IETF Logo Mail Archive

Re: [quicwg/base-drafts] Connection migration should be indistinguishable from a new connection (#203)

Kazuho Oku <notifications@github.com> Mon, 05 February 2018 12:59 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C87A812D7E6 for <quic-issues@ietfa.amsl.com>; Mon, 5 Feb 2018 04:59:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsHPSo_ji0bf for <quic-issues@ietfa.amsl.com>; Mon, 5 Feb 2018 04:59:24 -0800 (PST)
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2-ext4.iad.github.net [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2192B12D77E for <quic-issues@ietf.org>; Mon, 5 Feb 2018 04:59:24 -0800 (PST)
Date: Mon, 05 Feb 2018 04:59:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1517835563; bh=/DBxs20+59URbtWPcyfDpTs7MNSfWGohEWMh/pAZYOw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=fI24Z7uIpsi8Bck1iNZ7eVz6SoRwnW5Vp0EGOjtvO5AVNtZgyIFwW/RmJvh5tHb6f DijpkMn7k659Gcgqka/FyZzfhhqG5plpAk3phRwkt0cJYUbKAmvpVy/7ad+HpL2X5t hJ5/6NOOgiKnPkLIEMV8eZF/uj3ZfniAsN0OWCdo=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abf26abd7ed3aad6ac18a42302c5cede4dc104595292cf000000011690172b92a169ce0c118d76@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/203/363077556@github.com>
In-Reply-To: <quicwg/base-drafts/issues/203@github.com>
References: <quicwg/base-drafts/issues/203@github.com>
Subject: Re: [quicwg/base-drafts] Connection migration should be indistinguishable from a new connection (#203)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a78552b4e373_29432ab1259f2ecc341ed"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/W4HVj_kDlY5rCq8Jh-3rywCeQ_c>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2018 12:59:26 -0000

@mikkelfj
> Scrambling could be done by extending packet number encryption to cover the entire header.

Yes. IMO that is also a good approach.

Anyways, I think that this might be a good opportunity to consider what properties we want to expose to on-path observers when starting to use a new path (i.e. 5 tuple).

With variants, packet number encryption and spin-bits, etc., it seems to me that we are starting to explicitly determine what should be observable, at the same time trying to scramble all other properties in order to avoid possible ossification. The same approach can be applied to how we use a path.

One option is to expose nothing. If that is the case, pre-1RTT and 1RTT packets should not be easily distinguishable. There could be various approaches in accomplishing that, as @mikkelfj and I have pointed out.

Another option is to have a signal that notifies the start of using a new path. In such case, we should expose 1 bit that can be used to distinguish start-of-use vs. in-use. I am not sure if we need (or want to) expose the internals of the handshake (i.e. INITIAL, HANDSHAKE, RETRY).

My tendency goes to exposing nothing. The primary reason is that switching to a new path can happen due to NAT rebinding. In such case, it is impossible for a client to mark the first packet that is sent using a new path differently from other packets.

Therefore, I believe that we should merge long packet header and short packet header so that pre-1RTT packets would not be easily distinguishable from 1-RTT packets, _if_ ossification is a concern.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/203#issuecomment-363077556

v2.37.1 | Report a Bug | By Email | System Status