Re: Getting to consensus on packet number encryption
Ian Swett <ianswett@google.com> Mon, 09 April 2018 20:20 UTC
Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 797DE124D37 for <quic@ietfa.amsl.com>; Mon, 9 Apr 2018 13:20:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.81
X-Spam-Level:
X-Spam-Status: No, score=-0.81 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RNBEEK1tgN9R for <quic@ietfa.amsl.com>; Mon, 9 Apr 2018 13:20:22 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CC7A12422F for <quic@ietf.org>; Mon, 9 Apr 2018 13:20:22 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id b20so11149805iof.5 for <quic@ietf.org>; Mon, 09 Apr 2018 13:20:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sZ7yrpGvLPBZKe/m93WCvRlaFe8bDqPPNDWSYvVFOVE=; b=QZHkPDaylZDi9RLmSJqWOaYCGRCHnpSYCYuAHVE6MtwXC43nBOx8ydudNQFZ7jMZR8 xQKeKTUoc+EK9DVUesPJ5fGcRLnh63hXzudk/B6oZvaATXhELywgv87w7L4cK3DKeTRr UuVhavR8UvMX4MsOrpnhdo+JsKW5GHBG2e2RLsNmLU6AbNDICF8p2ZlTB7vU7vG9CF4e tDW8sVOfo8SHV6AwO205PNZ99qLhbs6FH1UyhuNlGu5l3GagIillYVJ+gW7fjNit8XR8 wuNFXvBCuqZWD8PErL+1veK516rNMCutUsXI+z/cRxRA3PwH1Bd5LPJ7VO9EU8DcwYJp mnPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sZ7yrpGvLPBZKe/m93WCvRlaFe8bDqPPNDWSYvVFOVE=; b=SguqNtA26wxUA5mOWNShKpb4yU0GmFxW7bTQFXoc0QQKlyY/o6QHcS3mWvwxOI1PzU Ym3ol0zk0VJsZYopqm2W9fAMApcS/uWJDzJTdH+MeXlkNxwPpwqKzPtDtQAHUMmc6ABF 2QArHFyJT7FmL7y8Z8d0xEVCHxVWTRJpWFXaCghr5sdSC/JTRDqdRqcCL/MhUl3IE7hc zA4vA8LJFVNGeZpaRbFKpDkFBaVTKVOS9DHbJ97/9icw/n/eWdpccDiCsXD6FfM1wm9E xbsNHIOT/ZGNUrTfb7tnePwOPFqIJUHlxnuk9xXdcAZju0+YTCehDPhLAmXbA3XDUKbA Mv4Q==
X-Gm-Message-State: ALQs6tD3kFJQwQmhpVg7hVfh4WM/4Oyl4jmNpP2BNgja2yTmUQUc+7kO RSB0P3knDdHEpV8hirghRxpjW3fs2kNUXo4FYYfCxQ==
X-Google-Smtp-Source: AIpwx4+7vew9dwtEPcBfeEN9hpZnISQuZuVRvt4aNLJkDBEq1gDW7qCHoL7SVMbjoimbuafqhw6Ap3B/xRJ5qd64SJQ=
X-Received: by 10.107.131.83 with SMTP id f80mr476330iod.102.1523305221127; Mon, 09 Apr 2018 13:20:21 -0700 (PDT)
MIME-Version: 1.0
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <CAOdDvNo9QS=CX5YUWK8Lxs_SYX4nEM7OWv2+zB=VGhOX6J-BEw@mail.gmail.com> <CANatvzyo6xz7Kwh=EJ4GExBM35Dpw_=pLsAYiFA==vVBJwhCXw@mail.gmail.com> <CABkgnnV8ya_YdhU1VE+BuiMvuuZOO1-j-2=YHAGbmdE3OMk7Gg@mail.gmail.com> <CY4PR21MB0630A6AA3D38CC10DC29AB79B6BB0@CY4PR21MB0630.namprd21.prod.outlook.com> <9BCB9BA5-A282-445A-B7A1-8F7C539C28F9@mnot.net> <37129F6C-71C2-437D-A6F4-7AC651FDFBE3@trammell.ch>
In-Reply-To: <37129F6C-71C2-437D-A6F4-7AC651FDFBE3@trammell.ch>
From: Ian Swett <ianswett@google.com>
Date: Mon, 09 Apr 2018 20:20:09 +0000
Message-ID: <CAKcm_gMJQC6etfiJ6WnkoyRBrxzZb_k7b81S8y_6D+WWwcx_Lg@mail.gmail.com>
Subject: Re: Getting to consensus on packet number encryption
To: Brian Trammell <ietf@trammell.ch>
Cc: Mark Nottingham <mnot@mnot.net>, Praveen Balasubramanian <pravb@microsoft.com>, Patrick McManus <pmcmanus@mozilla.com>, Lars Eggert <lars@eggert.org>, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
Content-Type: multipart/alternative; boundary="001a113f998a97cddf0569702273"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/3bE_KoECI5LGUwWEHgCzWdRcqvA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 20:20:25 -0000
On Mon, Apr 9, 2018 at 4:36 AM Brian Trammell (IETF) <ietf@trammell.ch> wrote: > hi Mark, all, > > > On 9 Apr 2018, at 04:54, Mark Nottingham <mnot@mnot.net> wrote: > > > > Praveen, > > > > In previous discussions, there's been strong interest in including > connection migration -- in a limited form (for the "parking lot" use case) > -- in QUICv1 (discussed in Melbourne in some detail; see < > https://github.com/quicwg/wg-materials/blob/master/interim-18-01/minutes.md#connection-migration > >). > > > > It looks like the discussion in < > https://github.com/quicwg/base-drafts/issues/1271> about making it > optional and how that gets indicated / negotiated is going nicely. Thanks > for opening an issue. > > > > AFAICT, (at least) two assumptions need to be proven to have that help > the PNE issue: > > > > a) There isn't a linkability issue during NAT rebinding > > Isn't the question we should be asking here "does QUIC with connection > migration disabled (and no PNE) have similar linkability characteristics to > QUIC with connection migration enabled (and PNE)?"