IETF Logo Mail Archive

RE: Simple transform for improving PN ossification prevention

Praveen Balasubramanian <pravb@microsoft.com> Tue, 17 April 2018 19:09 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB0E412D878 for <quic@ietfa.amsl.com>; Tue, 17 Apr 2018 12:09:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sw84XgUEd4km for <quic@ietfa.amsl.com>; Tue, 17 Apr 2018 12:09:45 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0133.outbound.protection.outlook.com [104.47.42.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCE3E127909 for <quic@ietf.org>; Tue, 17 Apr 2018 12:09:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ILCrN11XgOkGSAVvI8mNgNSggG20NJd67n6x3aCf5KI=; b=mf+gPi5ozHo6W6OM7vNCZf1DSY85I8dYIzYPZeqoPXLgBXV76ot5Oxlicqsv4MncPeqoG3+8gZNfA34QkEYiXTNlEekUi/uSjdS/T8wKON4LxuxetHisd6S0p6T6SbQYXJmkmiHHKknljZE8USrZhi96UH+OgFr+hr0nCUAKyaY=
Received: from CY4PR21MB0630.namprd21.prod.outlook.com (10.175.115.20) by CY4PR21MB0741.namprd21.prod.outlook.com (10.173.189.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.715.7; Tue, 17 Apr 2018 19:09:43 +0000
Received: from CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::fc65:cb01:17a1:639d]) by CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::fc65:cb01:17a1:639d%3]) with mapi id 15.20.0715.004; Tue, 17 Apr 2018 19:09:43 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Martin Thomson <martin.thomson@gmail.com>
CC: Ryan Hamilton <rch@google.com>, "Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Victor Vasiliev <vasilvv@google.com>, IETF QUIC WG <quic@ietf.org>, Kazuho Oku <kazuhooku@gmail.com>
Subject: RE: Simple transform for improving PN ossification prevention
Thread-Topic: Simple transform for improving PN ossification prevention
Thread-Index: AdPQQ8p5pfJiY2+yR8ud9raMWX53bwAXp/KAABHOGxAAB+ZAgAAACqGQAAuyyQAACzPhAAAC9p6AAAKcBQAAIR0fgAABLEIAAAn14wAABEW/AAADvM2AAAsF2kAA+pZfUA==
Date: Tue, 17 Apr 2018 19:09:42 +0000
Message-ID: <CY4PR21MB0630B7EE570FA57347E66D8EB6B70@CY4PR21MB0630.namprd21.prod.outlook.com>
References: <CY4PR21MB063025EF8B5F228BB242920AB6BF0@CY4PR21MB0630.namprd21.prod.outlook.com> <CAAZdMafa6AgbyO2ZvTBcMND_SsQZhobZJ6vXwbZ3pvQ4VmHNhg@mail.gmail.com> <CY4PR21MB06300674D06468E62B98047FB6BE0@CY4PR21MB0630.namprd21.prod.outlook.com> <CAJ_4DfT-LZ3Oht8w=SZN=OqsJHQOg-ssDYeXm-kVe7by2tFsKw@mail.gmail.com> <CY4PR21MB0630BDFEB41698AFBE1F8105B6BE0@CY4PR21MB0630.namprd21.prod.outlook.com> <CANatvzy-XSAdR2JqQXtR5sKu2TdQfNkWoQPyhRKz--_SYeaedQ@mail.gmail.com> <C476CF4B-0D5E-462A-974E-66663D664E81@trammell.ch> <CANatvzzXtg-6+SgV7c+yqTVzukNqW=G5u4J4wQK8zA8=LUvxPA@mail.gmail.com> <60955AE8-7637-4CC4-9FD8-56201685EE03@nokia.com> <CANatvzy0n6k21pME8T6-TschSMf10HA5Y_cO0gdCHfJ58haGoA@mail.gmail.com> <CABkgnnW-MqXEJ0iH6vXZhr9qLBGQ+TDpr=A5=TGUxiXeMC6LLQ@mail.gmail.com> <CAN1APddJ5UL=g3fXtwVtRrmr_t87W65ONKpZKGFxAkNCcEusQw@mail.gmail.com> <CABkgnnU5ysvRYGnzw5ceMJs=jxp648ek6vFYKUWVzP7GtM22GA@mail.gmail.com> <CAN1APdejp9JGLFsT_zm9sV3P6yVnWtkPd93jB5AeyfZd27cO5Q@mail.gmail.com> <CY4PR21MB06309EAC254A087F5D3304B0B6BC0@CY4PR21MB0630.namprd21.prod.outlook.com>
