IETF Logo Mail Archive

Re: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements

Lucas Pardue <lucaspardue.24.7@gmail.com> Thu, 11 May 2023 15:29 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947EAC05DDC3 for <quic@ietfa.amsl.com>; Thu, 11 May 2023 08:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.844
X-Spam-Level:
X-Spam-Status: No, score=-1.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRhpSAwSWcB6 for <quic@ietfa.amsl.com>; Thu, 11 May 2023 08:29:54 -0700 (PDT)
Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com [IPv6:2001:4860:4864:20::36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EA88C16B5C9 for <quic@ietf.org>; Thu, 11 May 2023 08:29:54 -0700 (PDT)
Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-1962e7284baso2820231fac.3 for <quic@ietf.org>; Thu, 11 May 2023 08:29:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683818993; x=1686410993; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9Xf9/JfdGjJ9XvxhzbLnv3nKqVlLmElpvIJQk6oX33w=; b=pKxMEawzT9qEz/TOI7Iix0o4DT/aRli59sLfvJjc/NGqCc36l2eoyK1PhYCFwF+K+v sSaBAs5kn+ZE+qL+0OhPJx1FqANloZCKmf/zw6J6LdaC5DsYAt7PQNPmpAqVRdTJkBGM BJVY6ThCi/rbgGFApWrsyGKNfSoaXwTRSjnqGX0lY1A44HCTGHUjy1r2PO1x/CFZPlJW yO6pLTEEyex5d1WPyesYX+PsDZpD41XsPR4Csgz3Bi7bU4PDQVUjhsLve2n1bTgbodGF 8Bdk6c9E6BQp7zyVHOI1Qm+5M/8XCGNMzEslwXg2vS3CJzDI7m5/vsSxoYsGZ31bVTYz fE5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683818993; x=1686410993; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9Xf9/JfdGjJ9XvxhzbLnv3nKqVlLmElpvIJQk6oX33w=; b=BaldRw2c7WQ1Ioq0qlZjAtVOV7+R4kg5iOpKwXcUwdevIbe3zbNO/R6K4qYydZkkNq ExQtyRfjA9gBiQeXXqXw56KqDpke4Lo84LfckMOsyDN0PEjyN3qPdJl2ZBEwJYY7WOp0 UYdUkgwo2PvkbBb14iRrLRNrqpBpIZ1N7ELwhxKZLdAHT+8nAGhtbWtdVh6f9YsL2aUK 1asm4MklEPXURvDAWEN7SyU5czQznE/f17Fdie6JxuDrfZ2y3PlEIqm4rkZ4BvQnwFFw hA1HtyA8rq15D5abL1PFk4AOew85WZN1toEpTfkpyADz8rOTlZJR1cTjR4GvrmpSvFDo p0DQ==
X-Gm-Message-State: AC+VfDwvWBrz6PHTIbTfo21G09EOIWHF8sfK72+Omvx4mc+6fdI39bMF xcNoMncrnAu66P9hAVwoUTEbv9f8P3qyL+gmYXCIpyOwcYo=
X-Google-Smtp-Source: ACHHUZ5lYAMoxUPvK5WkRYa9FngQSjdVZS2agOyH+jtzqgsMrkUsm95L5E76hyUdioTHJKR+yuEOCER/Bg359HQ6Aj0=
X-Received: by 2002:a05:6870:90c7:b0:18f:1113:c6be with SMTP id s7-20020a05687090c700b0018f1113c6bemr8271051oab.11.1683818993088; Thu, 11 May 2023 08:29:53 -0700 (PDT)
MIME-Version: 1.0
References: <CALGR9oZxFEXWD5hZZOJB7q+-f766FsjBGBTNjpuc1jyZyucz3Q@mail.gmail.com> <3103CBFB-5112-4FAC-A2F0-5209F52AB288@apple.com> <CALGR9oboNgFo-BA0Sqstog_JFPm+DL545VUSbksgF1chTnZ7VQ@mail.gmail.com> <791fd608-8112-bea7-9e22-5d0b8b9e8b1d@huitema.net> <5cf7edfcdf604f13b7fda36d206babfb@huawei.com> <18d470b2-ccfc-41a3-bbef-a572091502bb@betaapp.fastmail.com> <1cb7ab2a31394a19b20418ca7cd8ebb0@akamai.com> <19ca5d0a04ad4cf89d426e922bdc9edf@akamai.com>
In-Reply-To: <19ca5d0a04ad4cf89d426e922bdc9edf@akamai.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Thu, 11 May 2023 16:29:41 +0100
Message-ID: <CALGR9oZ+jTPHiuaVERuY=957W=kc+YFPU1TaargdPoKQHx1j1g@mail.gmail.com>
Subject: Re: [ippm] QUIC concerns relating to draft-ietf-ippm-explicit-flow-measurements
To: "Lubashev, Igor" <ilubashe=40akamai.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f2febc05fb6ca86a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/6HxIC0jr8SBc7NJiecqudUFgYYQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2023 15:29:58 -0000

