Re: [quicwg/base-drafts] Spin per peer (#1982)

Christian Huitema <notifications@github.com> Fri, 09 November 2018 02:25 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B576E128D0C for <quic-issues@ietfa.amsl.com>; Thu, 8 Nov 2018 18:25:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQTkFjJrdPVe for <quic-issues@ietfa.amsl.com>; Thu, 8 Nov 2018 18:25:15 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51FB3124D68 for <quic-issues@ietf.org>; Thu, 8 Nov 2018 18:25:15 -0800 (PST)
Date: Thu, 08 Nov 2018 18:25:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1541730314; bh=Yc1PtJtkLMjfc5W8zWaKmAWP8mAqzsAsvh4oumZxc6M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=orIGdZdJDTvqPXtPKhQHRE45oV6/HQLCDvt2fJiPhzmi42zu+7wGNy+M4VJFEk1YU F5PpICeKEJnZmOteqOkdtyWXqmu+a8d4NlRnRFbkKfUOKWhEKD3quvqexfSx9eEOpH xrkj7znpu4nJzv+pOCKEhsDbmIc6JDx5KbeInl9g=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9b0c81f1d0a9ca94edc617683ef8b8e5fd24d7f892cf0000000117fcb20a92a169ce169265bd@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1982/review/173254158@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1982@github.com>
References: <quicwg/base-drafts/pull/1982@github.com>
Subject: Re: [quicwg/base-drafts] Spin per peer (#1982)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5be4f00a87505_27963fe6f40d45c4110069"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/1DO3dXulxtjZFbvFEMXivRwGH74>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 02:25:17 -0000

huitema commented on this pull request.



>  
-When the spin bit is disabled, endpoints SHOULD set the spin bit value to zero,
+The selection process SHOULD be designed such that
+on average the spin bit is disabled for at least 1/8th of the connections, or
+1/8th of the paths when doing migrations. The random choice SHOULD be dependent
+on the address of the peer, so that the spin bit is consistently enables or
+disabled for repeated connections to the same address.
+

The goal here is to provide an anonymity set for client/servers when the RTT would reveal the presence of a VPN or proxy. These clients and servers will disable the spin bit when talking to each other. The adversary will observe that the spin bit is never set for the corresponding 5 tuple. My goal is to specify a masking behavior in which "non hiding" clients also never set the spin bit for a few 5-tuples.

In the case of multiplexed use of a 5 tuple, I actually like the global on-off switch. It matches the style of anonymity set that we want.

And, yes, I should add the source address in the mix. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1982#discussion_r232126306