IETF Logo Mail Archive

Re: Exercising Version Negotiation

Ian Swett <ianswett@google.com> Thu, 22 March 2018 17:18 UTC

Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E40212EAF2 for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 10:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8q3Yf0dxUjw2 for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 10:18:49 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2759C127599 for <quic@ietf.org>; Thu, 22 Mar 2018 10:18:38 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id 19-v6so12065933itw.3 for <quic@ietf.org>; Thu, 22 Mar 2018 10:18:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aoQT8xyaDKe7vFJ5uKBWII/bK19fKXzA9DhDh1rMCBc=; b=vxl8DZ1mDkibZVAK8FJmW20nZZExvRDs8y4LT4rlRzxoA/PXzMtsLpe7U00eCTM32r pRQZolcZGPq/yWTxGvatRFz7fe/GQYpxwVFnvOUqe6XeENh7WCO5U6C8CE45rAL1KdCd SmyLrfgxrV6zSJtoCtwChAM5w4RiwqhOmrPrvI4IYAP322NBFDgZDr41HbsXUaL4nsTj Iu7/YbCrFHlLWBDMDuU2jK5l7trvztNh2XEqpz2zsgwvanS5dl9nY3+hKXtqYrjSK9kU 2g9s5HbP8F/0HRkfPjp8CvpHma/YabwTacc4YBmZTj5fT4Gzl7his5kYxKhK2bywXz3/ y5IQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aoQT8xyaDKe7vFJ5uKBWII/bK19fKXzA9DhDh1rMCBc=; b=qwBADBziiDs9kTimw+XiNTGQBO/lz/MTeEVwkmg2cTbDCH+rO7A+XtFgK98xgAxwGE O1B4IobRF2EQK3VISnmu1jtOkS1c7sm28wdlFViFScVXnNJbwGLrFCx5LqbeFwV/cRAt wwmGQiePlMgER05wOkeUoPXDhsdWYV5KE3uTEYooM4Ln8HiknvRNErfsFofo7VrxKoru A3EiboinjEroQFylo1Nd7L/Ep7frc/zKiWN8qwtc6LBYaTYXapR35NafAiETnBb6vSCU 1RiA5YSVgr8ePC150U2VIxAKhMWzXoStAe/w413m9oPpYCFst4XgW0yM/UEHDKQV62ED uOig==
X-Gm-Message-State: AElRT7G/4/e00rAgDvFvnU6SkWCOHxYA++hq2CP005AiaEN6pdyGCOZo JVHy8c0nGq2yjE7ikZKQwLN73UkSCHRYUGnn+Aqc0g==
X-Google-Smtp-Source: AG47ELum/GUJ/l394tGM4nK2Hzq7+j3W5/WEZOj6FEZ15GTGUHcULokLWCpFjVAayGyIj9axJjP2UjfN38ZWGE14b98=
X-Received: by 2002:a24:c281:: with SMTP id i123-v6mr7781619itg.146.1521739117275; Thu, 22 Mar 2018 10:18:37 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBMv5BqZOtgVA2wfqaaGCd94gcNPB9bTXkrvNXXRveU8wA@mail.gmail.com> <BY2PR15MB0775F2D1CDEA831B64491A67CDA90@BY2PR15MB0775.namprd15.prod.outlook.com> <MWHPR15MB18211F884674B6FC01BCD2E9B6A90@MWHPR15MB1821.namprd15.prod.outlook.com> <CABcZeBN8hN7w0NsRBshkhu9vEwiq5_AbaTBBv7arKY5C=yv0oA@mail.gmail.com> <MWHPR15MB1821A942282B917BB786913BB6A90@MWHPR15MB1821.namprd15.prod.outlook.com> <MWHPR15MB18212BAC58BEB251940C11FAB6A90@MWHPR15MB1821.namprd15.prod.outlook.com>
In-Reply-To: <MWHPR15MB18212BAC58BEB251940C11FAB6A90@MWHPR15MB1821.namprd15.prod.outlook.com>
From: Ian Swett <ianswett@google.com>
Date: Thu, 22 Mar 2018 17:18:26 +0000
Message-ID: <CAKcm_gNYr8VGrxcTQNRfJ3P6=kiCiax6rOCkBw5S3zgS85aUeA@mail.gmail.com>
Subject: Re: Exercising Version Negotiation
To: Subodh Iyengar <subodh@fb.com>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>, Roberto Peon <fenix@fb.com>
Content-Type: multipart/alternative; boundary="000000000000874bc80568037f89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/3LFJ4NKphXnSB4eH9_sLUvm4tU4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 17:18:52 -0000

I think you were poking holes in my suggestion from this morning :)  And I
agree that's an issue.

