Return-Path: <ted.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 67FA512049D
 for <quic@ietfa.amsl.com>; Fri, 12 Apr 2019 09:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id segD-yYDdYDT for <quic@ietfa.amsl.com>;
 Fri, 12 Apr 2019 09:50:16 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com
 [IPv6:2607:f8b0:4864:20::d2f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id E5EF7120816
 for <quic@ietf.org>; Fri, 12 Apr 2019 09:50:15 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id p16so9065811iod.2
 for <quic@ietf.org>; Fri, 12 Apr 2019 09:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=7VLwicLWuiUjEpoZ2pwbTpByE268MCK5CPM4uK4ekQ4=;
 b=Fs75l9NImYXfrxKIpmSUaLq3CBSjv0y+OfXHazFq19XbbFstUbAdAqDx19Ie6oHNEZ
 CYACoTlr0mYhTsbBeB2itm8kNLh4zeRu9hwQf3A5FRa8ESw3QCMIuFEVmHd1hXxFuW4a
 4frSRfjNTY3ha/YlelLjapJYqJjruBKg6ITrYxZnnCiAiSFgGl3DbJAmdpBvpc6ufMN9
 3+nMhx5CdC7ofMQOX9Nxv08Y67EZ0D2CwPyEnizoDdf8d3QChOTSN8gNpaDuiSyK5UES
 u8MNzZKhx48MeIC2Or9mojWorTzc2Qjc4parPEDZwGCsv8kGdsmM6OcCaET5h3WPcO2H
 Nc4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=7VLwicLWuiUjEpoZ2pwbTpByE268MCK5CPM4uK4ekQ4=;
 b=DBVRe9Fo7DEF+wF44Fah4EdjhHSpHhAzGtUL6qZI+EkN2hlcSTSTeokqlgzdpPxj7Y
 E/FEbXgjzp2BlYyvoVo3WW0nSIG/twVnrG2CvjaFiBPe9nmuqxTxVAIfw1H3CdlzmhVJ
 UoXXgWecofoM6x04p20Ngq/U+rkX+lfacp4jLLoBFac0WHMQRsEbcKzvpxR/25clwjJH
 TRHCV6ID/HeSTQ/gR1EWJmQoOkv38axzHFJZXlxhH0o6XBaC3L8h78UTUZzCU3JHJhig
 lS5JTHCLOwGHMgk83dsyMiwNNUsiSbDOxZlHWhHRr+5PJbnZDhezebBGxdqsguUfCgvp
 xeAQ==
X-Gm-Message-State: APjAAAU3yT3LJqD9HELnrYUSH/3mOjrcSg4Fg4m/JMRW0pNEOuFmDcEl
 W+tqFmBIKzvFwkU7tUOQJ/gh6+hWF21A7eoOWeM=
X-Google-Smtp-Source: APXvYqysyhQnpanflSqcTluRWTMZu2luE7rH7pGOShbCpZnz8LyGNxXDpEdq+mpT9LrRBFm/N6mnWF3XcQlDW0Z+ldo=
X-Received: by 2002:a6b:e50a:: with SMTP id y10mr16244042ioc.91.1555087815078; 
 Fri, 12 Apr 2019 09:50:15 -0700 (PDT)
MIME-Version: 1.0
References: <b7b46d7e-9dbc-6bf1-d711-77a6f9867aad@informatik.uni-hamburg.de>
In-Reply-To: <b7b46d7e-9dbc-6bf1-d711-77a6f9867aad@informatik.uni-hamburg.de>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 12 Apr 2019 09:49:48 -0700
Message-ID: <CA+9kkMBn6XNRFnFaTh=iPMk8G4KgMutJJj=R8h_FGoo3vw5v1g@mail.gmail.com>
Subject: Re: QUICker connection establishment with out-of-band validation
 tokens
To: sy@informatik.uni-hamburg.de
Cc: QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cffaa50586581868"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/44wuA0fZSvnmv2Yg5BdEsQxe_X0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>,
 <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>,
 <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 16:50:23 -0000

--000000000000cffaa50586581868
Content-Type: text/plain; charset="UTF-8"

I would like to suggest that the Chairs rule this out of scope for the QUIC
working group to consider during the completion of v1.  Given where we are
in the process, taking on the security and privacy analyses required will
not be a short or simple exercise.

To give a flavor of the analysis required, consider this from the proposal:

To save a round-trip time via the proposed out-of-band tokens, the client
> needs to receive the token before sending the connection request to the corresponding
> QUIC server. Furthermore, clients usually do a domain name query to look
> up the source address before they send their connection request. Thus,
> DNS seems to be a suitable place to distribute out-of-band tokens as the
> connection request often directly follows the corresponding DNS lookup
>

First, this proposal contains major assumptions about the DNS interactions
that would appear to run counter to DNS caching semantics and, more
generally, its distribution by recursive resolvers.  While it might be
possible to overcome the implied limitations by the use of short TTLs and
very aggressive use of EDNS client-subnet, the performance impact of doing
so would be unknown and the privacy implications appear to be poor.
Second, it requires a level of trust between the resolver operator and the
entity generating the tokens that is near total, acknowledged in the draft
here:

Note, that to construct valid out-of-band tokens, the resolver needs to be
> trusted by the server hosting the specific domain name. Thus, the
> respective server operator shared in advance the instructions and the
> secret keys required to generate valid tokens for this domain.
>

There are many additional questions raised by the proposal, including when
to consider including the novel RR as additional data, the interaction with
DNSSEC, and the potential need to use a STUN-like service to get a view of
the IP as it will be seen by the QUIC-speaking server.

