IETF Logo Mail Archive

Re: [quicwg/base-drafts] Spin per peer (#1982)

Christian Huitema <notifications@github.com> Mon, 26 November 2018 01:30 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEFF9130E71 for <quic-issues@ietfa.amsl.com>; Sun, 25 Nov 2018 17:30:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GkDNGBjbu_FF for <quic-issues@ietfa.amsl.com>; Sun, 25 Nov 2018 17:30:11 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 197DE130DC6 for <quic-issues@ietf.org>; Sun, 25 Nov 2018 17:30:11 -0800 (PST)
Date: Sun, 25 Nov 2018 17:30:09 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543195809; bh=rYXytLc4ZcUtB7jiMlRU4uiv4UKEGqZTrkWqv0otSeE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VGv8vh4aBfMRth6Su1AedphEomV48PEuuFf1hfO/l7HzyiwfsUsnEGTwAGaTVrnEb JvSREUhiHrC0AEYWjQDNJJVDe8hW3D1oMeYQEGGyyEEfiFrwxZkzNJVE1U2GHuzuuw 2NbZVz+M0Q54rHt5BD0MNR84q7RaEAHZi2oZBVKc=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab4e7eef32b4651b17bb311e9ac74f4dfd4ab4315a92cf0000000118130ea192a169ce169265bd@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1982/review/178110590@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1982@github.com>
References: <quicwg/base-drafts/pull/1982@github.com>
Subject: Re: [quicwg/base-drafts] Spin per peer (#1982)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bfb4ca1eef40_46e33f94a08d45b8641c7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/xeN9xuf0CkZendaM7ivzjxSY_yo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 01:30:13 -0000

huitema commented on this pull request.



> -
-When the spin bit is disabled, endpoints SHOULD set the spin bit value to zero,
-regardless of the values received from their peer. Addendums or revisions to
+fraction of connections.
+
+The selection process SHOULD be designed such that
+on average the spin bit is disabled for at least one eighth of network paths.
+The random choice SHOULD be dependent
+on the source and destination addresses of the path,
+so that the spin bit is consistently enabled or
+disabled for repeated use of the same path.
+
+When the spin bit is disabled, endpoints SHOULD set the spin bit value to
+a constant value randomly chosen to be 0 or 1,
+regardless of the values received from their peer.  Alternatively, endpoints MAY
+change this value when changing connection ID.  Addendums or revisions to

I am concerned with fingerprinting. If implementations invent their own scheme, than the observed patterns will identify the implementation, and that's a moderate privacy risk. The other issue is of course ossification. if middle boxes "learn" that there are a few one specific patterns for that bit. The current spec specifies a random constant, which does entail a moderate ossification risk.

Specifying nothing amount to trusting the implementations. That will probably lead implementers to copy whatever Google does, in order to not stick out. That may be fine. Specifying random would work if implementations were really using good random sources, but implementations have very often failed to do that. If they use a predictable pseudo-random pattern, they can be easily fingerprinted. 

I am looking at the "interop" reason. The main risk is that an overzealous receiver barfs because the spin bit is not what it expected. So maybe we should just say that endpoints that do not enable the spin bit MAY put whatever value they see fit, and MUST accept any incoming value.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1982#discussion_r236102252

v2.23.0 | Report a Bug | By Email