IETF Logo Mail Archive

Re: [Ohai] DoubleCheck and CONNECT-UDP

Tommy Pauly <tpauly@apple.com> Wed, 27 July 2022 21:43 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ohai@ietfa.amsl.com
Delivered-To: ohai@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BD6C13CCED; Wed, 27 Jul 2022 14:43:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3iQz6fopgWf; Wed, 27 Jul 2022 14:43:22 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7436EC13CCDF; Wed, 27 Jul 2022 14:43:22 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 26RLcq7Q065490; Wed, 27 Jul 2022 14:43:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=mZoTyYi+/0Wc+IpheI+eAtSGHx5CxqcFlVE8Eur1LWU=; b=j6lMVSwyN9DFndCpPwHMNooFzSChrKjyOy2RN1SA3EYGSDZ50MsZGrqvscOyKCKoBZgc TjwEGl9XxLEWuIxuMzqJ9FKYd5oRWkx0Nk4sFqbDdGoheirv2i3rXJOjpnIHAR5MNhB0 hPbTNwoA0PCUtkiyBpZAXo/NpaN5RR27RLCT5GQuzonqX/C1e8OAlXH3yAosH1rdM1jr Oqf1JtzEQml3ZoGXQoItZRy9KGMkAvZdT2yNEpDXNmPZ+FxJT07CADs9jpw7qHN4zYvJ ks8jSKFnSa3jWE17D33wMQsiLHmZAy6sdiOXVDss/h7jLOvIkD6bePn9aysTCoVyVTIU EA==
Received: from ma-mailsvcp-mta-lapp04.corp.apple.com (ma-mailsvcp-mta-lapp04.corp.apple.com [10.226.18.136]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 3hgfn4d7rd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 27 Jul 2022 14:43:21 -0700
Received: from ma-mailsvcp-mmp-lapp01.apple.com (ma-mailsvcp-mmp-lapp01.apple.com [17.32.222.14]) by ma-mailsvcp-mta-lapp04.corp.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPS id <0RFP00ILD8C9XA20@ma-mailsvcp-mta-lapp04.corp.apple.com>; Wed, 27 Jul 2022 14:43:21 -0700 (PDT)
Received: from process_milters-daemon.ma-mailsvcp-mmp-lapp01.apple.com by ma-mailsvcp-mmp-lapp01.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) id <0RFP00D0085VPX00@ma-mailsvcp-mmp-lapp01.apple.com>; Wed, 27 Jul 2022 14:43:21 -0700 (PDT)
X-Va-A:
X-Va-T-CD: e72da815dcb01dab2f988f94f1719970
X-Va-E-CD: 67a9621271b995c6f47e644e5f38935a
X-Va-R-CD: f47d7838e67971c473aab2975c0904fb
X-Va-CD: 0
X-Va-ID: ffd52e08-0f27-47d2-9142-cbca71985679
X-V-A:
X-V-T-CD: e72da815dcb01dab2f988f94f1719970
X-V-E-CD: 67a9621271b995c6f47e644e5f38935a
X-V-R-CD: f47d7838e67971c473aab2975c0904fb
X-V-CD: 0
X-V-ID: 3be58012-f51d-472d-bd45-86af71f8d56a
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517, 18.0.883 definitions=2022-07-27_08:2022-07-27, 2022-07-27 signatures=0
Received: from smtpclient.apple (unknown [17.234.249.86]) by ma-mailsvcp-mmp-lapp01.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPSA id <0RFP003HT8C89B00@ma-mailsvcp-mmp-lapp01.apple.com>; Wed, 27 Jul 2022 14:43:21 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <6887563B-7F36-42AA-8FE0-97C5C96687B9@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_65083F1D-2B7F-4752-ACA3-137B80957DF0"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3729.0.22.1.1\))
Date: Wed, 27 Jul 2022 17:43:09 -0400
In-reply-to: <CAHbrMsDVDWHsq4FZz5i+VesJ+1xRO1=uCHQt63N3bGUedt6aNA@mail.gmail.com>
Cc: ohai@ietf.org
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
References: <CAHbrMsATSEU0iqybh6vqH-Mv0egJiEhpxA8vEmJNehdE0i3adQ@mail.gmail.com> <D4A56610-9E62-4F5F-BD89-47C78E47EC34@apple.com> <CAHbrMsDVDWHsq4FZz5i+VesJ+1xRO1=uCHQt63N3bGUedt6aNA@mail.gmail.com>
X-Mailer: Apple Mail (2.3729.0.22.1.1)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517, 18.0.883 definitions=2022-07-27_08:2022-07-27, 2022-07-27 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohai/4OeXIiZDpLUdCp7SqjseRsijHQM>
Subject: Re: [Ohai] DoubleCheck and CONNECT-UDP
X-BeenThere: ohai@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Oblivious HTTP Application Intermediation <ohai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohai>, <mailto:ohai-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohai/>
List-Post: <mailto:ohai@ietf.org>
List-Help: <mailto:ohai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohai>, <mailto:ohai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 21:43:25 -0000


> On Jul 27, 2022, at 3:07 PM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:
> 
> 
> 
> On Wed, Jul 27, 2022 at 2:25 PM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:40apple.com@dmarc.ietf.org>> wrote:
>> Trying to lock people into using CONNECT-UDP to an HTTP/3 server in order for key consistency to work seems to be a “not good” state to end in. Maybe better than locking in CONNECT, but locking in any particular protocol or version seems quite limiting.
> 
> As a formal matter, I think this is essentially unavoidable in any situation where proxies are in use.  For example, in OHAI, the Relay and Gateway must both support a common HTTP version.  In practice, this likely means that (general-purpose, open) Relays and Gateways will have to support HTTP/1.1 as a de facto baseline.

