IETF Logo Mail Archive

Re: [quicwg/base-drafts] Spin bit should be applied per each 5-tuple rather than per connection (#1828)

Brian Trammell <notifications@github.com> Thu, 08 November 2018 09:59 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E86F123FFD for <quic-issues@ietfa.amsl.com>; Thu, 8 Nov 2018 01:59:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.47
X-Spam-Level:
X-Spam-Status: No, score=-3.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvNW8i5EPORv for <quic-issues@ietfa.amsl.com>; Thu, 8 Nov 2018 01:59:35 -0800 (PST)
Received: from o8.sgmail.github.com (o8.sgmail.github.com [167.89.101.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B102F130E23 for <quic-issues@ietf.org>; Thu, 8 Nov 2018 01:59:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4I8rHu/wWzlorUjpx6tHtniWVr4=; b=CNh6ENnBE8Aq/vrf wCd7K9DjwL9D7/28HDjzY1vtA5sY80ocbGFMd9tGy732pNInjK+QQWbzfK1cH/Yt dLg4AGy3RE+in8TkYc9T/T8Qm8kt7NvVfvvZq6XNwpAhrrzpHRYeEjQ/Sl1AzBDn wSHdcsSnADztHYa+VFx3mgKA+mI=
Received: by filter0797p1las1.sendgrid.net with SMTP id filter0797p1las1-26489-5BE40905-2A 2018-11-08 09:59:34.018570281 +0000 UTC m=+60473.472955263
Received: from github-lowworker-fc273f0.cp1-iad.github.net (unknown [192.30.252.33]) by ismtpd0008p1iad2.sendgrid.net (SG) with ESMTP id GixylqQuSBqsPc9x_SpxHA for <quic-issues@ietf.org>; Thu, 08 Nov 2018 09:59:34.028 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-fc273f0.cp1-iad.github.net (Postfix) with ESMTP id E29DDC0F68 for <quic-issues@ietf.org>; Thu, 8 Nov 2018 01:59:33 -0800 (PST)
Date: Thu, 08 Nov 2018 09:59:35 +0000
From: Brian Trammell <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc5197605222041e34adb5622d072cd447d3baa6492cf0000000117fbcb0592a169ce15d27d33@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1828/436938812@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1828@github.com>
References: <quicwg/base-drafts/issues/1828@github.com>
Subject: Re: [quicwg/base-drafts] Spin bit should be applied per each 5-tuple rather than per connection (#1828)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5be40905e03fb_1cc83fcee16d45bc2074f0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: britram
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0Clv6NlPYSY7Wx8rDs5EpEihbLoyC9hGiEPM kHjTWq9eauRpz9WrMql3LuI1ZOLlRqkfOl/7wd75G7aG/rQWafaH7YbuNZL9erDPBxIvjW1DlIOeIp S/fXr2Rh1WjnyoKK2Fig7ajr24W4gdzZNkyPtm+J6/+HGikBt3UCOlbYn8F752+tRrrJ6fhOsgWDfR w=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/wzVFA9cVv3KUKzQyKJBEW-Zqej0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 09:59:38 -0000

I tend to agree with @ianswett here -- while different CIDs may often represent connections between the same processes (and therefore with similar e2e delays at a given instant in time), this is not guaranteed to be the case. Is per-CID spin a useful passive measurement signal in the general case, though?

Stepping back, there seem to be two broad usage patterns with partially conflicting requirements here:

- possibly-mobile client with load-balanced server. Here the server proposes non-zero-length CIDs, and the client proposes a zero-length CID. The client will generally not use one server CID at a time. Since the CID reserve a client has exists to attempt to reduce address linkability on a rebinding event, the spin state should not be shared across CIDs -- this language has been in spin-exp since London (*)

- client-server connection using CID multiplexing. In this case, both client and server CIDs must be in use, though the CID size does not necessarily need to be the same in each direction. Migration linkability mitigation is harder in this case, and it's not clear to me that it's even a requirement. Here, per-5-tuple-spin would be possible. (note that in this case the server also has to keep CID-2-tuples around, so @ianswett's point that per-CID is hard on the server does not apply here)

Per-5-tuple spin is clearly more useful to the path -- otherwise, on-path devices has to use heuristics to guess the CID (node, this is not very hard if it has a few packets, but it needs to keep a header buffer up to max CID length until it locks on, and it can use heuristics about well-known servers/CDNs/configurations to make an initial guess that will be correct almost all of the time -- in any case, any on-path measurement device offering RTT information will also probably offer flow information). But it seems impossible to do for those cases where we care about reducing spin state contribution to rebinding linkability.

* as I've pointed out at many times in the past, rebinding linkability reduction still seems to rely on incredibly wishful thinking to me, and I'd really like to see some data on the anonymity set sizes for rebindings in the temporal domain. Even in the case that linkability reduction has a practical benefit, spin state adds a tiny fraction of a bit of information, so blanking spin state on CID change is of vanishingly small benefit. However, it is consistent with the rest of the protocol's design, and I'm still willing to pretend it's a useful exercise, because there seems to be broad consensus that we believe in it.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1828#issuecomment-436938812

v2.23.0 | Report a Bug | By Email