IETF Logo Mail Archive

Re: [quicwg/base-drafts] First byte changes (#2006)

Kazuho Oku <notifications@github.com> Tue, 20 November 2018 00:21 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40224127598 for <quic-issues@ietfa.amsl.com>; Mon, 19 Nov 2018 16:21:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c4QFjL4C8zcD for <quic-issues@ietfa.amsl.com>; Mon, 19 Nov 2018 16:21:19 -0800 (PST)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D885124C04 for <quic-issues@ietf.org>; Mon, 19 Nov 2018 16:21:19 -0800 (PST)
Date: Mon, 19 Nov 2018 16:21:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542673277; bh=ttHKtKSLHrib2+KZNy5WROBF9Y5s48Q1r/2ApSt5tIU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=C0vaDflNsBY5m4q0LvWx+PJsX2UP61paO1pWbN3HXASFpNGM8jiob6etOFuC457FW z9ZORNHXPgOk+Tqa1ZCi+kd19NnC765qvcyDad7yep+wvZPbSi/UxXCrqMSHK0Mfk5 dhQvv0uGZvnrnhx9lkEcoOu20Km91+xYdohxge1g=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab22a3435f9c894e09bfc6775a79ed70dc18b3bf0e92cf00000001180b157d92a169ce16b57ba1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2006/review/176557212@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2006@github.com>
References: <quicwg/base-drafts/pull/2006@github.com>
Subject: Re: [quicwg/base-drafts] First byte changes (#2006)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf3537db0080_3d213fd0346d45b811428e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/R_h1_FQhsPT27kGbkW75GOSmCTQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 00:21:21 -0000

kazuho commented on this pull request.



>  
-: The fourth bit (0x10) of byte 0 is set to 1.
+: The next two bits (those with a mask of 0x18) of byte 0 are reserved.  These
+  bits are protected using header protection (see Section 5.4 of
+  {{QUIC-TLS}}).  The value included prior to protection MUST be set to 0.  An

@ferrieux
> A PRNG is already needed for the spin bit's anonimity set, and for its fixed per-conneciton value when not spinning. A tiny increment, then, compared to the weight of version deployment for anybody willing to experiment with these "reserved" (should be called "frozen") bits.

Runtime overhead is the issue here; I do not think requiring endpoints to call CSPRNG for every packet they send is a good idea (note: use of non-cryptographically secure RNG is a way to leak PN). Re providing the freedom to "experiment", please see my comment below.

> While using the reserved bits (which were designed for exactly this) is clearly the most efficient way for on-path signalling (no overhead ; same-tuple ; sync with flow).

While I do not think reserved bits are "designed" for on-path signaling, I agree that it is a convenient way for exposing signals.

The trade-off here is if we want to pay the extra cost of calling CSPRNG for every packet we send, to provide the endpoints to use the bits exposing information to on-path devices without peers' consent.

@igorlord
> However, an endpoint that is not trying to leak information and is just tagging packets for VEC or Loss detection or other operational purpose would find these bits a lot more convenient. That said, I understand the concern about some inadvertent disclosure by a poorly designed experiment (if this is the concern).

Yes. That is exactly the concern. Remember that we were uncertain about the privacy concerns of the spin bit for very long time (IIRC the risk of exposing the latency of the hidden path behind a VPN was brought up pretty recently).

I think that we should allow endpoints to use the bits for exposing information only when  extensive privacy analysis has been done and the WG is convinced. Protecting the bits under header protection is the easiest way to guarantee that.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2006#discussion_r234830722

v2.37.1 | Report a Bug | By Email | System Status