Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)

hardie <notifications@github.com> Mon, 14 October 2019 22:34 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06CAD1208A7 for <quic-issues@ietfa.amsl.com>; Mon, 14 Oct 2019 15:34:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEngQvfD-wnv for <quic-issues@ietfa.amsl.com>; Mon, 14 Oct 2019 15:34:02 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65916120894 for <quic-issues@ietf.org>; Mon, 14 Oct 2019 15:34:02 -0700 (PDT)
Received: from github-lowworker-2ef7ba1.ac4-iad.github.net (github-lowworker-2ef7ba1.ac4-iad.github.net [10.52.16.66]) by smtp.github.com (Postfix) with ESMTP id 4874D520D5A for <quic-issues@ietf.org>; Mon, 14 Oct 2019 15:34:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1571092441; bh=sfD1a0j/0dne1nGcnGjRH2ehP5GRlh1sYpH+GJZEeLE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Sv2vb+RCb8bLBdQdVh9CHKZKAkJ3lwRenUmZdefTg+uLe5nvAFWx3AD0Sg4A2cDqF JuhHundnMJZ8kinhlRN9rP54N0SnofCq3wJ2RB29rIoyQ4SEVyFXD53MhZFEqC4rQE lTxfjggHsej+e0IZ1xU5Qf+yrxuaPBP5jqNLrGQU=
Date: Mon, 14 Oct 2019 15:34:01 -0700
From: hardie <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK77YRNTGUQFWKHUZBN3WIVFTEVBNHHB4IOF7M@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3086/541960573@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3086@github.com>
References: <quicwg/base-drafts/issues/3086@github.com>
Subject: Re: [quicwg/base-drafts] Add application parameters to QUIC handshake and use it for H3 SETTINGS (#3086)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da4f7d936a8a_65153f97738cd968108180"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: hardie
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ctcs3rYCF3cAuK53STr6-l7njI0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 22:34:05 -0000

On Fri, Oct 11, 2019 at 2:13 PM Nick Harper <notifications@github.com>
wrote:

> Regarding the confidentiality of this mechanism:
>
> I am assuming (perhaps incorrectly) that the contents advertised in the
> client's application parameters are no more confidential than transport
> parameters. In H3, both the transport parameters and SETTINGS are
> effectively constant per implementation - any identifying bit leaked by the
> H3 SETTINGS is also leaked by the transport parameters. My assumption is
> that other future applications using this mechanism will be similar in the
> amount of (non) leakage, but that can be analyzed on a per-application
> basis.
>
> This definitely needs to be per-application and may need to be per
parameter.  If you treat the DNS client subnet as an application parameter
for DNS over QUIC, for example, the implications may be much more privacy
sensitive than for other EDNS0 parameters.

Ted


> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/quicwg/base-drafts/issues/3086?email_source=notifications&email_token=AAKVXZDWUYVNFQ2E5TAW7ODQODT67A5CNFSM4I7SPSU2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBBHJGQ#issuecomment-541226138>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAKVXZFXDQRJ32OEVYHAOCDQODT67ANCNFSM4I7SPSUQ>
> .
>


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3086#issuecomment-541960573