? > > I'm still confused as to how PNE is supposed to mitigate linkability > across a NAT rebinding that occurs without client knowledge in the presence > of a server-supplied CID, which seems to me to be the most common NAT > rebinding event type. If it indeed does not, then the linkability > characteristics seem identical to me. > Agreed. It would only be non-identical in the case of 0 byte connection IDs, which I don't believe anyone expects to be common from client to server. > > > > > b) Having two packet number schemes is acceptable to implementers (given > the probable popularity of migration) > > > > I haven't yet seen much discussion of either of these specific aspects. > > > > As an aside -- the other threads about modifications to PNE to make them > single-pass seem extremely promising; I'd encourage folks there to continue > discussions and make a PR. > > +1. Making the design of PNE less problematic for offload and other future > optimizations won't solve the underlying requirements problem (i.e. we are > both treating linkability among 5-tuple flows by a specific on-path device, > the LB, as a requirement to support via CID, as well as a requirement to > mitigate linkability among 5-tuple flows by a all generic on-path devices > via PNE, which is inherently contradictory without a very precise > definition of under which circumstances which requirement takes > precedence). But it will reduce the cost from "probably mostly harmless" to > "almost definitely mostly harmless", which should make the decision easier. > > Cheers, > > Brian > > > > > > Cheers, > > > > > > > >> On 6 Apr 2018, at 2:41 am, Praveen Balasubramanian <pravb= > 40microsoft.com@dmarc.ietf.org> wrote: > >> > >> Love this idea. Expanding it a bit further I don’t think we need to > make PN transform a transport parameter but rather connection migration > itself. We could also simply use QUIC versioning for this. > >> > >> 1. Ship QUIC v1 with no support for connection migration. Servers > behind load balancers that are not QUIC aware will only advertise this > version. I expect this to be a large fraction of servers especially those > hosted in AWS, Azure, GCP. *This is important - I want the group to > acknowledge that servers needs to be able to advertise support for > connection migration*. > >> 2. Ship QUIC v2 with support for connection migration. If a client and > server use this version they MUST do PNE as per #1079. If we find a more > efficient scheme before November then we use that instead. > >> > >> Eventually we will ship QUIV vN which has support for multi-path and we > can revisit if PNE is needed or multiple PN spaces will work. Until then I > can live with higher CPU cost for the fraction of connections that will > migrate. > >> > >> Now there is the ossification problem in QUIC v1 as referred to above. > We already require a random starting PN. The next problem is one that > Kazuho brought up where middleboxes will start seeing strict increasing PN > and try to reorder. I was thinking about short random jumps to fix this > problem but the monotonic increase will remain. While I think sane > middleboxes will not do any reordering, there might be a few crazy outliers > like with TCP. I think we can solve this by making the in clear PN jump > both forward and back within a "reordering degree". I am thinking about > some ideas here and will reply back if I find a simple scheme. > >> > >>>> FWIW, what I got from the info that Praveen and Ian have shared is > that there are enough problems to solve with UDP that worrying about the > performance hit from encryption is premature > >> Martin, we have plans to make UDP screaming fast in software. But the > real advantage for TCP comes from the batch offloads (see email with > subject " Impact of hardware offloads on network stack performance"). Batch > offloads for QUIC are impossible to do without crypto offload. I would be > happy to explain more on this front. I think we will exhaust software > optimizations soon and then get blocked on crypto offload. > >> > >> > >> -----Original Message----- > >> From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Martin Thomson > >> Sent: Wednesday, April 4, 2018 9:36 PM > >> To: Kazuho Oku <kazuhooku@gmail.com> > >> Cc: Lars Eggert <lars@eggert.org>; Mark Nottingham <mnot@mnot.net>; > IETF QUIC WG <quic@ietf.org>; Patrick