IETF Logo Mail Archive

RE: Expected Client Response to SERVER_BUSY

Praveen Balasubramanian <pravb@microsoft.com> Wed, 20 February 2019 21:02 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD091128AFB for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 13:02:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtJOP65eixze for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 13:02:20 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740095.outbound.protection.outlook.com [40.107.74.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FD2D12894E for <quic@ietf.org>; Wed, 20 Feb 2019 13:02:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kPYa299KZD5DRVeFcwTS0vpu+vHOxWZfJ4iiD17Js4M=; b=Fxx/+4w8o5xteW+vVKDRMvmfcs+NDGCffwdxUeU5GHtrA5oiYIBqLnHg1FP1sOUwSUKb0D2FaHG9g0KI2OPAgV67ctzp9v/qkYvhqmN6AUvDD02uCjDgJ3QKnjs2fAOOm4sD/zeJUX7MBQ7hNnfAoRIGUpm20FKwxOobi0RLBuE=
Received: from MW2PR2101MB1049.namprd21.prod.outlook.com (52.132.149.13) by MW2PR2101MB1020.namprd21.prod.outlook.com (52.132.148.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.2; Wed, 20 Feb 2019 21:02:17 +0000
Received: from MW2PR2101MB1049.namprd21.prod.outlook.com ([fe80::a490:2c67:6786:b826]) by MW2PR2101MB1049.namprd21.prod.outlook.com ([fe80::a490:2c67:6786:b826%7]) with mapi id 15.20.1665.002; Wed, 20 Feb 2019 21:02:16 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Roberto Peon <fenix@fb.com>, Töma Gavrichenkov <ximaera@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: Nick Banks <nibanks@microsoft.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: RE: Expected Client Response to SERVER_BUSY
Thread-Topic: Expected Client Response to SERVER_BUSY
Thread-Index: AdTInrfRZAbJSsLZSlWCCrlUkiWX7AAgkIeAAACdzgAAAbynAAAAN6coAACOYoAAAIKXwAAAszQAAAatwwAAAd27AP//i/wA//92IBA=
Date: Wed, 20 Feb 2019 21:02:16 +0000
Message-ID: <MW2PR2101MB104957EA222B6ABA00B5E6AEB67D0@MW2PR2101MB1049.namprd21.prod.outlook.com>
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com> <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net> <CALZ3u+YxHeVuF-27pjO6gGZ__RT7Y9cAx0vE+x-n8vJbWM+L6g@mail.gmail.com> <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com>
In-Reply-To: <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:0:e4e5:68c7:c780:e632]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 61f7a654-08c9-4ade-dabe-08d69776b221
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600110)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MW2PR2101MB1020;
x-ms-traffictypediagnostic: MW2PR2101MB1020:
x-microsoft-exchange-diagnostics: 1;MW2PR2101MB1020;23:0UU5G80qn2bNwxpDh87mZVJIGU0KPzufjF6fNA7wYzkZ2f9S8qJqdUAJC46OS1JS+cqShnlsAO16eUzEzecWSvKIX2Zzdcc4FG92jf1JlmqMkhexpRUengOq5wT/ZGP3ezFZs6ygyRJtFEXDWhjgYXRhkxQ/cO6u37r4TgYhlxAjlqq3G/3W9wZ/4jREAIxrfBavkp9SjW1SPBJUt1Ob4TKxP1pBM+VLElk3bEqfKk+cC/k3cvm6HgnzV1GAXW0OisfsuDNMOXkg1+5FbW7VzTDHRaQIjQIj0nnlvp6zFAiFuI7WeeXqrVe8LqUoEJXlm0xu34mtkS5QUIbvArwUbYWQOxyojmyruks0ak0PrBl4vI5pVciUhxyKRQOAf7TywDMhRJ5RrscIsmVHrbDlzUFYKYcElGlRwXxbBpZMx66UN6E7Bl0r8b6Pv79m1WyMW3inRed8Bttkd9n5gVPclAZgutax1R1ZchOMIwWylxUz8XwAlPTxFwDF5EEwZ4HQ00yEYqWh7FoihvD3GdIGYeV329xNG3qAcyCuJluoPmjGIzWSw5vlEvbkUXmMZH92CppKqmCffiQVHvM+jMZOoeEgkqTVo1jXTZQyifF2jLtP4kcTCxEgi57D5Z9G8MYTaLDyveRthKLr3FqcMGUf43J+oQp6w4T+I4+1q59iPutpEqFvwepGIKsWwPK8hqCP0zvbnpV8t+j1ymopyuX7OnwC/1hoK+t6/ebl1SctlRcuLl5AX3fh7rUA4327kHOGeBHlxDXNFjiHTXIglJTvceGVsnsJ2b1zHPJF/f7sAJiNG53VDEmxauOlxM5GuQP0rMgBfc2Zb0cwVykwpp0Am77VoPk41/ZPNnRomxPU73lNNhATEFRtRMiLZCGPqapeiaj9HkHSCVZOhXQzOb/V3c+SDh8akXXz0GPbFP5Yu/nD14GUsT496RUI48UX/hTvYjnYlC9I+yIjNqHyByVUKSjUKGaDlOFw7NCYMub3BASm03A+137xLK7ZI4BQ1UuvCUWZ3Yk73Au5hX8ipY52Ezx8ye0513A+oKrWJEVmOtJCHcy+wbddsj5UDmWdBXMTKv3la2dVr8C1VZ5xjkc5jOq/jeiYuN/Ojn/vZx8OFuu99JJokUAb2W6+ypnNbhCXGygd82mLVra30NkQLnyZX787ZvE7YtiajzbFwX73E8Vv8URIgNir8xHHZpBP1CTT9LxsYrTGQqFLq4lwDF40k8r6nn8VWShhA+uBQ81FgRaotI2NApAl9v+7QFUZxl5OhI2L/4k+lvmlH2XKfrlvA4IpHu8x6FG/3PcE1jmOasn0zSYKYPUuukEArHQAuFb63BS5lW73ExwPY81IG6ss9Xin6nIr7LTDD9xsd+Rna8zB4KKK8JRm8MTSx0c4AjEIf0TLyqXuMyhfhv7TdQ5j5Q==
x-microsoft-antispam-prvs: <MW2PR2101MB1020CF1F2DC70780C9D6BB70B67D0@MW2PR2101MB1020.namprd21.prod.outlook.com>
x-forefront-prvs: 0954EE4910
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(366004)(136003)(396003)(346002)(13464003)(53824002)(189003)(199004)(256004)(486006)(11346002)(46003)(106356001)(4326008)(186003)(14444005)(25786009)(7736002)(86362001)(6346003)(66574012)(305945005)(53936002)(6436002)(55016002)(9686003)(105586002)(446003)(86612001)(8676002)(81166006)(476003)(229853002)(74316002)(81156014)(71200400001)(8936002)(71190400001)(6116002)(14454004)(478600001)(76176011)(2906002)(7696005)(10290500003)(10090500001)(22452003)(93886005)(316002)(6246003)(8990500004)(102836004)(99286004)(110136005)(53546011)(33656002)(54906003)(97736004)(6506007)(5660300002)(68736007); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR2101MB1020; H:MW2PR2101MB1049.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: cow2hKnb6RIa1Z+wxFAUfziCFB9eqKd0At2KKh7GsJAoqOPSTEdGhZAiaAK19Y36/Ca6a6Joqg6BQPwcVvbJDjU57rKmF7ak8PaB2Zhm7W13p4J6g3JxwAWQW+09vpQPQ8knkGY16CJhysAl1JKg4dJXfxTulLSW7B3xQR4/NvqocoQRDRRYJXOeGejhdn50aDs9GaL8GwZuq4Km594k4GSXYvpvMhBAcmp3lMXEA2Wn94qGtL/HklUh/VkfAFutYb1mtZouWiPTy4DHIdQ+ei1dCYxYyK4eE1rGVap3ZLYDaVxEEURfkFX7G2lN7xMJrWmGqNzTHMBu+mZidip2M42+Q+A9+WmoKEf3azrA9//XKlE357eZsIGHz68hHcFqpu8lor3B8NMm4ARrqZ7n+Juw/jO+RWTAr7wmCmPEnpU=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61f7a654-08c9-4ade-dabe-08d69776b221
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2019 21:02:16.8363 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR2101MB1020
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/AwYOasEWqcV6WXOm5DD2l6sScNM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 21:02:24 -0000

