[Ohai] DoubleCheck and CONNECT-UDP
Ben Schwartz <bemasc@google.com> Wed, 27 July 2022 02:57 UTC
Return-Path: <bemasc@google.com>
X-Original-To: ohai@ietfa.amsl.com
Delivered-To: ohai@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55B7DC13C528 for <ohai@ietfa.amsl.com>; Tue, 26 Jul 2022 19:57:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.61
X-Spam-Level:
X-Spam-Status: No, score=-17.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S_busdctzYQu for <ohai@ietfa.amsl.com>; Tue, 26 Jul 2022 19:57:46 -0700 (PDT)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A97D7C13C519 for <ohai@ietf.org>; Tue, 26 Jul 2022 19:57:46 -0700 (PDT)
Received: by mail-vs1-xe29.google.com with SMTP id k129so15428683vsk.2 for <ohai@ietf.org>; Tue, 26 Jul 2022 19:57:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=5qhsf0geZoSYGI34jtvNgSmKNbOo0WjKDU/OufZPfRQ=; b=q55z4irfd8dmzluSLwb7wiOpLboMLTZMAD5TBBfTHH5fa2e/csAzpefhy2Dt+XEaaf gax55jCnSlZEC23CN35Efp1dfmTpYI8sKI2MyMkcgFGk/kkUoXMVRxwAWh3DnnT/LZdn 9J2+oeHjemuFJLnPc3q0O9EClue9dTYDwTt0iVsEc60QfQIcX+1KMewoBBfA0MnGulWY nlagjm8M53VmVdmtIqOfjllatGH1SIT54O5K/bKCswqUqs6rjKh2GJa6syqdqGeRpQIC kaMJKy+Gq3NzptekIkgW87VbzF0G0jTRrABjGNlxhl1mCRcWvLF9jIaGqm9eoMXRSadn 52Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5qhsf0geZoSYGI34jtvNgSmKNbOo0WjKDU/OufZPfRQ=; b=3wywAUTv2E0shN2LFFHgmrM5qj7Yud5sD/fCnH8sgdYBRQ/XRGOiJ6fYOdp7r1OadE Cri4HjSBHz9yyEDi6njIaFgDWQ8lcp2UnzFvfDOJN2larrx3pBOUjDPrQsyqY+Dxetf8 mkgNRoTVoa2gM/AdX+Zk++WZeEKcq/VoPj7vBgcwDaU5D4RBr5Z+gV0NWn3KvyQI6a+d bDoiMu4axUsvU2a2/PsjrR2mTQKuEsOBHVD6paOQrZHTtbgbEtWgcDyJl3BgxH82XPZk aRkVVvzqcS/llqsgm82GcCeP0sDT528vgHbFXiXBNb+RPE8KIiovUeQ2+Xm2bUZkCC0l utcw==
X-Gm-Message-State: AJIora+pY74JES8kBEgZQncwox+wHL6+BGH6fbNXeCNvkphRfhQVtI57 EmHMUNtvQIJcU3RN6T2J3vnIR5OFZRSv8+jFkNbpK/oMvNCPDg==
X-Google-Smtp-Source: AGRyM1uXiwfe4oKmAS8iIBI3jZJRpJDDnw0wQaOYRyZnNbC+nKJyHK4axZcGQsfzyDqAWC/ywBuvjBWvWJQWY/XIkhw=
X-Received: by 2002:a67:f3ce:0:b0:357:2eba:6ace with SMTP id j14-20020a67f3ce000000b003572eba6acemr368571vsn.84.1658890665150; Tue, 26 Jul 2022 19:57:45 -0700 (PDT)
MIME-Version: 1.0
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 26 Jul 2022 22:57:33 -0400
Message-ID: <CAHbrMsATSEU0iqybh6vqH-Mv0egJiEhpxA8vEmJNehdE0i3adQ@mail.gmail.com>
To: ohai@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000d72f1f05e4c09485"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohai/pln5uzyfJKkUhPIcbta7KJ-DYu0>
Subject: [Ohai] DoubleCheck and CONNECT-UDP
X-BeenThere: ohai@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Oblivious HTTP Application Intermediation <ohai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohai>, <mailto:ohai-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohai/>
List-Post: <mailto:ohai@ietf.org>
List-Help: <mailto:ohai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohai>, <mailto:ohai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 02:57:48 -0000
During my presentation today, I suggested that the DoubleCheck procedure might not need CONNECT-UDP if it's acceptable for the Service Description Host (SDH), which is presumed to be affiliated with the gateway, to learn the pool of client IPs. On second thought, I believe the CONNECT-UDP tunnel is indeed necessary. Without the CONNECT-UDP tunnel, clients would authenticate the KeyConfig by fetching it directly from the SDH. In this arrangement, it is often possible for the gateway to identify the precise client IP that issued a particular OHTTP request, due to timing correlation. If the rate of queries to this gateway (through this relay) is relatively low (<1 QPS), correlation is trivial. The gateway can constantly rotate its KeyConfig, forcing clients to reauthenticate it before each OHTTP request. At higher query rates, other tricks are possible, such as rotating the KeyConfig and then slow-walking the authentication responses. By sending authentication responses to each client "one at a time", the SDH and Gateway can observe the OHTTP request that follows each authentication response. In other words, OHTTP requests are linkable (via timing) to the corresponding KeyConfig authentication requests, so these authentication requests must not be linkable to anything else. This means authentication requests from all clients on the relay must be indistinguishable, so they must all go through a single proxy. Martin Thomson also mentioned the question of "CONNECT" vs. "CONNECT-UDP". The key point here is that we are building a standard for interoperability between Service Description Hosts and Relays (acting as transport proxies), and they need to agree on what transport to use. Thus, our options are: 1. Require Relays to implement CONNECT, and require Service Description Hosts to implement HTTP/1.1 or HTTP/2. 2. Require Relays to implement CONNECT-UDP, and require Service Description Hosts to implement HTTP/3. 3. Require Relays to implement CONNECT and CONNECT-UDP, and let Service Description Hosts do whatever they want. All of these options are acceptable to me, but note that whatever choice we make is essentially permanent. If we choose Option 1, Service Description Hosts will have to support TCP forever, for compatibility with existing Relays. If we choose Option 2, the entire system can be implemented without using TCP at all. I think the right answer depends on whether you believe HTTP/3 is "the future of HTTP". --Ben Schwarz
- [Ohai] DoubleCheck and CONNECT-UDP Ben Schwartz
- Re: [Ohai] DoubleCheck and CONNECT-UDP Tommy Pauly
- Re: [Ohai] DoubleCheck and CONNECT-UDP Ben Schwartz
- Re: [Ohai] DoubleCheck and CONNECT-UDP Matthew Finkel
- Re: [Ohai] DoubleCheck and CONNECT-UDP Tommy Pauly
- Re: [Ohai] DoubleCheck and CONNECT-UDP Ben Schwartz
- Re: [Ohai] DoubleCheck and CONNECT-UDP Ben Schwartz
- Re: [Ohai] DoubleCheck and CONNECT-UDP Tommy Pauly
- Re: [Ohai] DoubleCheck and CONNECT-UDP Matthew Finkel
- Re: [Ohai] DoubleCheck and CONNECT-UDP Christopher Wood
- Re: [Ohai] DoubleCheck and CONNECT-UDP Eric Orth
- Re: [Ohai] DoubleCheck and CONNECT-UDP Christopher Wood
- Re: [Ohai] DoubleCheck and CONNECT-UDP Ben Schwartz
- Re: [Ohai] DoubleCheck and CONNECT-UDP Christopher Wood