I appreciate the work of the authors to consider out-of-bind distribution,
but I do not believe this proposal should be considered by the working
group at this time.

regards,

Ted Hardie
(wearing no hats)


On Fri, Apr 12, 2019 at 7:18 AM Erik Sy <sy@informatik.uni-hamburg.de>
wrote:

> Hi folks,
>
> I suggest introducing out-of-band validation tokens to save a round-trip
> time during QUIC's connection establishment.
> These tokens can be distributed via DNS resolvers or other QUIC servers
> and can avoid up to 100% of stateless retries during connection
> establishments.
> Below is a detailed description and evaluation on performance, security,
> privacy and scalability of this proposal:
>
> https://svs.informatik.uni-hamburg.de/publications/2019/2019-04-12-Sy-preprint-QUICker_connection_establishment_with_out-of-band_validation_tokens.pdf
>
> Best,
> Erik
>
>

--000000000000cffaa50586581868
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I would like to suggest that the Chairs rule this out=
 of scope for the QUIC working group to consider during the completion of v=
1.=C2=A0 Given where we are in the process, taking on the security and priv=
acy analyses required will not be a short or simple exercise.</div><div><br=
></div><div>To give a flavor of the analysis required, consider this from t=
he proposal:</div><div><br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex"><div><span style=3D"font-size:16.6043px;font-family:sans-serif"></s=
pan><span style=3D"font-size:16.6043px;font-family:sans-serif">To  save  a =
 round-trip</span><span style=3D"font-size:16.6043px;font-family:sans-serif=
"> time via the proposed out-of-band tokens, the client needs to </span><sp=
an style=3D"font-size:16.6043px;font-family:sans-serif">receive the token b=
efore sending the connection request to the </span><span style=3D"font-size=
:16.6043px;font-family:sans-serif">corresponding QUIC server. Furthermore, =
clients usually do a </span><span style=3D"font-size:16.6043px;font-family:=
sans-serif">domain name query to look up the source address before they </s=
pan><span style=3D"font-size:16.6043px;font-family:sans-serif">send their c=
onnection request. Thus, DNS seems to be a suit</span><span style=3D"font-s=
ize:16.6043px;font-family:sans-serif">able  place  to  distribute  out-of-b=
and  tokens  as  the  connection</span><span style=3D"font-size:16.6043px;f=
ont-family:sans-serif"> request often directly follows the corresponding DN=
S lookup</span></div></blockquote><div><br></div><div>First, this proposal =
contains major assumptions about the DNS interactions that would appear to =
run counter to DNS caching semantics and, more generally, its distribution =
by recursive resolvers.=C2=A0 While it might be possible to overcome the im=
plied limitations by the use of short TTLs and very aggressive use of EDNS =
client-subnet, the performance impact of doing so would be unknown and the =
privacy implications appear to be poor.=C2=A0 Second, it requires a level o=
f trust between the resolver operator and the entity generating the tokens =
that is near total, acknowledged in the draft here:</div><div><br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex"><div><span style=3D"font-siz=
e:16.6043px;font-family:sans-serif">Note, that to construct valid out-of-ba=
nd tokens, the resolver </span><span style=3D"font-size:16.6043px;font-fami=
ly:sans-serif">needs to be trusted by the server hosting the specific domai=
n</span><span style=3D"font-size:16.6043px;font-family:sans-serif"> name. T=
hus, the respective server operator shared in advance </span><span style=3D=
"font-size:16.6043px;font-family:sans-serif">the instructions and the secre=
t keys required to generate valid</span><span style=3D"font-size:16.6043px;=
font-family:sans-serif"> tokens for this domain.</span></div></blockquote><=
div><br></div><div>There are many additional questions raised by the propos=
al, including when to consider including the novel RR as additional data, t=
he interaction with DNSSEC, and the potential need to use a STUN-like servi=
ce to get a view of the IP as it will be seen by the QUIC-speaking server.=
=C2=A0 <br></div><div><br></div><div>I appreciate the work of the authors t=
o consider out-of-bind distribution, but I do not believe this proposal sho=
uld be considered by the working group at this time.=C2=A0 <br></div><div><=
br></div><div>regards,</div><div><br></div><div>Ted Hardie</div><div>(weari=
ng no hats)<br></div><div>=C2=A0</div></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, Apr 12, 2019 at 7:18 AM Erik =
Sy &lt;<a href=3D"mailto:sy@informatik.uni-hamburg.de">sy@informatik.uni-ha=
mburg.de</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex">Hi folks,<br>
<br>
I suggest introducing out-of-band validation tokens to save a round-trip ti=
me during QUIC&#39;s connection establishment.<br>
These tokens can be distributed via DNS resolvers or other QUIC servers and=
 can avoid up to 100% of stateless retries during connection establishments=
. <br>
Below is a detailed description and evaluation on performance, security, pr=
ivacy and scalability of this proposal:=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=
=A0<br>
<a href=3D"https://svs.informatik.uni-hamburg.de/publications/2019/2019-04-=
12-Sy-preprint-QUICker_connection_establishment_with_out-of-band_validation=
_tokens.pdf" rel=3D"noreferrer" target=3D"_blank">https://svs.informatik.un=
i-hamburg.de/publications/2019/2019-04-12-Sy-preprint-QUICker_connection_es=
tablishment_with_out-of-band_validation_tokens.pdf</a><br>
<br>
Best,<br>
Erik<br>
<br>
</blockquote></div>

--000000000000cffaa50586581868--