Agreed that we cannot mandate any client behavior for malicious clients, but have clear guidance for well-behaved clients to fall back to TCP. This mechanism provides a very low CPU cost fast fallback to TCP under DoS attacks until all infrastructure can support QUIC natively. Certainly a big step up from just rate limiting UDP traffic. This way well behaved clients will have a good chance for connectivity and the malicious ones will be rate limited. And as pointed out middleboxes can do other bad things like drop all CIs.

-----Original Message-----
From: QUIC <quic-bounces@ietf.org> On Behalf Of Roberto Peon
Sent: Wednesday, February 20, 2019 12:48 PM
To: Töma Gavrichenkov <ximaera@gmail.com>; Christian Huitema <huitema@huitema.net>
Cc: Nick Banks <nibanks@microsoft.com>; Brian Trammell (IETF) <ietf@trammell.ch>; Ian Swett <ianswett@google.com>; IETF QUIC WG <quic@ietf.org>; Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: Expected Client Response to SERVER_BUSY

I believe that the solution to this problem (what a client does when the server is being DoS'd) is inherently out-of-band, and thus not part of the QUIC protocol.

Clients should do whatever they want to do as a response to SERVER_BUSY. We can't make the malicious ones stop, and anything we do to allow non-malicious ones to respond appropriately requires pre-sharing of something, or for the connection to succeed (which is essentially establishing a context for such sharing).

Designing policy around that is probably fodder for another discussion (that I hope we get together and have in the context of the HTTP wg).

-=R

On 2/20/19, 11:44 AM, "QUIC on behalf of Töma Gavrichenkov" <quic-bounces@ietf.org on behalf of ximaera@gmail.com> wrote:

    On Wed, Feb 20, 2019 at 10:49 AM Christian Huitema <huitema@huitema.net> wrote:
    > the proposition here allows a middle-box or a man-on-the-side to send an
    > unencrypted signal and have the client immediately immediately drop the
    > connection. That does not feel right.
    
    A man-on-the-side (don't even mentioning a box-in-the-middle) could
    *always* make a client drop a connection, e.g., by sending a large
    amount of junk packets towards the client that the client would be
    unable to correctly handle. It's just a matter of how much harm does
    that box need to do to the network.
    
    Any opposite approach I can think of requires to put the private key
    of the server on a DDoS handling machine or to deploy it onto a DDoS
    mitigation cloud, which not only increases exposure of the users' data
    but is also explicitly forbidden in certain countries for companies
    from certain industries. It's already only narrowly possible to avoid
    doing so with QUIC (and that already requires either a collaboration
    between the QUIC library supplier and the DDoS mitigation vendor —
    which in turn leads to vendor lock — or a reverse engineering-based
    design), so until we have a v2 which is (hopefully) more LB and
    DDoS-aware, this is the lesser of two evils.
    
    --
    Töma

v2.23.0 | Report a Bug | By Email