IETF Logo Mail Archive

Re: Expected Client Response to SERVER_BUSY

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Thu, 21 February 2019 06:15 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA7412F1AB for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 22:15:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.019
X-Spam-Level:
X-Spam-Status: No, score=-1.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vbSrS2JJdjKM for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 22:15:20 -0800 (PST)
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8969F12EB11 for <quic@ietf.org>; Wed, 20 Feb 2019 22:15:20 -0800 (PST)
Received: by mail-pg1-x541.google.com with SMTP id 196so1376169pgf.13 for <quic@ietf.org>; Wed, 20 Feb 2019 22:15:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=w9suIiUtc65oMehoeSJHsfWuBP5WR02lODHziMpw5bs=; b=WoIs6JP3AYOF9xA52Smeq0qouHXRXm/1vg1k1NrOIZHYUXGeU1K2nYB091G8h4SIpo l/Gg+SzIEFmbO7vQW6TwSlMRbRhExu5ayPN9qAUbdeDuzC2dE9roMi9nrgcFjDTLZH2v GP9auneAyiSmtcDCjV6u6asJWIkgDPa5jI+hZk3HR+7G9SgkW19M0xe3YfAsQfNT1nxV WQ2s3vb4U5RwDkiF6ywWHcs6cxP2HYx3IAG5w8AXZzGM38WlPoWc/3A3YM8QL7DhLJL+ sLMDg5QFOxImg4uBvICSsiJWZ12MHGqfjG+ZyGd4WQkoN/V7o9YVdobAgvT/wplkN2cI 41iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=w9suIiUtc65oMehoeSJHsfWuBP5WR02lODHziMpw5bs=; b=fb4R2MbzG6ptTPsg06bbR2TnqleRE07zcgrbF0IWX8P9OLBbRQc7zrvqCkE7QcywSc P4JRQb2MFfmb/751WjIrzBNm79xEUSdKh+KVK22jPE7Si/mj9V+on8L0tBk3/JOhcGZ5 QH38Fd7m0SHwTLu7QQiVakiryFmb+swCow1llqqu+o47yYHkBeIC8T94KzMJ+f+crOOo zCpt+mA8+IwolA7TUPAkcvgEfHOqLeYIPzD9EsajUt9JLERGDfJ55efWfACkBCl/jsS7 Tof3m3me7ylWUA5A2ycaNHEIDSqxOFdGT4xGqhTyvIXud4PhJHYpwtNhAd6Pu2yD7h3e lMpw==
X-Gm-Message-State: AHQUAubzpXN7aFcJ7W19f+UH4avIwtGXxQSq8vxkKgQ0B+d81PIItQdq Q8ocrdgyB+78EZf0z3Yy1Ms=
X-Google-Smtp-Source: AHgI3IaTQ3l7wIhIuq25MWKPrybdlwaLpaVkGoezXSY/d5XoFph1FKOkJuM/e3SFgnQ57xL6MNfdLQ==
X-Received: by 2002:a63:3648:: with SMTP id d69mr24259140pga.314.1550729719736; Wed, 20 Feb 2019 22:15:19 -0800 (PST)
Received: from DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM ([40.101.73.61]) by smtp.gmail.com with ESMTPSA id 33sm21848178pgs.81.2019.02.20.22.15.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Feb 2019 22:15:18 -0800 (PST)
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
To: Kazuho Oku <kazuhooku@gmail.com>, Roberto Peon <fenix@fb.com>
CC: Töma Gavrichenkov <ximaera@gmail.com>, Ian Swett <ianswett@google.com>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Christian Huitema <huitema@huitema.net>, Nick Banks <nibanks@microsoft.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, IETF QUIC WG <quic@ietf.org>
Subject: Re: Expected Client Response to SERVER_BUSY
Thread-Topic: Expected Client Response to SERVER_BUSY
Thread-Index: ATBENDEw3+lgVYjQ4fRx896/dRO/AGdQTDRpQUY1NDJBMXkrPTA5NzcwZ3FfT3UwMEM5MEF6RW5xNTA5ZmJnbjk2ZTgzQjQ5Z1IwMHevkOfuCg==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Thu, 21 Feb 2019 06:15:09 +0000
Message-ID: <DB6PR10MB17663D1D1A04E7337E02CBA0AC7E0@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM>
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com> <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net> <CALZ3u+YxHeVuF-27pjO6gGZ__RT7Y9cAx0vE+x-n8vJbWM+L6g@mail.gmail.com> <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com>, <CANatvzzhNwi+CkUZDtC0wVnjRo_Ef0i2i8Y4ngPRKaDEWW65Qg@mail.gmail.com>
In-Reply-To: <CANatvzzhNwi+CkUZDtC0wVnjRo_Ef0i2i8Y4ngPRKaDEWW65Qg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_DB6PR10MB17663D1D1A04E7337E02CBA0AC7E0DB6PR10MB1766EURP_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/ljLWP0M3uIH2XNXtJA9h74J4l88>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 06:15:24 -0000

