RE: Simple transform for improving PN ossification prevention
Praveen Balasubramanian <pravb@microsoft.com> Tue, 17 April 2018 19:09 UTC
Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB0E412D878 for <quic@ietfa.amsl.com>; Tue, 17 Apr 2018 12:09:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sw84XgUEd4km for <quic@ietfa.amsl.com>; Tue, 17 Apr 2018 12:09:45 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0133.outbound.protection.outlook.com [104.47.42.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCE3E127909 for <quic@ietf.org>; Tue, 17 Apr 2018 12:09:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ILCrN11XgOkGSAVvI8mNgNSggG20NJd67n6x3aCf5KI=; b=mf+gPi5ozHo6W6OM7vNCZf1DSY85I8dYIzYPZeqoPXLgBXV76ot5Oxlicqsv4MncPeqoG3+8gZNfA34QkEYiXTNlEekUi/uSjdS/T8wKON4LxuxetHisd6S0p6T6SbQYXJmkmiHHKknljZE8USrZhi96UH+OgFr+hr0nCUAKyaY=
Received: from CY4PR21MB0630.namprd21.prod.outlook.com (10.175.115.20) by CY4PR21MB0741.namprd21.prod.outlook.com (10.173.189.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.715.7; Tue, 17 Apr 2018 19:09:43 +0000
Received: from CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::fc65:cb01:17a1:639d]) by CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::fc65:cb01:17a1:639d%3]) with mapi id 15.20.0715.004; Tue, 17 Apr 2018 19:09:43 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Martin Thomson <martin.thomson@gmail.com>
CC: Ryan Hamilton <rch@google.com>, "Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Victor Vasiliev <vasilvv@google.com>, IETF QUIC WG <quic@ietf.org>, Kazuho Oku <kazuhooku@gmail.com>
Subject: RE: Simple transform for improving PN ossification prevention
Thread-Topic: Simple transform for improving PN ossification prevention
Thread-Index: AdPQQ8p5pfJiY2+yR8ud9raMWX53bwAXp/KAABHOGxAAB+ZAgAAACqGQAAuyyQAACzPhAAAC9p6AAAKcBQAAIR0fgAABLEIAAAn14wAABEW/AAADvM2AAAsF2kAA+pZfUA==
Date: Tue, 17 Apr 2018 19:09:42 +0000
Message-ID: <CY4PR21MB0630B7EE570FA57347E66D8EB6B70@CY4PR21MB0630.namprd21.prod.outlook.com>
References: <CY4PR21MB063025EF8B5F228BB242920AB6BF0@CY4PR21MB0630.namprd21.prod.outlook.com> <CAAZdMafa6AgbyO2ZvTBcMND_SsQZhobZJ6vXwbZ3pvQ4VmHNhg@mail.gmail.com> <CY4PR21MB06300674D06468E62B98047FB6BE0@CY4PR21MB0630.namprd21.prod.outlook.com> <CAJ_4DfT-LZ3Oht8w=SZN=OqsJHQOg-ssDYeXm-kVe7by2tFsKw@mail.gmail.com> <CY4PR21MB0630BDFEB41698AFBE1F8105B6BE0@CY4PR21MB0630.namprd21.prod.outlook.com> <CANatvzy-XSAdR2JqQXtR5sKu2TdQfNkWoQPyhRKz--_SYeaedQ@mail.gmail.com> <C476CF4B-0D5E-462A-974E-66663D664E81@trammell.ch> <CANatvzzXtg-6+SgV7c+yqTVzukNqW=G5u4J4wQK8zA8=LUvxPA@mail.gmail.com> <60955AE8-7637-4CC4-9FD8-56201685EE03@nokia.com> <CANatvzy0n6k21pME8T6-TschSMf10HA5Y_cO0gdCHfJ58haGoA@mail.gmail.com> <CABkgnnW-MqXEJ0iH6vXZhr9qLBGQ+TDpr=A5=TGUxiXeMC6LLQ@mail.gmail.com> <CAN1APddJ5UL=g3fXtwVtRrmr_t87W65ONKpZKGFxAkNCcEusQw@mail.gmail.com> <CABkgnnU5ysvRYGnzw5ceMJs=jxp648ek6vFYKUWVzP7GtM22GA@mail.gmail.com> <CAN1APdejp9JGLFsT_zm9sV3P6yVnWtkPd93jB5AeyfZd27cO5Q@mail.gmail.com> <CY4PR21MB06309EAC254A087F5D3304B0B6BC0@CY4PR21MB0630.namprd21.prod.outlook.com>
In-Reply-To: <CY4PR21MB06309EAC254A087F5D3304B0B6BC0@CY4PR21MB0630.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:a::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0741; 7:sPei9kV+SxTxv13LA/7jwxBrEzY80aOt1EOqhmQUVlFYbmGndN5HjNeB5arijxEQMG9dYSYOn8IFYjWp8UFRmxWgv4mvRfOk6ggU1AveaR5QyG7RTjp4USD9S3lAYvfe7uUlLvPQRtmVaHvM7P5PuIE7hQD4x/M40WTda2ncnRwpkvd5/V4RCpCnYBgJusKMLMvA27WOq9NlAjtltd0iubEY18pf1gaN7kPPlrP5yCbxGoIohBBZKltoKrDLO0Ae; 20:1iBjALFpzosjFzdpuJ9uAmpeH2ZqPLDw45KhWKhRU39vR4LyoNhAlpgXNw21Sz0IB2AZBNUnZubUlw3QNA0Yk3A9cR8HE1EiJmIRAjOdJoRw3A1u/3TfFgkvs6uktpTQRmcMUdXRT7agECgUxUEKiYhHJUWqgvPLflXbJXNKUc0=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7193020); SRVR:CY4PR21MB0741;
x-ms-traffictypediagnostic: CY4PR21MB0741:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB0741D202B31F9E03C1025997B6B70@CY4PR21MB0741.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(89211679590171)(166708455590820)(189930954265078)(82608151540597)(85827821059158)(211936372134217)(153496737603132)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231232)(944501361)(52105095)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR21MB0741; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0741;
