IETF Logo Mail Archive

RE: A better way to do conn id?

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 24 January 2018 16:36 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E45D126D0C for <quic@ietfa.amsl.com>; Wed, 24 Jan 2018 08:36:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sxbk36_vBsC4 for <quic@ietfa.amsl.com>; Wed, 24 Jan 2018 08:36:13 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20057.outbound.protection.outlook.com [40.107.2.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 770DA126C26 for <quic@ietf.org>; Wed, 24 Jan 2018 08:36:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=43w7JuISTm9u3WlC03pxZPmLsYofpz3spieh53Kr8bo=; b=llAqpVWMer0NPVJjlIE/2B5orH9964I/uzlc7s2DaxUKxtDKOnXGXp9xWVtfTnrrvUsM90ycq0H5G66lzo2FMrqDizxbD5ykVqW2x0jRG7Uix9wcfScQWjcsx2aEi6EVT2XiwJJcrisRvV/zLwHq9p98CzuiiNlQxWpWUSGwynI=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.17; Wed, 24 Jan 2018 16:36:09 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b%14]) with mapi id 15.20.0428.019; Wed, 24 Jan 2018 16:36:09 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Martin Duke <martin.h.duke@gmail.com>, IETF QUIC WG <quic@ietf.org>
Subject: RE: A better way to do conn id?
Thread-Topic: A better way to do conn id?
Thread-Index: AQHTlNFoMLZkBBKfu0uRpO7W0psJBqODOH5Q
Date: Wed, 24 Jan 2018 16:36:09 +0000
Message-ID: <AM4PR0801MB270652B9DBDB5FBE93E9A6D2FAE20@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAM4esxS4TDf1QwsdrQM1J7NBvTCjNaM0oi3Qm2i6oL0F9b5cnA@mail.gmail.com>
In-Reply-To: <CAM4esxS4TDf1QwsdrQM1J7NBvTCjNaM0oi3Qm2i6oL0F9b5cnA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [217.140.111.135]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 7:HPs/r0S0zEbluVHkrn8XjUnwLHtl7/Mx6rb8snZ6wk/5oIBXsMkKNk7sIZMVYxgTpn7qBJ+11ENUbVkZf6/MZoZ+jfK+/0rs01vZxBPOuqjdQSOxP4vFIP80Yv7zuShimnsxWNhGXABHUhHE7lt/xCOSI2z0lnBj1XKmfVYZ8Fk1yi8Vb8tbj/pgF0M5XFislRzpM2Fs0ZCHuOJXa9lIVR4xqoqycuWFQVCvg8C3EsV7KEXfFO98X0VGH4qgtukR
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8832d655-330e-442c-a7da-08d5634892ee
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(48565401081)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB2707;
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB27071513D092D88D7EC3C099FAE20@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3002001)(3231023)(2400081)(944501161)(10201501046)(93006095)(93001095)(6055026)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB2707;
x-forefront-prvs: 056297E276
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(346002)(366004)(376002)(396003)(39860400002)(40434004)(199004)(189003)(14454004)(106356001)(7736002)(6116002)(2950100002)(86362001)(790700001)(74316002)(25786009)(110136005)(2906002)(66066001)(53546011)(72206003)(316002)(39060400002)(3846002)(478600001)(9686003)(54896002)(6436002)(5250100002)(5890100001)(102836004)(6306002)(55016002)(6506007)(2900100001)(7696005)(68736007)(33656002)(97736004)(6346003)(9326002)(3660700001)(105586002)(5660300001)(81156014)(59450400001)(8936002)(81166006)(99286004)(76176011)(561944003)(6246003)(229853002)(26005)(53936002)(3280700002)(8676002)(43043002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-microsoft-antispam-message-info: Z4QI379/jA0wUCQ5rAAiBTYB6SMUc/TiWE53sePE5sfMejo0afZ3SlGuujx6YoJdvzrAVobOqqOKgFs15N8SYg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB270652B9DBDB5FBE93E9A6D2FAE20AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8832d655-330e-442c-a7da-08d5634892ee
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2018 16:36:09.6389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/7WSUT_GWj3mV3W-MTDFKVrT0wpQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 16:36:19 -0000

Hi Martin,

Your entire story is built on the claim that “variable length conn ids will introduce more complexity in parsers”.

Having implemented parsing of variable length fields in TLS 1.3 extensively last year I have to say that it is not such a big deal, particularly compared to all the complexity found elsewhere (which is also true for QUIC).

In essence you are talking about a few lines of code. Your solution then also requires additional lines of code elsewhere.

Ciao
Hannes

From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Martin Duke
Sent: 23 January 2018 23:09
To: IETF QUIC WG
Subject: A better way to do conn id?

Today's variable-length connection ID discussion made me realize some problems with the current architecture, while the new architecture doesn't fix some of them and creates whole new ones. Issues:

- The client desires unlinkability, but I suspect the market will provide no incentives for servers to work very hard to be unlinkable. There were conflicting "layer 9" arguments that variable conn ID makes this problem worse or better.

- 16 Bytes is more overhead than 8 bytes.

- The severity of this remains to be seen, but variable length conn ids will introduce more complexity in parsers and anything that utilizes the conn id (e.g. handshake key generation). It might make the invariants more complex as well. The whole thing, frankly, makes my head hurt.

I humbly suggest the following proposal might avoid or mitigate some of these problems:

1. Every connection has a long-lived Client-generated Connection ID (CGCID) and Server-generated Connection ID (SGCID). The CGCID is 8 bytes and the SGCID is 16 bytes.

2. The CGCID is used to derive the handshake key. (unchanged from status quo)

3. The initial packet uses the CGCID.  All other handshake packets use the SGCID. This is unchanged from the status quo.

4. All 1-RTT packets by sent by the client use the SGCID. All 1-RTT packets sent by the server use the CGCID. This has two important properties:
           a) The server gets the 16 Bytes of entropy the load balancer needs
           b) The server->client direction, which in the usual case has most of the data, has a lower-overhead CID.

5. The algorithm that generates SGCID MUST have different output given a different CGCID. [We might strengthen this language further: you wouldn't want to simply add the NEW_CONN_ID sequence number to the existing SGCID, for instance].

6. In advance of migration, the client sends a NEW_CONN_ID frame to provide a new CGCID (possibly omitting the stateless reset token). The server MUST respond with a NEW_CONN_ID that provides a new SGCID derived from the new CGCID. All packets on the new path use these CIDs.

If people like this, I can generate a PR. I am very open to various tweaks to the general approach as well. I wanted to get this out there before the variable-length CID team gets deep in the weeds.

Martin Duke


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email