicated QUIC
              Connections (work in progress)", June 2018,

              Huitema, C., "QUIC Multipath Requirements (work in
              progress)", January 2018, <https://tools.ietf.org/html/

              Thomson, M., "Version-Independent Properties of QUIC (work
              in progress)", March 2018, <https://tools.ietf.org/html/

              Trammell, B. and M. Kuehlewind, "The QUIC Latency Spin Bit
              (work in progress)", April 2018,

              Thomson, M. and S. Turner, "Using Transport Layer Security
              (TLS) to Secure QUIC (work in progress)", May 2018,

              Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
              and Secure Transport (work in progress)", May 2018,

              Joseph, A., Li, T., He, Z., Cui, Y., and L. Zhang, "A
              Comparison Between SCTP and QUIC (work in progress)",
              March 2018, <https://tools.ietf.org/html/

   [FIArch]   Future Internet Architecture (FIArch) Group, "Future
              Internet Design Principles", January 2012, <https://pdfs.s

Martini & ten Oever      Expires April 25, 2019                [Page 20]

Internet-Draft                   QUIC-HR                    October 2018

   [Gratzer]  Gratzer, F., ""QUIC - Quick UDP Internet Connections"",
              Seminar Innovative Internet-Technologien und
              Mobilkommunikation SS2016 , 2016,

              Hall, J., Aaron, M., and B. Jones, "A Survey of Worldwide
              Censorship Techniques (work in progress)", April 2015,

   [Huston]   Huston, G., "Just One QUIC Bit", APNIC , March 2018,

   [ICCPR]    United Nations General Assembly, "International Covenant
              on Civil and Political Rights", December 1966,

   [ICESCR]   United Nations General Assembly, "International Covenant
              on Economic, Social and Cultural Rights", December 1966,

              Kuehlewind, M., Buehler, T., Trammell, B., Neuhaus, S.,
              Muentener, R., and G. Fairhurst, "A Path Layer for the
              Internet: Enabling Network Operations on Encrypted
              Protocols", IEEE International Conference on Network and
              Service Management (CNSM) , November 2017,

              Molavi Kakhki, A., Jero, S., Choffnes, D., Nita-Rotaru,
              C., and A. Mislove, "Taking a Long Look at QUIC",
              Proceedings of IMC '17, London, United Kingdom , November
              2017, <https://david.choffnes.com/pubs/

   [RFC1958]  Carpenter, B., Ed., "Architectural Principles of the
              Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996,

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996,

Martini & ten Oever      Expires April 25, 2019                [Page 21]

Internet-Draft                   QUIC-HR                    October 2018

   [RFC2775]  Carpenter, B., "Internet Transparency", RFC 2775,
              DOI 10.17487/RFC2775, February 2000,

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
              2003, <https://www.rfc-editor.org/info/rfc3629>.

   [RFC3724]  Kempf, J., Ed., Austein, R., Ed., and IAB, "The Rise of
              the Middle and the Future of End-to-End: Reflections on
              the Evolution of the Internet Architecture", RFC 3724,
              DOI 10.17487/RFC3724, March 2004,

   [RFC4084]  Klensin, J., "Terminology for Describing Internet
              Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084,
              May 2005, <https://www.rfc-editor.org/info/rfc4084>.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
              FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,

   [RFC4960]  Stewart, R., Ed., "Stream Control Transmission Protocol",
              RFC 4960, DOI 10.17487/RFC4960, September 2007,

   [RFC6582]  Henderson, T., Floyd, S., Gurtov, A., and Y. Nishida, "The
              NewReno Modification to TCP's Fast Recovery Algorithm",
              RFC 6582, DOI 10.17487/RFC6582, April 2012,

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,

   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
              2014, <https://www.rfc-editor.org/info/rfc7258>.

   [RFC7754]  Barnes, R., Cooper, A., Kolkman, O., Thaler, D., and E.
              Nordmark, "Technical Considerations for Internet Service
              Blocking and Filtering", RFC 7754, DOI 10.17487/RFC7754,
              March 2016, <https://www.rfc-editor.org/info/rfc7754>.

Martini & ten Oever      Expires April 25, 2019                [Page 22]

Internet-Draft                   QUIC-HR                    October 2018

   [RFC8280]  ten Oever, N. and C. Cath, "Research into Human Rights
              Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280,
              October 2017, <https://www.rfc-editor.org/info/rfc8280>.

   [RFC8404]  Moriarty, K., Ed. and A. Morton, Ed., "Effects of
              Pervasive Encryption on Operators", RFC 8404,
              DOI 10.17487/RFC8404, July 2018,

              Trammell, B., "Explicit Passive Measurability and the QUIC
              Spin Bit", APNIC , May 2018,

              Trammell, B., "And Yet, It Spins", March 2018,

   [UDHR]     United Nations General Assembly, "The Universal
              Declaration of Human Rights", December 1948,

              Wilk, A., Hamilton, R., and I. Swett, "A QUIC Update on
              Google's Experimental Transport", April 2015,

              Ziewitz, M. and I. Brown, "A Prehistory of Internet
              Governance", Research Handbook on Governance of the
              Internet, ed I. Brown, 3-26. Cheltenham: Edward Elgar ,

10.2.  URIs

   [1] mailto:hr-rt@irtf.org

   [2] https://www.irtf.org/mailman/listinfo/hr-rt

   [3] https://www.irtf.org/mail-archive/web/hr-rt/current/index.html

Authors' Addresses

Martini & ten Oever      Expires April 25, 2019                [Page 23]

Internet-Draft                   QUIC-HR                    October 2018

   Beatrice Martini
   Harvard Kennedy School

   EMail: mail@beatricemartini.it

   Niels ten Oever
   University of Amsterdam

   EMail: mail@nielstenoever.net

Martini & ten Oever      Expires April 25, 2019                [Page 24]