IETF Logo Mail Archive

Re: [QUIC] QUIC privacy impact

"Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com> Sun, 22 May 2016 17:33 UTC

Return-Path: <michael.scharf@nokia.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 944BF12D0DE for <quic@ietfa.amsl.com>; Sun, 22 May 2016 10:33:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.92
X-Spam-Level:
X-Spam-Status: No, score=-6.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmiTABXwgoLi for <quic@ietfa.amsl.com>; Sun, 22 May 2016 10:33:13 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC84712D10B for <quic@ietf.org>; Sun, 22 May 2016 10:33:12 -0700 (PDT)
Received: from fr712umx4.dmz.alcatel-lucent.com (unknown [135.245.210.45]) by Websense Email Security Gateway with ESMTPS id C8643E70EDE63; Sun, 22 May 2016 17:33:07 +0000 (GMT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (fr712usmtp2.zeu.alcatel-lucent.com [135.239.2.42]) by fr712umx4.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u4MHXA1J013335 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 22 May 2016 17:33:10 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id u4MHW4Rk031268 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 22 May 2016 19:33:10 +0200
Received: from FR712WXCHMBA15.zeu.alcatel-lucent.com ([169.254.7.44]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Sun, 22 May 2016 19:32:31 +0200
From: "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com>
To: Jana Iyengar <jri@google.com>, Ryan Hamilton <rch@google.com>
Thread-Topic: [QUIC] QUIC privacy impact
Thread-Index: AQHRsynFCnTysxHU/0GFj3E4WoIavJ/DSSMAgAAj/ACAALzBAIABBqOQ
Date: Sun, 22 May 2016 17:32:30 +0000
Message-ID: <655C07320163294895BBADA28372AF5D4886201E@FR712WXCHMBA15.zeu.alcatel-lucent.com>
References: <CA+9kkMDkPZC-8YP9FXbWDohVriMO=mYEqGhf7bkdObNob=RNFw@mail.gmail.com> <655C07320163294895BBADA28372AF5D488612F2@FR712WXCHMBA15.zeu.alcatel-lucent.com> <CAJ_4DfTh+Xx5gExs5DU=Lf9drNnOtA0pD8rEqKXnNDC-31pQ9A@mail.gmail.com> <CAGD1bZaFkf=ynqtmmzxZ9jiwNXHWZbvU_vrw41rT7treG_wM-A@mail.gmail.com> <CAGD1bZYM-XMA7gdcRyGxfS538-y+-cdWB4d0xDb0SsTGL=vLDw@mail.gmail.com>
In-Reply-To: <CAGD1bZYM-XMA7gdcRyGxfS538-y+-cdWB4d0xDb0SsTGL=vLDw@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.40]
Content-Type: multipart/alternative; boundary="_000_655C07320163294895BBADA28372AF5D4886201EFR712WXCHMBA15z_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/quic/0jTQX5ATm80H9ftqxh9ReuMjMTg>
Cc: "quic@ietf.org" <quic@ietf.org>
Subject: Re: [QUIC] QUIC privacy impact
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list to discuss QUIC standardization <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2016 17:33:15 -0000

draft-tsvwg-quic-protocol-02 says:

  QUIC connections are identified by a 64-bit Connection ID, randomly
   generated by the client.  QUIC can survive IP address changes and NAT
   re-bindings since the Connection ID remains the same across these
   migrations.

So, can we agree that this statement is very, very vague?

For instance, could I write a QUIC implementation compliant to draft-tsvwg-quic-protocol-02 that e.g. uses a static and a random part of the connection ID, and e.g. stores the static part permanently on the user’s computer? Or, could I pick as a static part the MAC address? The total ID would still be random. I have difficulties to understand how this sort of ID generation would be different from a “clear text super cookie” and what is defined in the reference you provide.

I am sure that this is not what the current QUIC implementation does. But since we are in IETF context, talking about a potential standard, I am concerned what other implementers of a new protocol could do, and what use cases they could find for this ID.

And if there was some interesting use of having an entirely user-defined clear text value at some constant offset in the packet, for a widely used Internet transport protocol, I am pretty sure some implementers would not care about some MUSTs in an RFC saying “please, please, please select every bit in the ID randomly”.

Or do I miss something obvious?

Michael




From: Jana Iyengar [mailto:jri@google.com]
Sent: Sunday, May 22, 2016 5:20 AM
To: Ryan Hamilton
Cc: quic@ietf.org; Scharf, Michael (Nokia - DE)
Subject: Re: [QUIC] QUIC privacy impact

Michael,

Just caught up on the SPUD thread, and I'd like to correct something you said there that I'll quote here for context:
"if there is now a new clear text identifier that just happens to be unique per subscriber. What a great improvement for privacy in the Internet! And even better that it seems compatible with QUIC..."

QUIC's connection ID is NOT unique per subscriber. It's per connection. As I said on the other thread, in the single-path case, it reveals no more informtion than TCP. In the multipath case, it effectively reveals no more than MPTCP, since the ID is used to tie the multiple, using MPTCP parlance, "sub-flows", together. It is possible to consider a different design that uses multiple connection IDs for the multiple sub-flows, but to be clear, that makes this new multipath strictly better than MPTCP at privacy-preservation.

At any rate, I wanted to make sure that we're talking about the same issue. I'll also note that it's plain wrong to use the term "clear text super cookie" in relation to the QUIC connection ID (see https://www.techopedia.com/definition/27310/super-cookie for what I think a supercookie is.)

- jana

On Sat, May 21, 2016 at 9:04 AM, Jana Iyengar <jri@google.com<mailto:jri@google.com>> wrote:

That's a design element that should and will definitely be discussed in the WG.

Specifically this applies to use of connection IDs during multipath, and I expect that conversation to happen when we discuss multipath.
On May 21, 2016 6:56 AM, "Ryan Hamilton" <rch@google.com<mailto:rch@google.com>> wrote:
Definitely.

On Fri, May 20, 2016 at 11:26 PM, Scharf, Michael (Nokia - DE) <michael.scharf@nokia.com<mailto:michael.scharf@nokia.com>> wrote:
Is it planned to discuss potential privacy implications of the „QUIC connection identifier“ (also named “clear text super cookie” on the SPUD list)?

Thanks

Michael


From: QUIC [mailto:quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>] On Behalf Of EXT Ted Hardie
Sent: Saturday, May 14, 2016 1:27 AM
To: quic@ietf.org<mailto:quic@ietf.org>; Jana Iyengar; Christian Huitema
Subject: [QUIC] Draft charter

Howdy,
As part of the BoF preparation, we put together a stab at a draft charter.  It's available as html and markdown on github at:

https://github.com/IETF-QUIC/Charter
I've attached the HTML version as well.
It would be great to have some of the discussion on the list before the BoF.  Comments to the list or issues/pull requests at the github repo are welcome.  We will periodically reflect any issues or suggestion from the Repo back to the list, but this will be manual, so expect some lag.

regards,
Ted

_______________________________________________
QUIC mailing list
QUIC@ietf.org<mailto:QUIC@ietf.org>
https://www.ietf.org/mailman/listinfo/quic


_______________________________________________
QUIC mailing list
QUIC@ietf.org<mailto:QUIC@ietf.org>
https://www.ietf.org/mailman/listinfo/quic

v2.23.0 | Report a Bug | By Email