In-Reply-To: <CY4PR21MB06309EAC254A087F5D3304B0B6BC0@CY4PR21MB0630.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:a::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0741; 7:sPei9kV+SxTxv13LA/7jwxBrEzY80aOt1EOqhmQUVlFYbmGndN5HjNeB5arijxEQMG9dYSYOn8IFYjWp8UFRmxWgv4mvRfOk6ggU1AveaR5QyG7RTjp4USD9S3lAYvfe7uUlLvPQRtmVaHvM7P5PuIE7hQD4x/M40WTda2ncnRwpkvd5/V4RCpCnYBgJusKMLMvA27WOq9NlAjtltd0iubEY18pf1gaN7kPPlrP5yCbxGoIohBBZKltoKrDLO0Ae; 20:1iBjALFpzosjFzdpuJ9uAmpeH2ZqPLDw45KhWKhRU39vR4LyoNhAlpgXNw21Sz0IB2AZBNUnZubUlw3QNA0Yk3A9cR8HE1EiJmIRAjOdJoRw3A1u/3TfFgkvs6uktpTQRmcMUdXRT7agECgUxUEKiYhHJUWqgvPLflXbJXNKUc0=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7193020); SRVR:CY4PR21MB0741;
x-ms-traffictypediagnostic: CY4PR21MB0741:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB0741D202B31F9E03C1025997B6B70@CY4PR21MB0741.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(89211679590171)(166708455590820)(189930954265078)(82608151540597)(85827821059158)(211936372134217)(153496737603132)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231232)(944501361)(52105095)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR21MB0741; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0741;
x-forefront-prvs: 0645BEB7AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(346002)(39860400002)(366004)(376002)(396003)(199004)(189003)(446003)(97736004)(53546011)(10290500003)(6506007)(99286004)(478600001)(19609705001)(7736002)(6116002)(486006)(3660700001)(106356001)(790700001)(33656002)(8656006)(86612001)(7696005)(76176011)(229853002)(316002)(11346002)(22452003)(5660300001)(4326008)(3280700002)(25786009)(68736007)(476003)(606006)(5250100002)(966005)(10090500001)(93886005)(236005)(9686003)(54896002)(6306002)(8676002)(81156014)(81166006)(53936002)(46003)(39060400002)(14454004)(6246003)(53376002)(6436002)(54906003)(110136005)(86362001)(105586002)(2900100001)(74316002)(186003)(102836004)(8990500004)(8936002)(2906002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0741; H:CY4PR21MB0630.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: MnvEtCGzFZsnwJYIne/CC5XtQMXyd2HrF69V9zghNl5aWIux7TADXQMRj3P6J557PfbGRghcvJUMwHEP92cdXQ5dlRvWyWtinIjyquzkOiZ3pw4e+TNl3xhB3YzMSeaOPOQkE+lBAg5NOzzLGZNChKTCa7LG7HBD3uFdTybHap4OCo8yuQkUDzstpc32i68/
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0630B7EE570FA57347E66D8EB6B70CY4PR21MB0630namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: a6678b53-2c71-432b-4f0b-08d5a496c6ef
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a6678b53-2c71-432b-4f0b-08d5a496c6ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2018 19:09:43.0323 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0741
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/0fVRvRGiNAe2l8RALJVVawBMtO4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 19:09:49 -0000