There needs to be at least one HTTP version that the relay can use to speak to the gateway, yes. However, I certainly don’t see any reason why these would need to use HTTP/1.1. Relays can be picky about what gateways they allow — and I’d certainly advocate that any sensible implementation SHOULD NOT allow talking to any gateway that doesn’t at least support HTTP/2.

> 
>> I don’t think that it follows that if we don’t have CONNECT-UDP, the clients would directly fetch the key config from your proposed SDH resource.
>> 
>> To perform double checking, I think it just matters that we have one check that uses a TLS-authenticated connection to the authority for the key config, and one other check that uses a cached version on a TLS-authenticated connection to another entity that is not the authority for the key config; AND that these checks are done in such a way that the TLS-authenticated connection to the config authority does not get to track or identify the user.
> 
> I think that's an accurate description of the requirements, but I don't think documenting the requirements is sufficient.  If we don't standardize the proxy/relay protocols and their configuration, that essentially leaves the users locked into a single relay service implementation.  I don't believe that users should have to use the relay service operated by, say, their handset manufacturer or browser vendor.

I agree that users don’t need to be limited to the relay service provided by a specific manufacturer. But they do need to use protocols that their client implementation is willing to support.

If the requirement is that a client needs to access the resource that is authoritative for the OHTTP key configuration, it should be free to access that using any secure proxy protocol over which it can run a TLS connection to the key configuration resource, and it can use normal ALPN selection to know which HTTP version to use to the key configuration resource.

> 
>> What method you use to proxy a connection is entirely up to the client’s favorite proxying method, I think. Let’s not try to drag specific transports into this.
> 
> We can let the market decide the HTTP version, but I do think we should specify how the transport proxy is configured.  Otherwise it becomes very difficult for there to be multiple interoperable implementations of the relay service.

For the reasons above, I strongly disagree. We have ALPN and other ways to know what version is supported. There’s a reason we use HTTP and TLS here — we can run secure HTTP connections and let the version evolve.

Tommy

> 
>> Thanks,
>> Tommy
>> 
>> > On Jul 26, 2022, at 10:57 PM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
>> > 
>> > During my presentation today, I suggested that the DoubleCheck procedure might not need CONNECT-UDP if it's acceptable for the Service Description Host (SDH), which is presumed to be affiliated with the gateway, to learn the pool of client IPs.  On second thought, I believe the CONNECT-UDP tunnel is indeed necessary.
>> > 
>> > Without the CONNECT-UDP tunnel, clients would authenticate the KeyConfig by fetching it directly from the SDH.   In this arrangement, it is often possible for the gateway to identify the precise client IP that issued a particular OHTTP request, due to timing correlation.  If the rate of queries to this gateway (through this relay) is relatively low (<1 QPS), correlation is trivial.  The gateway can constantly rotate its KeyConfig, forcing clients to reauthenticate it before each OHTTP request.
>> > 
>> > At higher query rates, other tricks are possible, such as rotating the KeyConfig and then slow-walking the authentication responses.  By sending authentication responses to each client "one at a time", the SDH and Gateway can observe the OHTTP request that follows each authentication response.
>> > 
>> > In other words, OHTTP requests are linkable (via timing) to the corresponding KeyConfig authentication requests, so these authentication requests must not be linkable to anything else.  This means authentication requests from all clients on the relay must be indistinguishable, so they must all go through a single proxy.
>> > 
>> > Martin Thomson also mentioned the question of "CONNECT" vs. "CONNECT-UDP".  The key point here is that we are building a standard for interoperability between Service Description Hosts and Relays (acting as transport proxies), and they need to agree on what transport to use.  Thus, our options are:
>> > 
>> > 1. Require Relays to implement CONNECT, and require Service Description Hosts to implement HTTP/1.1 or HTTP/2.
>> > 2. Require Relays to implement CONNECT-UDP, and require Service Description Hosts to implement HTTP/3.
>> > 3. Require Relays to implement CONNECT and CONNECT-UDP, and let Service Description Hosts do whatever they want.
>> > 
>> > All of these options are acceptable to me, but note that whatever choice we make is essentially permanent.  If we choose Option 1, Service Description Hosts will have to support TCP forever, for compatibility with existing Relays.  If we choose Option 2, the entire system can be implemented without using TCP at all.  I think the right answer depends on whether you believe HTTP/3 is "the future of HTTP".
>> > 
>> > --Ben Schwarz
>> > -- 
>> > Ohai mailing list
>> > Ohai@ietf.org <mailto:Ohai@ietf.org>
>> > https://www.ietf.org/mailman/listinfo/ohai
>>

v2.23.0 | Report a Bug | By Email