x-forefront-prvs: 0645BEB7AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(346002)(39860400002)(366004)(376002)(396003)(199004)(189003)(446003)(97736004)(53546011)(10290500003)(6506007)(99286004)(478600001)(19609705001)(7736002)(6116002)(486006)(3660700001)(106356001)(790700001)(33656002)(8656006)(86612001)(7696005)(76176011)(229853002)(316002)(11346002)(22452003)(5660300001)(4326008)(3280700002)(25786009)(68736007)(476003)(606006)(5250100002)(966005)(10090500001)(93886005)(236005)(9686003)(54896002)(6306002)(8676002)(81156014)(81166006)(53936002)(46003)(39060400002)(14454004)(6246003)(53376002)(6436002)(54906003)(110136005)(86362001)(105586002)(2900100001)(74316002)(186003)(102836004)(8990500004)(8936002)(2906002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0741; H:CY4PR21MB0630.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: MnvEtCGzFZsnwJYIne/CC5XtQMXyd2HrF69V9zghNl5aWIux7TADXQMRj3P6J557PfbGRghcvJUMwHEP92cdXQ5dlRvWyWtinIjyquzkOiZ3pw4e+TNl3xhB3YzMSeaOPOQkE+lBAg5NOzzLGZNChKTCa7LG7HBD3uFdTybHap4OCo8yuQkUDzstpc32i68/
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0630B7EE570FA57347E66D8EB6B70CY4PR21MB0630namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: a6678b53-2c71-432b-4f0b-08d5a496c6ef
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a6678b53-2c71-432b-4f0b-08d5a496c6ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2018 19:09:43.0323 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0741
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/0fVRvRGiNAe2l8RALJVVawBMtO4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 19:09:49 -0000
I opened issue #1296<https://github.com/quicwg/base-drafts/issues/1296> for tracking PN transform negotiation. From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Praveen Balasubramanian Sent: Thursday, April 12, 2018 9:29 AM To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>; Martin Thomson <martin.thomson@gmail.com> Cc: Ryan Hamilton <rch@google.com>; Fossati, Thomas (Nokia - GB/Cambridge) <thomas.fossati@nokia.com>; Brian Trammell (IETF) <ietf@trammell.ch>; Victor Vasiliev <vasilvv@google.com>; IETF QUIC WG <quic@ietf.org>; Kazuho Oku <kazuhooku@gmail.com> Subject: RE: Simple transform for improving PN ossification prevention Re. #1079, following seems like a way forward so we get to do some implementations and get data: 1. PN transform is negotiated using transport params. 2. Following PN transforms are supported: * PNE Connections expecting to use multiple paths due to gratuitous/voluntary migration MUST negotiate and use PNE transform. See issue 1271 where options are being discussed on how migration could be negotiated. Revisit this solution for proper multi-path after designing multiple PN spaces. I am fine if this is done for V2. * Low cost ossification prevention transform (like shuffle). For connections on the Internet on single path require them to negotiate this transform. Even better if we find another low cost scheme with better properties before we ship V1. * No-op (current draft) For intra-datacenter or single domain private network scenarios allow usage of the no-op transform. If server fails to negotiate PNE and supplies multiple connection IDs for migration, client fail the connection. If the server fails to negotiate a low cost transform on the Internet, client fails the connection. Please note that servers are free to pick PNE all the time. This allows server deployments which have no performance concern to always use PNE. I do have some battery life concerns on client side, but I do think the major perf concern is on server side. If the deployments using low cost transform hit middlebox issues they will suffer and pay the cost to do PNE. From: Mikkel Fahnøe Jørgensen [mailto:mikkelfj@gmail.com] Sent: Thursday, April 12, 2018 3:52 AM To: Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> Cc: IETF QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>; Brian Trammell (IETF) <ietf@trammell.ch<mailto:ietf@trammell.ch>>; Ryan Hamilton <rch@google.com<mailto:rch@google.com>>; Victor Vasiliev <vasilvv@google.com<mailto:vasilvv@google.com>>; Fossati, Thomas (Nokia - GB/Cambridge) <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>>; Kazuho Oku <kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>>; Praveen Balasubramanian <pravb@microsoft.com<mailto:pravb@microsoft.com>> Subject: Re: Simple transform for improving PN ossification prevention On 12 April 2018 at 11.05.17, Martin Thomson (martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>) wrote: The clean per-path packet number doesn't defend against "helpfulness" of the nature I described. Those problems exist if the signal exists at all. True. But these are still the options as I see it. Half-baked obfuscation will only make it worse. There is the holy grail of fast 32-bit permutations that can