McManus <pmcmanus@mozilla.com> > >> Subject: Re: Getting to consensus on packet number encryption > >> > >> On Thu, Apr 5, 2018 at 10:57 AM, Kazuho Oku <kazuhooku@gmail.com> > wrote: > >>> It is true that #1079 has issues with hardware crypto offload. I am > >>> happy to support switching to a better encryption scheme (if we find > >>> one) at any moment; e.g., during the standardization of QUICv1, or as > >>> an extension to v1, or part of vX. > >> > >> Until this came up, I hadn't considered the use of an > extension/transport parameter to negotiate a new scheme, but it's obvious. > This fits best with my view of things. > >> > >> If that means that we get the DC-QUIC option that turns the packet > number encryption function into identity or some cheaper function, then I > think that's an OK outcome. We should stop pretending that one size fits > all is achievable; it's not been the case for years already. > >> > >> FWIW, what I got from the info that Praveen and Ian have shared is that > there are enough problems to solve with UDP that worrying about the > performance hit from encryption is premature. > >> > > > > -- > > Mark Nottingham https://www.mnot.net/ > > > >
- Hardware acceleration and packet number encryption Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Subodh Iyengar
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Christian Huitema
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Salz, Rich
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- RE: Hardware acceleration and packet number encry… Swindells, Thomas (Nokia - GB/Cambridge)
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Jana Iyengar
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Watson Ladd
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Re: Hardware acceleration and packet number encry… Mark Nottingham
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Getting to consensus on packet number encryption Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- ECN signaling from userland Re: Getting to consen… Lars Eggert
- Re: ECN signaling from userland Re: Getting to co… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Eric Rescorla
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Philipp S. Tiesel
- Privacy holes (was: Re: Getting to consensus on p… Christian Huitema
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Christian Huitema
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes Gorry Fairhurst
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- RE: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: ECN signaling from userland Re: Getting to co… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Willy Tarreau
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- Re: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Grips in the Wire Image for In-Network State (was… Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes Roland Zink
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Grips in the Wire Image for In-Network State … Martin Thomson
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Privacy holes Ian Swett
- Re: Grips in the Wire Image for In-Network State … Spencer Dawkins at IETF
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Grips in the Wire Image for In-Network State … Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Bona fide loss measurement bits alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- Re: Privacy holes Christian Huitema
- RE: Privacy holes Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Ian Swett
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- RE: Getting to consensus on packet number encrypt… Deval, Manasi
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Erik Kline
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Boris Pismenny
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Salz, Rich
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Jana Iyengar
- RE: [Potential Spoof] Re: Getting to consensus on… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: [Potential Spoof] Re: Getting to consensus on… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Roni Even (A)
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Gorry Fairhurst
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Christian Huitema