IETF Logo Mail Archive

RE: Exercising Version Negotiation

"Lubashev, Igor" <ilubashe@akamai.com> Thu, 22 March 2018 18:53 UTC

Return-Path: <ilubashe@akamai.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12A49126DC2 for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 11:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1pog2J8wxPU for <quic@ietfa.amsl.com>; Thu, 22 Mar 2018 11:53:48 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA85C126FB3 for <quic@ietf.org>; Thu, 22 Mar 2018 11:53:48 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w2MIq8Tr003865; Thu, 22 Mar 2018 18:53:46 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=OCIcq2csv49QBR6QtwImoD1xhhxFL8EEpRCwi53p23w=; b=bUTxXfJBgLYQnxIgj4Op9azRqdiUwVF1sHDDdon9h7dPT+N2pgxReto81fi19AXQ26/4 tHgPheBhzT9+D7v7/KaG3JvocOY/MCyc5QPakhJrbiC5VRvS+R28421wjFIY/Uzw9zSM nj4tl5PRd9Ec3LsLhKkf/XnyO8xqP51LzvaJJ5gxbAWca+pXH+s33pKDHn/nSP+kt9kC p3eLv+hWILmgGKorAVrCFJIxf56/Ty3gBJ3/eHNNA05eg2telfpNWRQbvebt+sMX2qQ5 +L1zao1lPVJy2NTMlsgapRxj8+klX/lARCqtyrkRUe1rMdRWa4dHinrvwunM4fnMcstW Mw==
Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050095.ppops.net-00190b01. with ESMTP id 2gvh9n85tq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Mar 2018 18:53:45 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w2MIoww7023112; Thu, 22 Mar 2018 14:53:44 -0400
Received: from email.msg.corp.akamai.com ([172.27.25.32]) by prod-mail-ppoint4.akamai.com with ESMTP id 2grxbw192q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Mar 2018 14:53:44 -0400
Received: from USTX2EX-DAG1MB5.msg.corp.akamai.com (172.27.27.105) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.27.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 22 Mar 2018 13:53:43 -0500
Received: from USTX2EX-DAG1MB5.msg.corp.akamai.com ([172.27.27.105]) by ustx2ex-dag1mb5.msg.corp.akamai.com ([172.27.27.105]) with mapi id 15.00.1263.000; Thu, 22 Mar 2018 13:53:43 -0500
From: "Lubashev, Igor" <ilubashe@akamai.com>
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, Subodh Iyengar <subodh@fb.com>
CC: Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>, Roberto Peon <fenix@fb.com>
Subject: RE: Exercising Version Negotiation
Thread-Topic: Exercising Version Negotiation
Thread-Index: AQHTwdXrIKNHYUQfhEaGGwLwqlZA9KPcw2KA//+zk32AAFTKgIAAAPGAgAAHCQD//8PW0A==
Date: Thu, 22 Mar 2018 18:53:42 +0000
Message-ID: <8cc166c2f2d143bf8aa4dc57e3bafdfb@ustx2ex-dag1mb5.msg.corp.akamai.com>
References: <CABcZeBMv5BqZOtgVA2wfqaaGCd94gcNPB9bTXkrvNXXRveU8wA@mail.gmail.com> <BY2PR15MB0775F2D1CDEA831B64491A67CDA90@BY2PR15MB0775.namprd15.prod.outlook.com> <MWHPR15MB18211F884674B6FC01BCD2E9B6A90@MWHPR15MB1821.namprd15.prod.outlook.com> <CABcZeBN8hN7w0NsRBshkhu9vEwiq5_AbaTBBv7arKY5C=yv0oA@mail.gmail.com> <MWHPR15MB1821A942282B917BB786913BB6A90@MWHPR15MB1821.namprd15.prod.outlook.com> <MWHPR15MB18212BAC58BEB251940C11FAB6A90@MWHPR15MB1821.namprd15.prod.outlook.com> <CAKcm_gNYr8VGrxcTQNRfJ3P6=kiCiax6rOCkBw5S3zgS85aUeA@mail.gmail.com>
In-Reply-To: <CAKcm_gNYr8VGrxcTQNRfJ3P6=kiCiax6rOCkBw5S3zgS85aUeA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.152.116]
Content-Type: multipart/alternative; boundary="_000_8cc166c2f2d143bf8aa4dc57e3bafdfbustx2exdag1mb5msgcorpak_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-22_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803220215
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-22_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803220215
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/8q1tV6AxUsthAdVXZyIspDIrE6c>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 18:53:52 -0000

I think technically this is correct that when “the interpretation of a public header [by middleboxes] determined by version”, the middleboxes must be stateful.

However, in this particular case, I see three possible outcomes (if we stick to the London decision).