be used directly as IV, which are sufficiently safe wrt. privacy, and where the permutation does not depend on the packet content. The following function is useful to disperse a low-quality hash - it is a perfect permutation. Unfortunately, or fortunately, it can be trivially reversed - see stack overflow article. There are also 64-bit variants, and it could also be just a single multiplication. Martin T. already hinted at something similar in an earlier mail. The benefit of this over lower octet permutation is that stupid middle-boxes don’t have a chance, while slightly intelligent middle-boxes can use it is loss / reordering signal, and QUIC hardware offload decryptors can use the value unmodified as IV rather than computing the inverse first. From a privacy perspective this is no better than plain sequential numbers. But it still serves as fingerprinting a given QUIC version. I’d say full encryption or clear text sequential are the only viable choices. /* http://stackoverflow.com/a/12996028<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fstackoverflow.com%2Fa%2F12996028&data=02%7C01%7Cpravb%40microsoft.com%7Ca2c88dcbb1514646489e08d5a0637623%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636591271404538121&sdata=VA8DpVcyhVKyWOMKScnhomUQySGb9q3x1rdYKsctwf0%3D&reserved=0> */ uint32_t x = type_hash; x = ((x >> 16) ^ x) * 0x45d9f3bUL; x = ((x >> 16) ^ x) * 0x45d9f3bUL; x = ((x >> 16) ^ x); return x;
- Simple transform for improving PN ossification pr… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- RE: Simple transform for improving PN ossificatio… Nick Banks
- RE: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- RE: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- Re: Simple transform for improving PN ossificatio… Martin Thomson
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Martin Thomson
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Martin Thomson
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Christian Huitema
- Re: Simple transform for improving PN ossificatio… Victor Vasiliev
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Ryan Hamilton
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- RE: Simple transform for improving PN ossificatio… Mike Bishop
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Kazuho Oku
- Re: Simple transform for improving PN ossificatio… Brian Trammell (IETF)
- Re: Simple transform for improving PN ossificatio… Roberto Peon
- Re: Simple transform for improving PN ossificatio… Fossati, Thomas (Nokia - GB/Cambridge)
- Re: Simple transform for improving PN ossificatio… Kazuho Oku
- Re: Simple transform for improving PN ossificatio… Roberto Peon
- Re: Simple transform for improving PN ossificatio… Fossati, Thomas (Nokia - GB/Cambridge)
- Re: Simple transform for improving PN ossificatio… Eggert, Lars
- Re: Simple transform for improving PN ossificatio… Roland Zink
- RE: Simple transform for improving PN ossificatio… Lubashev, Igor
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- RE: Simple transform for improving PN ossificatio… Lubashev, Igor
- Re: Simple transform for improving PN ossificatio… Christian Huitema
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Spencer Dawkins at IETF
- Migration privacy and NAT rebinding Christian Huitema
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- RE: Simple transform for improving PN ossificatio… Lubashev, Igor
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- Re: Simple transform for improving PN ossificatio… Stephen Farrell
- Re: Simple transform for improving PN ossificatio… Kazuho Oku
- Re: Migration privacy and NAT rebinding Martin Thomson
- Re: Simple transform for improving PN ossificatio… Martin Thomson
- RE: Migration privacy and NAT rebinding Roni Even (A)
- Re: Migration privacy and NAT rebinding Willy Tarreau
- Re: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- Re: Migration privacy and NAT rebinding Roland Zink
- Re: Simple transform for improving PN ossificatio… Martin Thomson
- Re: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- Re: Migration privacy and NAT rebinding Benjamin Kaduk
- Re: Migration privacy and NAT rebinding Roland Zink
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Simple transform for improving PN ossificatio… Mikkel Fahnøe Jørgensen
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian
- Re: Migration privacy and NAT rebinding Benjamin Kaduk
- Re: Simple transform for improving PN ossificatio… Mirja Kühlewind
- RE: Simple transform for improving PN ossificatio… Praveen Balasubramanian