IETF Logo Mail Archive

Re: [quicwg/base-drafts] First byte changes (#2006)

Alexandre Ferrieux <notifications@github.com> Mon, 19 November 2018 23:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B52B3130DEE for <quic-issues@ietfa.amsl.com>; Mon, 19 Nov 2018 15:19:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NJp0jbLlRONl for <quic-issues@ietfa.amsl.com>; Mon, 19 Nov 2018 15:19:31 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 382F7127598 for <quic-issues@ietf.org>; Mon, 19 Nov 2018 15:19:31 -0800 (PST)
Date: Mon, 19 Nov 2018 15:19:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542669570; bh=xoLRAD0xFuqj6mt5/93vmGmQqj9Zc070DntZWDeB/6o=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=YawDOfC1mTTiBVYA2aa5lHG57eGzoDJH9x1LTPy+KuyNY3PFuamafTh4aRv+FeHgR GOP/IYWx9rFqaM39CzuOsuM50GlTANybXBBQmcwdlm1LY8nB5r1SlSneP988w2Y7rJ /qHL0Z5IPMtmWDq7fR5TS05sdlLAvYGXqMZemvfc=
From: Alexandre Ferrieux <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab3d598845b2209cf668af2bbdb0d2b3b6c8315e7d92cf00000001180b070292a169ce16b57ba1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2006/review/176543026@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2006@github.com>
References: <quicwg/base-drafts/pull/2006@github.com>
Subject: Re: [quicwg/base-drafts] First byte changes (#2006)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf345023afef_701c3fd78cad45b4913fd"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ferrieux
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/X7H6ha6JE6NxGG5lPY9FN1wPyIY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 23:19:34 -0000

ferrieux commented on this pull request.



>  
-: The fourth bit (0x10) of byte 0 is set to 1.
+: The next two bits (those with a mask of 0x18) of byte 0 are reserved.  These
+  bits are protected using header protection (see Section 5.4 of
+  {{QUIC-TLS}}).  The value included prior to protection MUST be set to 0.  An

@kazuho 
> That means that endpoints (that do not have a way to "use" the bits) will be required to set them randomly. The issue here is that you need to randomize the bits separately, rather than just relying on header protection to randomize the bits. It is an unnecessary complexity.

A PRNG is already needed for the spin bit's anonimity set, and for its fixed per-conneciton value when not spinning. A tiny increment, then, compared to the weight of version deployment for anybody willing to experiment with these "reserved" (should be called "frozen") bits.

> > An endpoint can already disclose any and all info to anyone without peer's consent, and these bits are by far not the most convenient mechanism for such disclosures.
> 
> If that is the case, why do we need to care about the bits? If the endpoints have an easier way to expose the information, can't they just be randomized using header protection?

What Igor means, I think, is that the protection against unilateral disclosure of *anything* is negligible (for one, the endpoint could send unencrypted copies of the entire flow somewhere else). While using the reserved bits (which were designed for exactly this) is clearly the most efficient way for on-path signalling (no overhead ; same-tuple ; sync with flow).


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2006#discussion_r234818900

v2.39.1 | Report a Bug | By Email | System Status