  1.  Spin Bit text reaches consensus by the time V1 text is ready, and it gets incorporated into V1, so there is no issue.
  2.  Spin Bit “dies in committee” (or is replaced by something very different that we cannot anticipate now), so there is no issue.
  3.  Spin Bit is late for V1, but reaches consensus rather soon after V1 and makes it into V1.1.  In this case, there are probably not many (none) deployed production implementations, and all in-progress implementations will implement V1.1, since it is such an easy change.  So there is no V1 “in the wild”, so there is no issue.


  *   Igor


From: Ian Swett [mailto:ianswett=40google.com@dmarc.ietf.org]
Sent: Thursday, March 22, 2018 5:18 PM
To: Subodh Iyengar <subodh@fb.com>
Cc: Eric Rescorla <ekr@rtfm.com>; IETF QUIC WG <quic@ietf.org>; Roberto Peon <fenix@fb.com>
Subject: Re: Exercising Version Negotiation

I think you were poking holes in my suggestion from this morning :)  And I agree that's an issue.

!Ekr

On Thu, Mar 22, 2018 at 12:53 PM Subodh Iyengar <subodh@fb.com<mailto:subodh@fb.com>> wrote:

Oh sorry i completely misunderstood what you're saying, ignore my previous email.



Subodh

________________________________
From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> on behalf of Subodh Iyengar <subodh@fb.com<mailto:subodh@fb.com>>
Sent: Thursday, March 22, 2018 9:49:53 AM
To: Eric Rescorla
Cc: IETF QUIC WG; Roberto Peon
Subject: [Potential Spoof] Re: Exercising Version Negotiation


My understanding is that your proposal says that the interpretation of a particular bit in the public header is determined by the version, i.e. the server and client will negotiate a particular version if they need a spin bit. What I was saying is that if that is true, the middlebox needs to look at the negotiated version and hence creates the aforementioned concerns.



Subodh

________________________________
From: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Sent: Thursday, March 22, 2018 9:45:14 AM
To: Subodh Iyengar
Cc: Roberto Peon; IETF QUIC WG
Subject: Re: Exercising Version Negotiation

Hi Subodh,

I'm sorry, I'm not following you. I'm not talking about the spin bit here, just about exercising the regular negotiation function.

-Ekr


On Thu, Mar 22, 2018 at 4:26 PM, Subodh Iyengar <subodh@fb.com<mailto:subodh@fb.com>> wrote:

I don't think using version negotiation is as simple as it seems:

  1.  My understanding is that the current draft and the data that was shown doesn't even look at the handshake negotiation and only looks at short headers.
  2.  Short headers have no version. So to use version negotiation correctly as a signal of the spin bit, the middlebox MUST intercept the handshake negotiation.
  3.  Each 5 tuple could potentially have multiple connections and we are apparently designing for that use case, so the middlebox needs to use connection id
  4.  Some implementations are thinking of changing connection ids very frequently, maybe in each RTT.


Given these are we saying that when using the spin version you must not change the conn id per RTT so that the middlebox can observe the spin?



Subodh

________________________________
From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> on behalf of Roberto Peon <fenix@fb.com<mailto:fenix@fb.com>>
Sent: Thursday, March 22, 2018 9:19:57 AM
To: Eric Rescorla; IETF QUIC WG
Subject: [Potential Spoof] Re: Exercising Version Negotiation

Love it. This is a great idea!

I'd suggest being more agressive with deployment,  e.g. recommend that servers negotiate speaking version +1 to more like 50% of the clients, and swap guid/ip mappings to have clients formerly using +1 switch  to -1 and vice versa weekly or so.

-=R



Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone


-------- Original message --------
From: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Date: 3/22/18 5:05 AM (GMT-08:00)
To: IETF QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>
Subject: Exercising Version Negotiation

Following up on the discussion at the mic, I do think it is useful to exercise the VN function, but I don't think it's useful to have those versions be different, because that creates perverse incentives.

Here's what I suggest instead: create two versions (we can call them QUIC v1+i  and QUIC v1-i), each with its own code point [0]. They should be essentially identical except for two trivial differences, intended to ensure that if you screw up version negotiation, you get failed interop.

- The constant in the handshake salt (5.2.2)
- The HKDF expansion constants

I suggest we handle each of these by just inverting the bits.

We would then suggest to people that they somewhat randomize their preferences (e.g., 99% of the time prefer v1+i, 1% of the time prefer v1-i). This will almost always result in matching versions, but will occasionally result in a mismatch, thus forcing us to test VN.

-Ekr

[0] Obviously we can do this for draft versions. We just say that the two versions are
ff0000XX and ffffffXX.

v2.23.0 | Report a Bug | By Email