Re: HTTP/2 and Pervasive Monitoring
Martin Thomson <martin.thomson@gmail.com> Wed, 20 August 2014 17:04 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B51E1A048F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 10:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.67
X-Spam-Level:
X-Spam-Status: No, score=-7.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJNKyR5p-LRu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 20 Aug 2014 10:03:58 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C8B41A047C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 20 Aug 2014 10:03:58 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XK9Fu-0008DU-4s for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 17:01:02 +0000
Resent-Date: Wed, 20 Aug 2014 17:01:02 +0000
Resent-Message-Id: <E1XK9Fu-0008DU-4s@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XK9FO-0008BY-2F for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 17:00:30 +0000
Received: from mail-wi0-f169.google.com ([209.85.212.169]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XK9FL-0000og-CQ for ietf-http-wg@w3.org; Wed, 20 Aug 2014 17:00:30 +0000
Received: by mail-wi0-f169.google.com with SMTP id n3so6971891wiv.4 for <ietf-http-wg@w3.org>; Wed, 20 Aug 2014 10:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nxlysbnf6yNViwnZ71BiTAIYAvr8sqUtPsn5JH46H08=; b=vdYSumlRZPBuSNIWdL9Fled2taqNdSDXrWQgfE6Mp6xctyb592RKGiaNOn6r1jwaf3 okgK2I6zH/auwxQJUGJ17Zv4pzem9MteoNh0qxLxcN5oDeUkRxDM9vOecVIzO2NmEhRx MNVHXph7X2yTdKPm5QH7GyhvaJ/pb2U+BSHirLPVSytTksGWwbCi8txnh4LZm0hhg5do pLR53m2e54P+05Sc8TXvmisxDrHbqIymZ35CQLQM/8ZWdYp5PbCG1/On6zmM6AXEnI7V 32FxSd0UfJ/KHyMr2FsPB+9KyhthUWbyT/t8MAyq3JEWhb0PCW785b056523r3pLxSCJ 1b7Q==
MIME-Version: 1.0
X-Received: by 10.180.73.6 with SMTP id h6mr16340307wiv.65.1408553999719; Wed, 20 Aug 2014 09:59:59 -0700 (PDT)
Received: by 10.194.6.229 with HTTP; Wed, 20 Aug 2014 09:59:59 -0700 (PDT)
In-Reply-To: <10689.1408519778@critter.freebsd.dk>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk> <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net> <10689.1408519778@critter.freebsd.dk>
Date: Wed, 20 Aug 2014 09:59:59 -0700
Message-ID: <CABkgnnVvm6vz=Tcv2n9YtH13E9-AUgdyXVY5RxLvmKkCcNSpgg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.212.169; envelope-from=martin.thomson@gmail.com; helo=mail-wi0-f169.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.733, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XK9FL-0000og-CQ 8e7b2d4ca6f9feb3de9ba825764ca635
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CABkgnnVvm6vz=Tcv2n9YtH13E9-AUgdyXVY5RxLvmKkCcNSpgg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26678
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 20 August 2014 00:29, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > I don't think the algorithm matters, as long as it's not buggy, the > bruteforcing will be done against the keys used. Let's go with this and run with it a little. Assume that you are using AES-GCM or something like it. That's 2^64 decryptions to get a 50/50 chance of success. The constant factor is the speed of the algorithm and it's key schedule. If you can do 10Gb/s on a single machine with Ilari's estimated ~1.7 cGHz and 14cGHz per core, that means something in the order of 900 machine years to brute force a single key. Based on some rough guesses on AWS (ECU to cGHz conversion) and current prices, that's going to set you back about USD170K. It's highly parallel, so don't expect to wait particularly long. Big caveat on the numbers, I've fudged a fair bit (on the pessimistic side). On the other hand, if you reduced the key size to 32-bit and increased the enciphering rate by a linear factor (4), that reduces the number of calculations significantly. That works out a cost for a brute force of USD0.0000000001 USD170K might be OK, depending on what you concern yourself with. Though it makes me think that a move to 256-bit ciphers might need to come sooner than I expected. On the other hand, any significant reduction in key size basically seems to amount to nothing short of an ineffectual cipher. Even a 64-bit cipher that increased throughput by a factor of 16 would be a trivial cost to brute force.
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp