Re: [MSEC] QUIC multicast
Behcet Sarikaya <sarikaya2012@gmail.com> Wed, 29 June 2022 14:31 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: msec@ietfa.amsl.com
Delivered-To: msec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42724C15A748 for <msec@ietfa.amsl.com>; Wed, 29 Jun 2022 07:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.754
X-Spam-Level:
X-Spam-Status: No, score=-1.754 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMjsMn9hxUgk for <msec@ietfa.amsl.com>; Wed, 29 Jun 2022 07:31:26 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 924B1C15AAD4 for <msec@ietf.org>; Wed, 29 Jun 2022 07:31:26 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id i18so28379117lfu.8 for <msec@ietf.org>; Wed, 29 Jun 2022 07:31:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=cztI7RozEp11BtUNyhDC5NDj3MhiTzRL4k1ZNxpA2JU=; b=gDGc5gIWbX2aNSwp6u6H4jgqEgDJK7eOijL6DYAJ8N5cieZWuFbhw+PpLYsXduFlfD e9uY829fadHLtLPzcfyIlsef0dFGYrgRX8eQdAzu9QqpNqS2QromQBU348kFVO+3oDm0 LKsrE4kLPquvEaBMMaGf1MdmiAR06Z9kxM4WzdUArWbJ06SFTmgmAxjLyDXPtkCEr/wK VmZU35qb/NBJZeQXqmatNTNxtSBebuXahIXU8++JrFgg0ZDXgpneO1BGuZeFMxJstg+v HduYW/QCOjBVnfE0nARlG04+U6Cc2pdERbeb7wSBjZARPlzdwRZn85oZHc5znBlfwo7F edtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=cztI7RozEp11BtUNyhDC5NDj3MhiTzRL4k1ZNxpA2JU=; b=6768iyhwJ8NulrZVTJLMa0t2SbzdYv3ZSF/ZH6wTXd4wNcmsGB82yWwBej3itzUnfZ FfLhv7lASrfTLWh7WZ6gXZl3gbewQcaS3+uXeRJGsRoFj6g5Hw30TtemoxuqeHxHKckZ LPSW5RllO9XT1DBziYWmYJNw+U7yxebcRDkIf8G7MDhrKvAWp1ajSu9Hb8e4WsjaAJAZ PCmDVm878Y5NNmiVY7eRlQSb/edoTHmwaCaK2ZMkoAVff2hhfCV8h9uhIrfa5bBvXsGF hvvfVqhEllCufiTLT1OfB2BxyTwbu2LS/cDGXVXS6toV/vl1GVN9LfK5oUaKQYZb+jnO rSIQ==
X-Gm-Message-State: AJIora8Mgoh5qgBUrJOBxgQn+kL+7XiTaW1N84VVmG+89hiVwpSxKY04 FzPNxzz5wxg0BocJnnERonyRE951PPaIMC9scJ0fOwZI
X-Google-Smtp-Source: AGRyM1uiQdIDdDVDTntS2qtm2sGTjcCLVb2/CsOiMw6pw4eKQpDvT2b0juMa2LYqFF10CPkwag68kUDctIbt7gfhb6w=
X-Received: by 2002:a05:6512:234b:b0:47f:62aa:5771 with SMTP id p11-20020a056512234b00b0047f62aa5771mr2254764lfu.405.1656513084732; Wed, 29 Jun 2022 07:31:24 -0700 (PDT)
MIME-Version: 1.0
References: <367D7BA3-4883-49C3-9C9A-B0ACF82AB144@akamai.com> <CAC8QAccDoV=29qoxJUQLbp2qD3XNBboURmwR4eju-FFyYQYJxw@mail.gmail.com> <4F4CB186-40E9-4CC6-9DA5-F63F157BD9F8@akamai.com>
In-Reply-To: <4F4CB186-40E9-4CC6-9DA5-F63F157BD9F8@akamai.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Wed, 29 Jun 2022 09:31:07 -0500
Message-ID: <CAC8QAcd2gPO8Kn83wgp_LmgHwxjEspM6h-dfgwDgi8aBVfCLpw@mail.gmail.com>
To: "Holland, Jake" <jholland@akamai.com>
Cc: "msec@ietf.org" <msec@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb389605e29701e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/msec/Vxn1uFpVz2lYGhX5_Bx5c1g6dl8>
Subject: Re: [MSEC] QUIC multicast
X-BeenThere: msec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multicast Security List <msec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/msec/>
List-Post: <mailto:msec@ietf.org>
List-Help: <mailto:msec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2022 14:31:30 -0000
On Tue, Jun 28, 2022 at 12:37 PM Holland, Jake <jholland@akamai.com> wrote: > Hi Behcet, > > > > I’d encourage you to read sections 1 and 4 of the draft, which try to > cover this in some detail. > > > > The summary answer is that there’s always a unicast connection as an > anchor, but the server can ask the client to additionally join multicast > channels that carry QUIC packets that can be decoded by the client using > information that was passed to the client over the unicast connection. > > > > Those packets have a channel id instead of a connection id, as well as > secrets that are generated and distributed differently than the unicast > secrets (with the