!Ekr

On Thu, Mar 22, 2018 at 12:53 PM Subodh Iyengar <subodh@fb.com> wrote:

> Oh sorry i completely misunderstood what you're saying, ignore my previous
> email.
>
>
> Subodh
> ------------------------------
> *From:* QUIC <quic-bounces@ietf.org> on behalf of Subodh Iyengar <
> subodh@fb.com>
> *Sent:* Thursday, March 22, 2018 9:49:53 AM
> *To:* Eric Rescorla
> *Cc:* IETF QUIC WG; Roberto Peon
> *Subject:* [Potential Spoof] Re: Exercising Version Negotiation
>
>
> My understanding is that your proposal says that the interpretation of a
> particular bit in the public header is determined by the version, i.e. the
> server and client will negotiate a particular version if they need a spin
> bit. What I was saying is that if that is true, the middlebox needs to look
> at the negotiated version and hence creates the aforementioned concerns.
>
>
> Subodh
> ------------------------------
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Thursday, March 22, 2018 9:45:14 AM
> *To:* Subodh Iyengar
> *Cc:* Roberto Peon; IETF QUIC WG
> *Subject:* Re: Exercising Version Negotiation
>
> Hi Subodh,
>
> I'm sorry, I'm not following you. I'm not talking about the spin bit here,
> just about exercising the regular negotiation function.
>
> -Ekr
>
>
> On Thu, Mar 22, 2018 at 4:26 PM, Subodh Iyengar <subodh@fb.com> wrote:
>
> I don't think using version negotiation is as simple as it seems:
>
>
>    1. My understanding is that the current draft and the data that was
>    shown doesn't even look at the handshake negotiation and only looks at
>    short headers.
>    2. Short headers have no version. So to use version negotiation
>    correctly as a signal of the spin bit, the middlebox MUST intercept the
>    handshake negotiation.
>    3. Each 5 tuple could potentially have multiple connections and we are
>    apparently designing for that use case, so the middlebox needs to use
>    connection id
>    4. Some implementations are thinking of changing connection ids very
>    frequently, maybe in each RTT.
>
>
> Given these are we saying that when using the spin version you must not
> change the conn id per RTT so that the middlebox can observe the spin?
>
>
> Subodh
>
> ------------------------------
> *From:* QUIC <quic-bounces@ietf.org> on behalf of Roberto Peon <
> fenix@fb.com>
> *Sent:* Thursday, March 22, 2018 9:19:57 AM
> *To:* Eric Rescorla; IETF QUIC WG
> *Subject:* [Potential Spoof] Re: Exercising Version Negotiation
>
> Love it. This is a great idea!
>
> I'd suggest being more agressive with deployment,  e.g. recommend that
> servers negotiate speaking version +1 to more like 50% of the clients, and
> swap guid/ip mappings to have clients formerly using +1 switch  to -1 and
> vice versa weekly or so.
>
> -=R
>
>
>
> Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone
>
>
> -------- Original message --------
> From: Eric Rescorla <ekr@rtfm.com>
> Date: 3/22/18 5:05 AM (GMT-08:00)
> To: IETF QUIC WG <quic@ietf.org>
> Subject: Exercising Version Negotiation
>
> Following up on the discussion at the mic, I do think it is useful to
> exercise the VN function, but I don't think it's useful to have those
> versions be different, because that creates perverse incentives.
>
> Here's what I suggest instead: create two versions (we can call them QUIC
> v1+i  and QUIC v1-i), each with its own code point [0]. They should be
> essentially identical except for two trivial differences, intended to
> ensure that if you screw up version negotiation, you get failed interop.
>
> - The constant in the handshake salt (5.2.2)
> - The HKDF expansion constants
>
> I suggest we handle each of these by just inverting the bits.
>
> We would then suggest to people that they somewhat randomize their
> preferences (e.g., 99% of the time prefer v1+i, 1% of the time prefer
> v1-i). This will almost always result in matching versions, but will
> occasionally result in a mismatch, thus forcing us to test VN.
>
> -Ekr
>
> [0] Obviously we can do this for draft versions. We just say that the two
> versions are
> ff0000XX and ffffffXX.
>
>
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email