Hey Igor,

On Thu, May 11, 2023 at 3:54 PM Lubashev, Igor <ilubashe=
40akamai.com@dmarc.ietf.org> wrote:

> > On Thursday, May 11, 2023 at 10:24 AM Lubashev, Igor wrote:
> >
> > Matrin, the measurements described are not only feasible, but they are
> also
> > feasible without an introduction of any new versions of QUIC.  It just
> takes a
> > regular Transport Parameter negotiation in QUIC v1.
> >
> > See
> >
> https://datatracker.ietf.org/doc/html/draft-ferrieuxhamchaoui-quic-lossbits-03
> >
> > - Igor
> >
> > > -----Original Message-----
> > > From: Martin Thomson <mt@lowentropy.net>
> > > Sent: Thursday, May 11, 2023 6:30 AM
> > > To: quic@ietf.org
> > > Subject: Re: [ippm] QUIC concerns relating to
> draft-ietf-ippm-explicit-flow-
> > > measurements
> > >
> > > On Thu, May 11, 2023, at 19:44, Giuseppe Fioccola wrote:
> > > > I think your concerns about QUIC are reasonable, but they can be
> taken
> > > > into account only for the specific application to QUIC, that would
> > > > eventually be defined in a separate draft.
> > >
> > > I think that Lucas' point is that the draft describes something that
> isn't likely
> > > to ever be feasible.  At a minimum, the draft should be clear about the
> > > conditions that would be necessary to realize this goal.  From what I
> can
> > see,
> > > the conditions involve deploying a new version of QUIC that completely
> > > displaces the existing version of QUIC, which - if not completely
> impossible
> > -
> > > is at least highly improbable.
>
> To expand on this, we mentioned example ways one could implement the
> measurement (including the reserved header bits in QUIC and UDP Surplus
> space; we could have also included my favorite "2 most significant bits of
> IP TTL" but did not) specifically to alleviate concerns that this is nice
> in theory but not feasible in practice.
>
> We also added discussion of Ossification Considerations and Security
> Considerations specifically to alleviate the concerns that this is
> inherently dangerous to the protocols or to user Privacy.  This has been
> prompted by feedback we received from IETF community.
>
> As Giuseppe said, resolving protocol-specific implementation detail or
> anti-ossification techniques is not the goal of this draft.  This draft
> introduces a set of techniques and algorithms.  Adapting them (or, more
> likely, just one or two of them) to specific protocols would be a matter of
> different drafts.  This draft is QUIC-inspired, but it is not QUIC-focused.
>
> If IETF community believes that the draft would be better without any
> reference to potential implementation points, to avoid confusion, I can be
> happy to make the changes (I think my co-authors would not object either).
>

In theory its feasible. In practice the current approach risks burning
those bits if operators read draft-ietf-ippm-explicit-flow-measurements and
start to assume they can look at QUIC packets at any arbitrary point duing
a flow and the bits mean something, or if they can avoid doing hard and
complex work. I think we need to be very explicit and say that on-path
observers hoping to use these bits have to be completely confident in
establishing how those bits are used in each and every individual
connection. That means either determining the precise QUIC version that was
negotiated, or the union of Transport Parameters that were exchanged. The
transport parameters confidence is tricky because of the extensibility and
composability extensions. If the observer doesn't understand an extension
that the client and server are speaking, it could draw the wrong
conclusions about the behaviour of the bits.

We shouldn't assume that on-path observers will understand these nuances of
QUIC. Observers need to be prepared for the situation where that cannot,
and maybe never will know, how the bits in a flow are really being used,
and what to do in such failure conditions. Lets assume operators will act
in good faith and that if we point out the concerns with big "warning
label"s, that's the best we can probably do. That would probably be
sufficient to address my concerns and allow us to proceed.

Cheers,
Lucas

v2.23.0 | Report a Bug | By Email