in-depth examination of the security consequences of this > covered in our earlier draft-krose-multicast-security doc), but the > handling is otherwise very similar to handling for QUIC multipath packets. > > > It sounds like a lot of stretch to me, multipath is basically for mobility, here you don't have the same thing. Behcet > HTH. > > > > -Jake > > > > *From: *Behcet Sarikaya <sarikaya2012@gmail.com> > *Reply-To: *"sarikaya@ieee.org" <sarikaya@ieee.org> > *Date: *Tue,2022-06-28 at 8:53 AM > *To: *"Holland, Jake" <jholland@akamai.com> > *Cc: *"msec@ietf.org" <msec@ietf.org> > *Subject: *Re: [MSEC] QUIC multicast > > > > > > > > On Mon, Jun 27, 2022 at 10:48 AM Holland, Jake <jholland= > 40akamai.com@dmarc.ietf.org> wrote: > > Hi msec, > > One of the actionable pieces of feedback[1] from the secdispatch > presentation of draft-krose-multicast-security at IETF 112 was > that we needed a concrete protocol proposal in order to evaluate > the security considerations, so we went ahead and made a > concrete proposal for multicast QUIC: > https://datatracker.ietf.org/doc/draft-jholland-quic-multicast/ > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-jholland-quic-multicast/__;!!GjvTz_vk!WLI8K0REmBUeJXD8Ej_71_7ACc80QBBiN3l8uU2VEeWp44usc-fp8cEfrfiEemXLTEOJg5PyoY7i4lv2dGuCBA$> > https://github.com/GrumpyOldTroll/draft-jholland-quic-multicast > <https://urldefense.com/v3/__https:/github.com/GrumpyOldTroll/draft-jholland-quic-multicast__;!!GjvTz_vk!WLI8K0REmBUeJXD8Ej_71_7ACc80QBBiN3l8uU2VEeWp44usc-fp8cEfrfiEemXLTEOJg5PyoY7i4lsEw-3FOg$> > > We think this proposal meets the security goals given in > draft-krose-multicast-security (plus the one that Ekr raised that > we haven't added text for about web content needing to be associated > with a url), but if you can see any sense in which this draft falls > short or is unclear on how those security properties are achieved, > we'd love to get that feedback (and suggestions on fixing it if you > have any). > > I haven't sent this to quic yet, but will do so before long > unless anyone in msec can point out a critical flaw. I'm planning > to ask for a short slot in quic to present at 114. My main question > will be about what wg members would want to see addressed before > we ask for adoption (not planning to ask for adoption this time yet), > plus soliciting general feedback. > > > > Before sending to quic, will you please let me know how multicast will > work with a connection oriented transport protocol which Quic largely is? > > > > Behcet > > -Jake > > PS: several members of the W3C Multicast Community Group have > been working on an implementation and we'll have a table at the > hackathon, so if you'd like to be involved with that, please let > me know. > > [1] notes from the secdispatch feedback: > https://mailarchive.ietf.org/arch/msg/msec/FYx5GsAtAyI3pypPIlJ_s3vtiwc/ > <https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/msg/msec/FYx5GsAtAyI3pypPIlJ_s3vtiwc/__;!!GjvTz_vk!WLI8K0REmBUeJXD8Ej_71_7ACc80QBBiN3l8uU2VEeWp44usc-fp8cEfrfiEemXLTEOJg5PyoY7i4lsbbSpK7w$> > > > _______________________________________________ > MSEC mailing list > MSEC@ietf.org > https://www.ietf.org/mailman/listinfo/msec > <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/msec__;!!GjvTz_vk!WLI8K0REmBUeJXD8Ej_71_7ACc80QBBiN3l8uU2VEeWp44usc-fp8cEfrfiEemXLTEOJg5PyoY7i4luYDboKgw$> > >
- Re: [MSEC] QUIC multicast ATUL SHARMA
- [MSEC] QUIC multicast Holland, Jake
- Re: [MSEC] QUIC multicast Holland, Jake
- Re: [MSEC] QUIC multicast ATUL SHARMA
- Re: [MSEC] QUIC multicast Behcet Sarikaya
- Re: [MSEC] QUIC multicast Holland, Jake
- Re: [MSEC] QUIC multicast Behcet Sarikaya
- Re: [MSEC] QUIC multicast Holland, Jake