Why not deal with this at the DNS layer and work with the designs that are floating?

Other than that I agree with Roberto and Kazuho.


________________________________
Fra: QUIC <quic-bounces@ietf.org> på vegne af Kazuho Oku <kazuhooku@gmail.com>
Sendt: torsdag, februar 21, 2019 2:01 AM
Til: Roberto Peon
Cc: Töma Gavrichenkov; Ian Swett; Mirja Kühlewind; Christian Huitema; Nick Banks; Brian Trammell (IETF); IETF QUIC WG
Emne: Re: Expected Client Response to SERVER_BUSY

2019年2月21日(木) 5:49 Roberto Peon <fenix@fb.com>:
>
> I believe that the solution to this problem (what a client does when the server is being DoS'd) is inherently out-of-band, and thus not part of the QUIC protocol.
>
> Clients should do whatever they want to do as a response to SERVER_BUSY. We can't make the malicious ones stop, and anything we do to allow non-malicious ones to respond appropriately requires pre-sharing of something, or for the connection to succeed (which is essentially establishing a context for such sharing).
>
> Designing policy around that is probably fodder for another discussion (that I hope we get together and have in the context of the HTTP wg).

I think I mostly agree with Roberto here.

Anyways, the issue is with H3, not QUIC as a transport protocol. HTTP
is unique in sense that it can use either TCP or QUIC as a transport.
We cannot expect every application protocol to have that kind of
property.

And even in case of H3, our conclusion might depend on how the H3
endpoint was discovered. We might argue that it makes sense to permit
the fallback when the H3 endpoint was discovered due to an upgrade
from TCP (e.g. alt-svc). But the situation would be different if the
H3 endpoint was discovered through other means (e.g., extension field
of ESNI record).

> -=R
>
> On 2/20/19, 11:44 AM, "QUIC on behalf of Töma Gavrichenkov" <quic-bounces@ietf.org on behalf of ximaera@gmail.com> wrote:
>
> On Wed, Feb 20, 2019 at 10:49 AM Christian Huitema <huitema@huitema.net> wrote:
> > the proposition here allows a middle-box or a man-on-the-side to send an
> > unencrypted signal and have the client immediately immediately drop the
> > connection. That does not feel right.
>
> A man-on-the-side (don't even mentioning a box-in-the-middle) could
> *always* make a client drop a connection, e.g., by sending a large
> amount of junk packets towards the client that the client would be
> unable to correctly handle. It's just a matter of how much harm does
> that box need to do to the network.
>
> Any opposite approach I can think of requires to put the private key
> of the server on a DDoS handling machine or to deploy it onto a DDoS
> mitigation cloud, which not only increases exposure of the users' data
> but is also explicitly forbidden in certain countries for companies
> from certain industries. It's already only narrowly possible to avoid
> doing so with QUIC (and that already requires either a collaboration
> between the QUIC library supplier and the DDoS mitigation vendor —
> which in turn leads to vendor lock — or a reverse engineering-based
> design), so until we have a v2 which is (hopefully) more LB and
> DDoS-aware, this is the lesser of two evils.
>
> --
> Töma
>
>
>


--
Kazuho Oku

v2.23.0 | Report a Bug | By Email