IETF Logo Mail Archive

Re: New Draft: draft-ohanlon-transport-info-header

Patrick McManus <mcmanus@ducksong.com> Mon, 02 December 2019 13:53 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CFB7120241 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 2 Dec 2019 05:53:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=BnjrFR7r; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=nM5sETKT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWjtKJgPEqZW for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 2 Dec 2019 05:53:51 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9766912006D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 2 Dec 2019 05:53:51 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ibm69-0001zu-VR for ietf-http-wg-dist@listhub.w3.org; Mon, 02 Dec 2019 13:50:46 +0000
Resent-Date: Mon, 02 Dec 2019 13:50:45 +0000
Resent-Message-Id: <E1ibm69-0001zu-VR@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mcmanus@ducksong.com>) id 1ibm66-0001z3-Ng for ietf-http-wg@listhub.w3.org; Mon, 02 Dec 2019 13:50:42 +0000
Received: from outbound2r.ore.mailhop.org ([54.200.129.228]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mcmanus@ducksong.com>) id 1ibm64-0004xC-Ts for ietf-http-wg@w3.org; Mon, 02 Dec 2019 13:50:42 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1575294638; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=K5g7/mOXgh8sCJXkK3fzpwEQoCwImz/CIFw1AB9KPnpTTPWIbWofa1TR+jy5kn29v+1v4iGbrHkWL KJRgr7s6NG67GKWONk35RQupTN6fR5vFUjYGXffcXYAfLqSFA1LfC6hcAdyFyg8tSj4wg0QHqhtCLf sUYly9rQuYXRD6cYX+Hw6xcqqEMvQmmzxg9xa7FEbt0Va/ze+zoxDHyxYyEEMfmEVNLU4/0m6Wx/QJ UrmWEQPLroasxKbEWDY3aGZmjPuvgaKrJ3Q0f2XJ7oSRFocLwmMWnI6Q7eAkCQEhRKicvifMB2yJIc mCzUUDo2AdSCN9nnYRk323W7mLOs2Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=l0xDVV1ttSjCDJ91Zx5gG85exfytejNjtXMZhAJQnZ4=; b=bLYY3VjRSc4cK74SFqBGwVwBd1JgwGgLG72i6VJt2sFUhoAACc0qsfeJrytdNGYRf5WNcrbF7fyqh IBG4ogKLxljW1m+k0WmbLzfxFRFoWl9hvrvNZc2Rg0DtUy5zwNaQWczGjhk8dBTHuqyEPDVd0ptuD/ pMSy793cpu5n98GmkVV6hxJMx72MPuIQwLjXtuY4AHMrlyS8nAFw1ypo6ZPxrAVCbd9doPTkms04pN kjkMBsweXeA/Gp4/c4muho1Q1DNJnnujOT6gficUGyTiv9sqnwwS2BGXxnI1D3/ev7zazz5AdyQcyG Qn2Vtlpb/CTKlsSU3uRmwJtwYsDJlXg==
ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.41; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=l0xDVV1ttSjCDJ91Zx5gG85exfytejNjtXMZhAJQnZ4=; b=BnjrFR7rTqCPCQE6DN3Qi8yqIHg+P3tSsasgt0SkKO7zEf1k53G26fjaFzOVRLfEYrZ14TR0+KjJo lDQpSozlyWl6dDO+x4V1TXBpW0/IUycVDArmG0wyb5Mj9NFk7Ii24h7+RpEwqOC3aWOKPR7EqZLUEk y/2+isStLXC/uqu0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=l0xDVV1ttSjCDJ91Zx5gG85exfytejNjtXMZhAJQnZ4=; b=nM5sETKTCtQfcAzaItceuAttOLtsYPLrgds7eJCMbrfmSu68I4LlHg84ZuPi8//giEjVXSM9NVfGB s4kaSpwyOzngPYe/fI/5E5ae1A/1yuJ6R5I7np2UPcUFn91bZaZbUevpFKk00LAHNRFY2sNMXskJi7 BgLc1rLRlpBFmtlzszx/Y1Mi6/jTTou/tfVPJ67puKN14BkfNDy65WGNJ76+txBXSGC5fTdQL9Lgcj GqIzHMDcuXS0ssuJF2MC2wB+Y1SUE1bPumjqDRbqstrrfLmxhA/o/tWZK4vZ29hnOaYT82pHm3sSv7 YlpDoc48GG3120CM35vsek4vl1L75Jw==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: b79dbd97-150a-11ea-829e-79a40d15cccd
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.41
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f41.google.com (unknown [209.85.210.41]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id b79dbd97-150a-11ea-829e-79a40d15cccd; Mon, 02 Dec 2019 13:50:37 +0000 (UTC)
Received: by mail-ot1-f41.google.com with SMTP id r27so16579144otc.8 for <ietf-http-wg@w3.org>; Mon, 02 Dec 2019 05:50:36 -0800 (PST)
X-Gm-Message-State: APjAAAUqKWqxZpq9ww3soMVVR4xCughA8aKfRH8gcZfj22fp9lTtew36 ZO7+IiyJ6BBpHtrlu2Jt2uqtI94g8XGHY2dBPIs=
X-Google-Smtp-Source: APXvYqzY41MK1CIj8PR4eamZvR2g8WeziSYbtKFa/QI1YbKrGl1sOvEN4O+Psc1hDJwcjHsDHwG1jZugnggP8z4+foY=
X-Received: by 2002:a05:6830:1bd5:: with SMTP id v21mr22218213ota.154.1575294636040; Mon, 02 Dec 2019 05:50:36 -0800 (PST)
MIME-Version: 1.0
References: <CAFWWCs4jSRbrK_-5mxM8w4YexYNKRuwGGJSK4iNrhr4en2Q=_w@mail.gmail.com> <CALGR9ob+EgQwC=VK80PPRWxABxi3AeLUpGXk=wzBK57H0OUzJw@mail.gmail.com> <CAFWWCs5u=qAjmhPek17YqN=AmVJgyCXEVkfP2RsQ5uM-DBZc0A@mail.gmail.com> <CAOdDvNrKSPwxNPDYW_0rqc78Zu4NJW9E49qGFt+nv7v3cUgTXg@mail.gmail.com> <CAFWWCs7XqVjOcNyt75P7enHXkAV3WzM8TDZLmUUaiDHFdT3QQQ@mail.gmail.com> <CAOdDvNo2dC77aQJif_351SR70J=judm+eKupm64=fSCY8212PA@mail.gmail.com> <FC0A337E-C794-446A-B587-36FA4F57820D@bbc.co.uk> <CAOdDvNoJyKia5KLHi-1dg7jX6ShJUPycnZwnazSFa4wf0qvLig@mail.gmail.com> <8D432349-23EA-4D6D-9C10-7AFF2B88418B@bbc.co.uk>
In-Reply-To: <8D432349-23EA-4D6D-9C10-7AFF2B88418B@bbc.co.uk>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Mon, 02 Dec 2019 08:50:24 -0500
X-Gmail-Original-Message-ID: <CAOdDvNp0GKs5NNs2LkJkiAyWMYbc2DOAKAAxXLMjeSDVLBMHqQ@mail.gmail.com>
Message-ID: <CAOdDvNp0GKs5NNs2LkJkiAyWMYbc2DOAKAAxXLMjeSDVLBMHqQ@mail.gmail.com>
To: Piers O'Hanlon <piers.ohanlon@bbc.co.uk>
Cc: Patrick McManus <mcmanus@ducksong.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000032a8760598b8dd5a"
Received-SPF: permerror client-ip=54.200.129.228; envelope-from=mcmanus@ducksong.com; helo=outbound2r.ore.mailhop.org
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ibm64-0004xC-Ts b003791d800717e18edd1e6c54af552d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Draft: draft-ohanlon-transport-info-header
Archived-At: <https://www.w3.org/mid/CAOdDvNp0GKs5NNs2LkJkiAyWMYbc2DOAKAAxXLMjeSDVLBMHqQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37198
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Tue, Nov 26, 2019 at 12:12 PM Piers O'Hanlon <piers.ohanlon@bbc.co.uk>
wrote:

