Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)
Nick Harper <notifications@github.com> Fri, 11 October 2019 21:13 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707F21200A3 for <quic-issues@ietfa.amsl.com>; Fri, 11 Oct 2019 14:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Level:
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OvvlUhUV1Kl for <quic-issues@ietfa.amsl.com>; Fri, 11 Oct 2019 14:13:25 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1AB2120089 for <quic-issues@ietf.org>; Fri, 11 Oct 2019 14:13:25 -0700 (PDT)
Received: from github-lowworker-28f8021.ac4-iad.github.net (github-lowworker-28f8021.ac4-iad.github.net [10.52.25.98]) by smtp.github.com (Postfix) with ESMTP id D435A52098E for <quic-issues@ietf.org>; Fri, 11 Oct 2019 14:13:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1570828404; bh=r/RffRcj5Ix/hkCAWto6YGXIsWy/VclqpoOWaVHefVM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=I6c/bbNyzIfzPp0sisFOzJDjWThLiNlcKq07/SdrQZYS+pU/4mFI6KWgIxoIqmPsa cTK6o2meHNFoqm5gFu/K4e/MdrEiSqIAhdk8dDYIL+QygKkEYWFLHDiFvtcGx8XCkN w+tJC6zPmfV7YcImCPc0FQVY+vn9gt+YQOe14MNI=
Date: Fri, 11 Oct 2019 14:13:24 -0700
From: Nick Harper <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK26LOYOLDGH2R3J5XN3VYYQJEVBNHHB4IOF7M@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3086/541226138@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3086@github.com>
References: <quicwg/base-drafts/issues/3086@github.com>
Subject: Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da0f074bbb76_23e83fb67d0cd960672dc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nharper
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/9-lL8cgK9EgG4PvkipM4Umk9MzY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 21:13:28 -0000
Regarding the confidentiality of this mechanism: I am assuming (perhaps incorrectly) that the contents advertised in the client's application parameters are no more confidential than transport parameters. In H3, both the transport parameters and SETTINGS are effectively constant per implementation - any identifying bit leaked by the H3 SETTINGS is also leaked by the transport parameters. My assumption is that other future applications using this mechanism will be similar in the amount of (non) leakage, but that can be analyzed on a per-application basis. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3086#issuecomment-541226138
- [quicwg/base-drafts] Add application parameters t… Nick Harper
- Re: [quicwg/base-drafts] Add application paramete… ianswett
- Re: [quicwg/base-drafts] Add application paramete… Martin Thomson
- Re: [quicwg/base-drafts] Add application paramete… MikkelFJ
- Re: [quicwg/base-drafts] Add application paramete… Mike Bishop
- Re: [quicwg/base-drafts] Add application paramete… Nick Harper
- Re: [quicwg/base-drafts] Add application paramete… Nick Harper
- Re: [quicwg/base-drafts] Add application paramete… hardie
- Re: [quicwg/base-drafts] Add application paramete… Nick Harper
- Re: [quicwg/base-drafts] Add application paramete… Mike Bishop
- Re: [quicwg/base-drafts] Add application paramete… Mike Bishop