[quicwg/base-drafts] Packet number transform should be negotiated (#1296)
Praveen Balasubramanian <notifications@github.com> Tue, 17 April 2018 19:08 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A41A8127909 for <quic-issues@ietfa.amsl.com>; Tue, 17 Apr 2018 12:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOE-EH2XK3ip for <quic-issues@ietfa.amsl.com>; Tue, 17 Apr 2018 12:08:28 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 299BE12420B for <quic-issues@ietf.org>; Tue, 17 Apr 2018 12:08:28 -0700 (PDT)
Date: Tue, 17 Apr 2018 12:08:27 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1523992107; bh=8WztHP9Wy9qomw+RBLQj5rO9Msv4ZSelIdysvVY3qbY=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=SldKIagt1t7s/QsHzqI1J5LkJILq62AVDOzsytjcEOgZdLrG0Xie5LKAymbVFB9C6 Dk0gRHX3VBGaT6MStW5y6/kPPwFCyA4Mmgn8uS74SnFgcu2rqCWo0ILQ8PM+ki9ks1 Ohz4i2z/ltAIoVQG6LvpCs3ZwUcKtgbt7fvCBlTg=
From: Praveen Balasubramanian <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abcd95f69c666c8111ee8407795111b5de2082dc8192cf0000000116ee082b92a169ce12c973b1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1296@github.com>
Subject: [quicwg/base-drafts] Packet number transform should be negotiated (#1296)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ad6462b34b3c_5f8c2ac85252af54160824"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: pravb
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Msz7wnYO2SpkqQ-2wMD522FvX9U>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 19:08:30 -0000
Packet number encryption has been proposed as a method to prevent ossification as well as improve privacy of connection migration. However there is a performance cost of doing the transform. There are deployments where ossification is not a concern (intra-DC, private network) and there are connections which are single path where privacy is not a concern, only ossification is. Hence packet number transform needs to be a negotiation with the caveat that the negotiated transform must meet the requirements for the deployment scenario otherwise the connection should be failed. Packet number transform can be negotiated using transport parameters. Following PN transforms should be supported: 1. Packet number encryption (PNE) Connections expecting to use multiple paths due to gratuitous/voluntary migration MUST negotiate and use PNE transform. See issue 1271 where options are being discussed on how migration could be negotiated. If a client or server fails to negotiate PNE and negotiates connection migration, fail the connection. 2. Low CPU cost ossification prevention transform (like shuffle) For connections on the Internet on single path require them to negotiate this transform. If client or server fails to negotiate this transform on the Internet, fail the connection. 3. No-op (current draft) For intra-datacenter or single domain private network scenarios allow usage of the no-op transform. This is for constrained deployments so clients should not negotiate this transform by default. Servers are free to negotiate PNE all the time. This allows server deployments which have no performance concerns to always use PNE. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1296
- Re: [quicwg/base-drafts] Packet number transform … Praveen Balasubramanian
- Re: [quicwg/base-drafts] Packet number transform … janaiyengar
- Re: [quicwg/base-drafts] Packet number transform … borisPis
- [quicwg/base-drafts] Packet number transform shou… Praveen Balasubramanian
- Re: [quicwg/base-drafts] Packet number transform … Praveen Balasubramanian
- Re: [quicwg/base-drafts] Packet number transform … janaiyengar
- Re: [quicwg/base-drafts] Packet number transform … MikkelFJ
- Re: [quicwg/base-drafts] Packet number transform … Martin Thomson
- Re: [quicwg/base-drafts] Packet number transform … bobdug
- Re: [quicwg/base-drafts] Packet number transform … Praveen Balasubramanian
- Re: [quicwg/base-drafts] Packet number transform … Mike Bishop
- Re: [quicwg/base-drafts] Packet number transform … ianswett