I opened issue #1296<https://github.com/quicwg/base-drafts/issues/1296> for tracking PN transform negotiation.

From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Praveen Balasubramanian
Sent: Thursday, April 12, 2018 9:29 AM
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>; Martin Thomson <martin.thomson@gmail.com>
Cc: Ryan Hamilton <rch@google.com>; Fossati, Thomas (Nokia - GB/Cambridge) <thomas.fossati@nokia.com>; Brian Trammell (IETF) <ietf@trammell.ch>; Victor Vasiliev <vasilvv@google.com>; IETF QUIC WG <quic@ietf.org>; Kazuho Oku <kazuhooku@gmail.com>
Subject: RE: Simple transform for improving PN ossification prevention


Re. #1079, following seems like a way forward so we get to do some implementations and get data:

  1.  PN transform is negotiated using transport params.
  2.  Following PN transforms are supported:
     *   PNE

Connections expecting to use multiple paths due to gratuitous/voluntary migration MUST negotiate and use PNE transform. See issue 1271 where options are being discussed on how migration could be negotiated.

Revisit this solution for proper multi-path after designing multiple PN spaces. I am fine if this is done for V2.

     *   Low cost ossification prevention transform (like shuffle).

For connections on the Internet on single path require them to negotiate this transform. Even better if we find another low cost scheme with better properties before we ship V1.

     *   No-op (current draft)

For intra-datacenter or single domain private network scenarios allow usage of the no-op transform.

If server fails to negotiate PNE and supplies multiple connection IDs for migration, client fail the connection.
If the server fails to negotiate a low cost transform on the Internet, client fails the connection.

Please note that servers are free to pick PNE all the time. This allows server deployments which have no performance concern to always use PNE. I do have some battery life concerns on client side, but I do think the major perf concern is on server side.

If the deployments using low cost transform hit middlebox issues they will suffer and pay the cost to do PNE.

From: Mikkel Fahnøe Jørgensen [mailto:mikkelfj@gmail.com]
Sent: Thursday, April 12, 2018 3:52 AM
To: Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>>
Cc: IETF QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>; Brian Trammell (IETF) <ietf@trammell.ch<mailto:ietf@trammell.ch>>; Ryan Hamilton <rch@google.com<mailto:rch@google.com>>; Victor Vasiliev <vasilvv@google.com<mailto:vasilvv@google.com>>; Fossati, Thomas (Nokia - GB/Cambridge) <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>>; Kazuho Oku <kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>>; Praveen Balasubramanian <pravb@microsoft.com<mailto:pravb@microsoft.com>>
Subject: Re: Simple transform for improving PN ossification prevention



On 12 April 2018 at 11.05.17, Martin Thomson (martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>) wrote:
The clean per-path packet number doesn't defend against "helpfulness"
of the nature I described. Those problems exist if the signal exists
at all.



True. But these are still the options as I see it. Half-baked obfuscation will only make it worse.

There is the holy grail of fast 32-bit permutations that can be used directly as IV, which are sufficiently safe wrt. privacy, and where the permutation does not depend on the packet content.

The following function is useful to disperse a low-quality hash - it is a perfect permutation. Unfortunately, or fortunately, it can be trivially reversed - see stack overflow article. There are also 64-bit variants, and it could also be just a single multiplication. Martin T. already hinted at something similar in an earlier mail.

The benefit of this over lower octet permutation is that stupid middle-boxes don’t have a chance, while slightly intelligent middle-boxes can use it is loss / reordering signal, and QUIC hardware offload decryptors can use the value unmodified as IV rather than computing the inverse first. From a privacy perspective this is no better than plain sequential numbers.

But it still serves as fingerprinting a given QUIC version. I’d say full encryption or clear text sequential are the only viable choices.





    /* http://stackoverflow.com/a/12996028<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fstackoverflow.com%2Fa%2F12996028&data=02%7C01%7Cpravb%40microsoft.com%7Ca2c88dcbb1514646489e08d5a0637623%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636591271404538121&sdata=VA8DpVcyhVKyWOMKScnhomUQySGb9q3x1rdYKsctwf0%3D&reserved=0> */

    uint32_t x = type_hash;



    x = ((x >> 16) ^ x) * 0x45d9f3bUL;

    x = ((x >> 16) ^ x) * 0x45d9f3bUL;

    x = ((x >> 16) ^ x);

    return x;

v2.23.0 | Report a Bug | By Email