IETF Logo Mail Archive

Re: [quicwg/base-drafts] Connection ID Length changes (#2473)

David Schinazi <notifications@github.com> Thu, 21 February 2019 19:47 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE13D130E6F for <quic-issues@ietfa.amsl.com>; Thu, 21 Feb 2019 11:47:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.002
X-Spam-Level:
X-Spam-Status: No, score=-8.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vTDCrwJrOkD for <quic-issues@ietfa.amsl.com>; Thu, 21 Feb 2019 11:47:47 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2446130E6D for <quic-issues@ietf.org>; Thu, 21 Feb 2019 11:47:46 -0800 (PST)
Date: Thu, 21 Feb 2019 11:47:45 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1550778465; bh=GuSgDRSYqvNuKkaBlzU2az3tyikpPI+aZcZButh/CPU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Zl5eccPxLGozfq2WmsYceHLLo2wqSbi9jPP294UYBuMOufi9s8jw0Bc7yKQnElwlJ tMFNUAZ1hDCtdLtiqai9Z7Nsac73iGOq+uHhUFmI9mp3pqAHlTZkvLenizZTDeW+qL eGu9qgFV8E10Brq/CNEwSWMCr9vqsCjQdXBcITt4=
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab57b4ca6a72d0ed623250abdd9754b796226f8f0f92cf000000011886c26192a169ce187d68e1@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2473/466140260@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2473@github.com>
References: <quicwg/base-drafts/issues/2473@github.com>
Subject: Re: [quicwg/base-drafts] Connection ID Length changes (#2473)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c6f0061a17ce_7c383f989ccd45b4159280"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/_0EHAvWmLv6dgGKRaJAMgmXUicc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 19:47:49 -0000

I think banning switching from non-zero-length CID to zero-length CID might be too constraining. Imagine a server is initially reached via an IPv6 anycast address, and it tells the client its IPv6 preferred address. If that server owns a /64, it can give a different preferred address to each client which allows zero-length CIDs and migration without requiring trial decryption because the server can find the connection simply by looking at the packet destination IP address. (Note that kernels don't let you easily do that today but that can be fixed.) The only downside I'm seeing here is that migration can now be tracked across paths since the connection ID doesn't change and the server IP is enough to identify a connection. I suspect there are deployment scenarios where reducing CID overhead is more important that the privacy risk. But, given that the server preferred address is only advisory, a client that cares more about privacy than about the CID overhead can simply refuse to switch over. With all that said, I don't think the restriction against zero-length-CID helps us.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2473#issuecomment-466140260

v2.23.0 | Report a Bug | By Email