IETF Logo Mail Archive

Re: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements

Giuseppe Fioccola <giuseppe.fioccola@huawei.com> Thu, 11 May 2023 09:44 UTC

Return-Path: <giuseppe.fioccola@huawei.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF35FC151545; Thu, 11 May 2023 02:44:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AG84UdLNEKRf; Thu, 11 May 2023 02:44:04 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C102EC151549; Thu, 11 May 2023 02:44:03 -0700 (PDT)
Received: from frapeml100008.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4QH6PS5wkDz6DB1T; Thu, 11 May 2023 17:42:20 +0800 (CST)
Received: from frapeml500006.china.huawei.com (7.182.85.219) by frapeml100008.china.huawei.com (7.182.85.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 11 May 2023 11:44:00 +0200
Received: from frapeml500006.china.huawei.com ([7.182.85.219]) by frapeml500006.china.huawei.com ([7.182.85.219]) with mapi id 15.01.2507.023; Thu, 11 May 2023 11:44:00 +0200
From: Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
To: Christian Huitema <huitema@huitema.net>, Lucas Pardue <lucaspardue.24.7@gmail.com>, Tommy Pauly <tpauly@apple.com>
CC: IETF IPPM WG <ippm@ietf.org>, QUIC WG <quic@ietf.org>
Thread-Topic: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements
Thread-Index: AQHZg4hyRh4NL5ibBEqSc7qR7ycMT69UG2gAgAAeYgCAAFSdgIAAPy9Q
Date: Thu, 11 May 2023 09:44:00 +0000
Message-ID: <5cf7edfcdf604f13b7fda36d206babfb@huawei.com>
References: <CALGR9oZxFEXWD5hZZOJB7q+-f766FsjBGBTNjpuc1jyZyucz3Q@mail.gmail.com> <3103CBFB-5112-4FAC-A2F0-5209F52AB288@apple.com> <CALGR9oboNgFo-BA0Sqstog_JFPm+DL545VUSbksgF1chTnZ7VQ@mail.gmail.com> <791fd608-8112-bea7-9e22-5d0b8b9e8b1d@huitema.net>
In-Reply-To: <791fd608-8112-bea7-9e22-5d0b8b9e8b1d@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.45.149.20]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/XMcvQnU0cDiK8MiNFgaRk6-yAwI>
Subject: Re: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2023 09:44:07 -0000

Hi Lucas, Tommy, Christian,
Thank you for raising your concerns.
As also mentioned by Tommy, let me clarify that draft-ietf-ippm-explicit-flow-measurements is not defining any standard, or allocating any code points in QUIC.
It is an informational document and it aims to define transport agnostic methodologies that can theoretically be applicable to any transport-layer protocols between collaborative client and server. 
We are following the approach of RFC 8321 and RFC 8889, which were elevated to standards track when the methods were considered more mature (i.e. RFC 9341 and RFC 9342). 
As noted, different techniques and variants are described in this draft, but this does not mean that all the methods must be implemented in a single protocol.
The assumption is that the possible future standards track documents, which could apply these methods to a specific protocol, will consolidate the design into fewer bits according to the particular application scenario. A first example is in CoAP (https://datatracker.ietf.org/doc/draft-ietf-core-coap-pm/).
In summary, the QUIC implementation of these methods is out of scope for this draft.
I think your concerns about QUIC are reasonable, but they can be taken into account only for the specific application to QUIC, that would eventually be defined in a separate draft. If there is the consensus in QUIC WG, we are interested to further discuss the implementation in QUIC at the IETF 117.
For what concerns draft-ietf-ippm-explicit-flow-measurements, to avoid misunderstanding, we agreed to revise section 6 without saying explicitly which particular bits can be used in QUIC or TCP. As an alternative, section 6 can simply be removed and we can also reduce the references to QUIC documents in the whole draft.
Please note that we plan to review the draft soon.

Regards,

Giuseppe
(on behalf of the coauthors)

-----Original Message-----
From: ippm <ippm-bounces@ietf.org> On Behalf Of Christian Huitema
Sent: Thursday, May 11, 2023 9:38 AM
To: Lucas Pardue <lucaspardue.24.7@gmail.com>; Tommy Pauly <tpauly@apple.com>
Cc: IETF IPPM WG <ippm@ietf.org>; QUIC WG <quic@ietf.org>
Subject: Re: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements

On 5/10/2023 7:35 PM, Lucas Pardue wrote:
> Hey Tommy,
> 
> On Thu, May 11, 2023 at 3:00 AM Tommy Pauly<tpauly@apple.com>  wrote:
> 
>> The document is describing how bits*could*  be used, not actually 
>> suggesting reserving specific ones at this point.
>>
>> This same feedback did come up in IESG review, and I believe that 
>> there will be an update to remove details that refer to specific bit 
>> ranges to avoid this danger.
>>
>> I’ll let the authors chime in more =)
>>
> 
> To summarize the issue, there's only 7 bits that any QUIC version 
> compatible with the Invariants can ever use. Unless client, server and 
> observers all agree what those bits might mean, there's no way to 
> actually use them assuredly. The draft doesn't pay enough attention to 
> highlighting this deployment problem, so there's a risk that the work 
> done to define the bits in the abstract is for nought because the next 
> steps of trying this out for real are unclear. Relying on some private 
> agreements of what the bits might mean isn't safe for several reasons.

I addition to Lucas' concerns, let me express my own concern with the mention of the "UDP surplus space". This is the same concern that I have with the proposal to define "UDP options". These options would define an unencrypted trailer of QUIC packet. The idea is that the IP packet length is longer than UDP header length plus UDP payload length, leaving bits at the end that are not covered by the QUIC encryption. These bits create a clear text "side channel", which can be easily used to compromise the security of QUIC. I think this a serious security hole, which should be blocked.

One way to block it is to immediately drop any QUIC packet for which IP length and UDP length don't match. Many firewalls do that already. Doing that will penalize any attempt to add a side channel to QUIC -- any application that used such a channel would cause packets to be dropped, making this kind of channels very unattractive.

-- Christian Huitema

_______________________________________________
ippm mailing list
ippm@ietf.org
https://www.ietf.org/mailman/listinfo/ippm

v2.23.0 | Report a Bug | By Email