IETF Logo Mail Archive

RE: Packet number encryption

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Fri, 09 February 2018 23:56 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82C0120227 for <quic@ietfa.amsl.com>; Fri, 9 Feb 2018 15:56:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnvhMvuDIqiX for <quic@ietfa.amsl.com>; Fri, 9 Feb 2018 15:56:15 -0800 (PST)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0F4E120047 for <quic@ietf.org>; Fri, 9 Feb 2018 15:56:15 -0800 (PST)
Received: by mail-io0-x22a.google.com with SMTP id z6so11471195iob.11 for <quic@ietf.org>; Fri, 09 Feb 2018 15:56:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=6faG7O1r0JhtTsr/7V6RGbv5R0nDMwlZ8cmKWSqZ+Qs=; b=WYRJXheU8czu019v+moZBbNkqd1UmqqWktxtsQDjGKoZiCod5U+DDCZflxyhibNoLA xh43/G3BTzfs9wy5F95kCSU8Zsd4HQ0/V3mDLpD4Snci4j4KFswFv7qVwVyAG2RIy+My EPq1VT48V1C7obd2jMYmIWGRX04TrXGfJD6pT9tu9GU/uwPeZioM29EoA2rFX7bE/2Td qnH6k64As8lR1mykvy+LpO4JrzrEfnqsRIoMbQHlwFh3F6CfUlY+y3DKPLRPl9E8DGOH rApykKI4Eoe+b8wtZawoq/hesBWRV2k/VcQDEqV0pYpniKSd35mtK7jaCcEf2mlPe8w9 d0Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=6faG7O1r0JhtTsr/7V6RGbv5R0nDMwlZ8cmKWSqZ+Qs=; b=UlGSfg+m1es/apQkaeXWROVvvXngv8jHfDY+w6F9dgdZH2dJXz4PNow6xmmugdpNzM 6dxepAaz0Mojzalrlt3v2cH4jK0gbcxoObaavHSqUJfQtvrpEe40XzC7YHL5Dy72XuPR e/NtHzDeCwluq5cdOzdokgogxdRunEcSLljp9cj2uu/8b+xjgUmhUpGZuU3zUlsFcZ4g MPTrZ2BeA3ZtGqeXfovcgu+Dr9Cy6vSgetIhHFePTy7d4CIkCzMPhIfQ2yCzhVZZkgqe E/UcxaouJTiItrwZDH2Pu0D2NzLLH232NzJTtiI3rgorFPnftG2ae+nx0XGGIRMHNfnI 7g2A==
X-Gm-Message-State: APf1xPAI6IPfmc/PA7NrizOWAb/oemLTYNNnAErE44vJysXUBPwe40Do WFZAbuYs6m194/R0/U97Agx8XghmPvVpzebGBUk=
X-Google-Smtp-Source: AH8x226mNq61r5mhFxgCTWMZyVdAZMdZKEY/QKIp88ldQo86mB1mz9Rz5g1+BIsv3t4JKdIR6AP7cNMYyb3MHiBonXs=
X-Received: by 10.107.146.137 with SMTP id u131mr600109iod.96.1518220575087; Fri, 09 Feb 2018 15:56:15 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 9 Feb 2018 15:56:14 -0800
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CAN1APdcrE3zsAJwYLsQ31gAekXAfxL=L_xygv_2ehAEP=2n2EQ@mail.gmail.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <CAGD1bZauKbucs_5n7RQbK8H2HiyfiqpGVEcKreGA6umhMBSFgg@mail.gmail.com> <CABcZeBPNrc-9vANSH02r++p53s6gN4pVB8DMd80nUxOhKTp3dA@mail.gmail.com> <CAKcm_gMvHSBhpUvsQCCkV2_o+d_wchF3R3L6H8mp6nKNaaRmSw@mail.gmail.com> <CY4PR21MB0133CCAA6807469BA983D00BB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <CABkgnnW4xr_YzpsvCxaJJgcQdBTuX=Yv735_sdd4VoMfji8mbA@mail.gmail.com> <CY4PR21MB0133C759D4A08A4988B641B2B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <bdf88936-8edc-d56e-ee59-c9d597058edd@huitema.net> <CY4PR21MB01337C8A700E58B49D90B712B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <119b3276-5799-1cc3-8982-7479171bbf27@huitema.net> <CAOYVs2pi8-NVuS+crNMfjsP-n5upK3=5tPeQ8OSGpOvL6RTrjA@mail.gmail.com> <CY4PR21MB0133A1117B2733BBCF049C5FB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <MWHPR08MB24327A7BB5AE1AE70FE5CDB1DAF30@MWHPR08MB2432.namprd08.prod.outlook.com> <533a0a2e-3a87-b55f-84ce-c52bc03cd81c@huitema.net> <MWHPR21MB0144C68102972A668611E1FCB6F20@MWHPR21MB0144.namprd21.prod.outlook.com> <CY4PR21MB01332141C3563ABBA240C566B6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <CABcZeBNeTT79nd+d7h-KFPpFYxpr5wt1KgwPY=M0_UQpCkKq1w@mail.gmail.com> <CY4PR21MB01337A5E81D8A8A1D7518D97B6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <CAF8qwaBm6DRpS6eUthSMithsbUq-NMNhBND7RaDUFfzP0tAxnQ@mail.gmail.com> <CY4PR21MB0133A4FC7160DA1FABAA291BB6F20@CY4PR21MB0133.namprd21.prod.outlook.com> <1F436ED13A22A246A59CA374CBC543998B58BAD7@ORSMSX111.amr.corp.intel.com> <CAN1APdcrE3zsAJwYLsQ31gAekXAfxL=L_xygv_2ehAEP=2n2EQ@mail.gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Fri, 09 Feb 2018 15:56:14 -0800
Message-ID: <CAN1APddBmwzJPiMRi4OE=h1U6hcZG8Tgt_RgZy9pGAJsj6a-bQ@mail.gmail.com>
Subject: RE: Packet number encryption
To: David Benjamin <davidben@chromium.org>, "Deval, Manasi" <manasi.deval@intel.com>, Praveen Balasubramanian <pravb@microsoft.com>
Cc: Eric Rescorla <ekr@rtfm.com>, huitema <huitema@huitema.net>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05667a11a1470564d0465e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/2l3dlZZhY97T0yNWA4GFYKau3gI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 23:56:17 -0000

On 9 February 2018 at 22.18.18, Mikkel Fahnøe Jørgensen (mikkelfj@gmail.com)
wrote:

If we enumerate each half-path with a path ID PID as a simpler counter
starting at zero, we have a 1-1 mapping from PID to CID. The packet number
PN is then encoded as <PID * 2^32 + nonce counter>. The PN is used
explicitly and implicitly in ACK frames but is never carried directly on
the wire.

Using a segment packet number space can also be used to deal with
optimistic ACK attacks:

Each path is given two connection ID’s which may very just at the lower
bit. Rather than randomly skipping some packet numbers, a few packets could
be sent on the alternative CID. This will introduce gaps but each nonce
range remains gapless which keeps the ACK frame defragmented and avoids
false loss signals. It does required that CID is present on the wire, but
if it is not, a single header bit could be used to imply which of packet
number segments is in use. On its own this is not a very attractive ack
attack solution, but it may be relevant if packet numbers are segmented,
and especially with a v2 multi-path solution.

v2.23.0 | Report a Bug | By Email