IETF Logo Mail Archive

Re: Expected Client Response to SERVER_BUSY

Kazuho Oku <kazuhooku@gmail.com> Thu, 21 February 2019 01:01 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F21D130F2B for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 17:01:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzQjgc8eSyxd for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 17:01:38 -0800 (PST)
Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07679130F0E for <quic@ietf.org>; Wed, 20 Feb 2019 17:01:38 -0800 (PST)
Received: by mail-lf1-x141.google.com with SMTP id m11so19048874lfc.6 for <quic@ietf.org>; Wed, 20 Feb 2019 17:01:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=urnVeXbAl1LCDlq5RwGgwL2rSuuV9o52GjYYm637GZg=; b=JNIcVPHssbkRhyoitQk+daJocZ+2p2XGxKb+bLVkCxn6yj2RxruuachxpB/BZIoWvC GEXieOC7UKXyiIptqEueImOcywX6CxiMU14iT4GIgHwmMP01bJifqFgVINmBnjMHiKRF 6fUd8vwj8Jd25Sgh48BMDEDYUgwOlDw96LMGoR19ifuqK5OA/6zdsU/FuBnvQgPsMq+q 7Yob8jhynAdR3rIycPn3ezRAwV3y7ro0SRwur7tDNu8VxylwvLdBUs1LUursxWuF5U5n /t34cY3aU1htGwIsDg1SqnwAau/InGk0IV2UfibK1X7x/BeD42o7CdRe636LE6ZTFz/P GHiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=urnVeXbAl1LCDlq5RwGgwL2rSuuV9o52GjYYm637GZg=; b=jla6RT5OwBxZ+T+8dimGYb5VvopLaR/15qvkio8zSakZpvsdNzY0FsPHcOE/0yY+KQ bNUxbhe5pafbzP63W1x4KDEsKLTtGWp5QbhmNJoKT4Sco9CpzhTwMptK1hRDBCZvpjg3 tf9oeuXTAZ/J8b6mHdIHDS1gmjIpTgJvrxDBVwFleIQYyLTsPjSkzYUJXRJCL+igh3f4 0zohhOHR0X6dx2i/FJt2dODWAtK5Ns5EqSSamhzV2B3oYVrMy0zcKx23b4O1uiHt2xRK ywnczgmBtGN/o1xLge/cKl4jshHwV5C+G6zq8HISKyXdj3wv1cI4apEy6glDC+w0UnpI UVew==
X-Gm-Message-State: AHQUAuaywIjGNGkrCjhjjX6mk2SIGoXPO6yJqAaOs+O/zMtFvagUcybe DqyDesVbJ7hmZWdYs4KOyiZC0zG5FV4/CPv7Qx4=
X-Google-Smtp-Source: AHgI3Ia2KZWqYFYL9o0QZqZmr+/h5um2A5AqPzwPokOv1iLJxziU0HGHO+/JsktKIvyS58O9W/IiStMr6tK7SeAZkOo=
X-Received: by 2002:a19:c942:: with SMTP id z63mr21701303lff.162.1550710896251; Wed, 20 Feb 2019 17:01:36 -0800 (PST)
MIME-Version: 1.0
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com> <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net> <CALZ3u+YxHeVuF-27pjO6gGZ__RT7Y9cAx0vE+x-n8vJbWM+L6g@mail.gmail.com> <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com>
In-Reply-To: <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Thu, 21 Feb 2019 10:01:24 +0900
Message-ID: <CANatvzzhNwi+CkUZDtC0wVnjRo_Ef0i2i8Y4ngPRKaDEWW65Qg@mail.gmail.com>
Subject: Re: Expected Client Response to SERVER_BUSY
To: Roberto Peon <fenix@fb.com>
Cc: Töma Gavrichenkov <ximaera@gmail.com>, Christian Huitema <huitema@huitema.net>, Nick Banks <nibanks@microsoft.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/5ZIdpOz0dpFBxWQduUYoDMa2ogE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 01:01:40 -0000

2019年2月21日(木) 5:49 Roberto Peon <fenix@fb.com>:
>
> I believe that the solution to this problem (what a client does when the server is being DoS'd) is inherently out-of-band, and thus not part of the QUIC protocol.
>
> Clients should do whatever they want to do as a response to SERVER_BUSY. We can't make the malicious ones stop, and anything we do to allow non-malicious ones to respond appropriately requires pre-sharing of something, or for the connection to succeed (which is essentially establishing a context for such sharing).
>
> Designing policy around that is probably fodder for another discussion (that I hope we get together and have in the context of the HTTP wg).

I think I mostly agree with Roberto here.

Anyways, the issue is with H3, not QUIC as a transport protocol. HTTP
is unique in sense that it can use either TCP or QUIC as a transport.
We cannot expect every application protocol to have that kind of
property.

And even in case of H3, our conclusion might depend on how the H3
endpoint was discovered. We might argue that it makes sense to permit
the fallback when the H3 endpoint was discovered due to an upgrade
from TCP (e.g. alt-svc). But the situation would be different if the
H3 endpoint was discovered through other means (e.g., extension field
of ESNI record).

> -=R
>
> On 2/20/19, 11:44 AM, "QUIC on behalf of Töma Gavrichenkov" <quic-bounces@ietf.org on behalf of ximaera@gmail.com> wrote:
>
>     On Wed, Feb 20, 2019 at 10:49 AM Christian Huitema <huitema@huitema.net> wrote:
>     > the proposition here allows a middle-box or a man-on-the-side to send an
>     > unencrypted signal and have the client immediately immediately drop the
>     > connection. That does not feel right.
>
>     A man-on-the-side (don't even mentioning a box-in-the-middle) could
>     *always* make a client drop a connection, e.g., by sending a large
>     amount of junk packets towards the client that the client would be
>     unable to correctly handle. It's just a matter of how much harm does
>     that box need to do to the network.
>
>     Any opposite approach I can think of requires to put the private key
>     of the server on a DDoS handling machine or to deploy it onto a DDoS
>     mitigation cloud, which not only increases exposure of the users' data
>     but is also explicitly forbidden in certain countries for companies
>     from certain industries. It's already only narrowly possible to avoid
>     doing so with QUIC (and that already requires either a collaboration
>     between the QUIC library supplier and the DDoS mitigation vendor —
>     which in turn leads to vendor lock — or a reverse engineering-based
>     design), so until we have a v2 which is (hopefully) more LB and
>     DDoS-aware, this is the lesser of two evils.
>
>     --
>     Töma
>
>
>


-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email