>
> Sure - I guess I didn’t put it very well - I was trying to say that the
> Transport-Info header would be only be transferred between that CDN edge
> and the client - it’s a hop-by-hop heade'''


h2 doesn't have hop to hop headers. it has per stream frames though.


> r - for the last last hop.


how does one know they are the last hop?

what have you have described the side channel isn’t clear to me?
> >
> >
> > obviously the HTTP protocol is aware of this sharing - indeed it
> initiates it! but the ramifications of it are generally opaque to the
> semantics of HTTP exchanges (roughly expressed by headers and messages). So
> perhaps what you want is better carried in the protocol (e.g. as a frame)..
> if you are proposing exposing it to content it needs to be scrutinized for
> the same reason that it is useful. This can be subtle - see CRIME and
> BREACH for example.
> >
> Yes I had considered that frame based transport might be better but what
> is also required is to extract the transport/flow information for that
> stream - but if one could do that then it would potentially be ok to
> transport it in a header as the issue is that there is access to shared
> state.
>

there is a significant difference between information available to the
protocol implementation and information in the semantic header layer which
is available to javascript. The latter is held to a higher level of
isolation due to the security model of javascript.


> Also for H2/3 since this is an issue about transport rate the fact padding
> is used on each connection


padding is not really a common thing at scale and there is some controversy
over how helpful it is.


> means that there is always going to be some uncertainty introduced by
> padding in such attack. Such an attack where one flow to try to learn about
> another flow it would need to calculate it’s own portion of the flow so it
> could subtract it from the total flow rate provided by the header but’s
> going to be limited by not knowing about the padding.
>
>
I think your best argument is going to be that this side channel isn't very
meaningful for what you are reporting - but arguing that there isn't a side
channel is not going to work out well long term. The attacker is always
better motivated and more clever than your defense. Here's a fun one:
https://www.usenix.org/node/217606 from ietf 106


> Another potential mitigation technique would be to add some noise to the
> measurements which would make it harder for collusion to occur with
> coordinated attacks. The choice of the level of noise could be a function
> of the number of flows the server knows are sharing the connection, or
> maybe just some randomness so that two simultaneous requests don’t obtain
> the same result - although in practice they’re not going to obtain the same
> result as the connection parameters are constantly changing, although such
> random noise could mitigate attempts to compare trends.
>
>

v2.23.0 | Report a Bug | By Email