RE: Getting to consensus on packet number encryption

Mike Bishop <mbishop@evequefou.be> Wed, 25 April 2018 22:01 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D69126CBF for <quic@ietfa.amsl.com>; Wed, 25 Apr 2018 15:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJPmfik1MdUK for <quic@ietfa.amsl.com>; Wed, 25 Apr 2018 15:01:44 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0137.outbound.protection.outlook.com [104.47.40.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F2C212D82F for <quic@ietf.org>; Wed, 25 Apr 2018 15:01:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8gZH5UO7PVn1jG4Gt0m3igP+ka4Zju2cMHkCvcSZiJQ=; b=kXvpKx6OGfL6RjxBnIXvLhwdroJFMiCtf92g6U9cP8q4Y/d2nCab0QFulTT0siSic8RxVQ+UY1fmD7LHQUf4YQWxB5bPLvbQU3+GDWHgInQBPQdF2uGTpq1yDccbWf8Fv79RcuNsKUVZ8+MQ4RcEQ/fgpbxloQPBXNizSbh3UKE=
Received: from SN1PR08MB1854.namprd08.prod.outlook.com (10.169.39.8) by SN1PR08MB1791.namprd08.prod.outlook.com (10.162.134.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.15; Wed, 25 Apr 2018 22:01:32 +0000
Received: from SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::dd26:af46:4549:f472]) by SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::dd26:af46:4549:f472%13]) with mapi id 15.20.0696.019; Wed, 25 Apr 2018 22:01:32 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Ian Swett <ianswett@google.com>
CC: Christian Huitema <huitema@huitema.net>, "Deval, Manasi" <manasi.deval@intel.com>, Mark Nottingham <mnot@mnot.net>, IETF QUIC WG <quic@ietf.org>
Subject: RE: Getting to consensus on packet number encryption
Thread-Topic: Getting to consensus on packet number encryption
Thread-Index: AQHTy9GX7TDeC7pGjkeFqjSFMKBzEaPwZ0sAgAC4ugCAAARcAIAAG5CAgAAFCACAAACJgIAAEVkAgACR+YCAB09lAIAFXyIAgAVK+oCAAJlSAIABxdSAgACOHICAB/EyAIACo7YAgABkBYCAAD76gIAAIlew
Date: Wed, 25 Apr 2018 22:01:32 +0000
Message-ID: <SN1PR08MB18545D0554DED1F83862EBFBDA8F0@SN1PR08MB1854.namprd08.prod.outlook.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <047d2ff0-ff8b-64c9-8983-0ecabeb9fea5@huitema.net> <B0F49097-F77A-4831-B68B-4266AA880A86@tik.ee.ethz.ch> <74E2F5C2-66AD-4902-8A4A-E481CC0A015C@fb.com> <75050158-3812-44F1-A01E-D70EED7FDFD6@tik.ee.ethz.ch> <BY2PR15MB0775B4ACF7DB9124E89016F0CDB00@BY2PR15MB0775.namprd15.prod.outlook.com> <c8e60ba4-d6be-c4fc-5bac-d569a28fb4e8@huitema.net> <56CE3592-EB1D-40A3-B1D2-965B238FA402@mnot.net> <ae7a63fe-0a32-893f-aa6b-e8d97b8ba87a@huitema.net> <1F436ED13A22A246A59CA374CBC543998B60C6DD@ORSMSX111.amr.corp.intel.com> <fc57394f-9516-04c0-0846-6d159b14bc9e@huitema.net> <SN1PR08MB1854FD2461597D81BEE31ED6DA8F0@SN1PR08MB1854.namprd08.prod.outlook.com> <CAKcm_gMRPXgCoZ958Oj4_Pnkvmc9a7PgNVS0iae0hCW7bLKqng@mail.gmail.com>
In-Reply-To: <CAKcm_gMRPXgCoZ958Oj4_Pnkvmc9a7PgNVS0iae0hCW7bLKqng@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [38.134.241.6]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1791; 7:dutrBMhOmPu0EFtCnnvGavS343v6DvmCPl1x8KDHMhkYmlhkdVuCsGgFh2BySpGRC5lUgFkfSiuLIWK6b9j51KaAtxO5J3a+kMsHtrNHln3qIMGYqzxncq1Do5Vk0x/6swocK7XVTwRyouz9L2OIjlDYSQrq+0zzPub0tYBoJ+RQy3K+ir854SOtkmqQ2MjLmvneWAs70rnYCNZ5Z+1dX/9jpgwOrq+G4glMsKdSgvy7WIhbZ7Ocbxkpur89EtWb
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1791;
x-ms-traffictypediagnostic: SN1PR08MB1791:
x-microsoft-antispam-prvs: <SN1PR08MB17911159E75E3BB427BD25BDDA8F0@SN1PR08MB1791.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(166708455590820)(211936372134217)(100405760836317)(21748063052155)(228905959029699);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231232)(944501410)(52105095)(10201501046)(3002001)(6041310)(20161123558120)(2016111802025)(20161123564045)(20161123560045)(20161123562045)(6072148)(6043046)(201708071742011); SRVR:SN1PR08MB1791; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1791;
x-forefront-prvs: 06530126A4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(346002)(396003)(366004)(39380400002)(376002)(51444003)(51914003)(13464003)(189003)(199004)(25786009)(86362001)(966005)(74316002)(476003)(186003)(8936002)(11346002)(236005)(54896002)(5250100002)(53936002)(81156014)(81166006)(9686003)(229853002)(7736002)(4326008)(106356001)(6436002)(14971765001)(59450400001)(6306002)(478600001)(6246003)(446003)(33656002)(6506007)(8676002)(55016002)(74482002)(2906002)(6116002)(76176011)(93886005)(6916009)(606006)(5660300001)(102836004)(790700001)(53546011)(99286004)(26005)(14454004)(2900100001)(3846002)(486006)(19609705001)(68736007)(3660700001)(316002)(66066001)(54906003)(105586002)(97736004)(7696005)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1791; H:SN1PR08MB1854.namprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Rj7KN2iNmx5EK+I2N+HWwJ6F3ZfSKvC6O+qJwEVyU5PGK0Abk+e6enO8wl6vchdLBAHvVpEeoZwVeSuZRdWMJZ3JxI1oGLrC5p6uRDWHUNfxPgzrmaStYEwWtOReDZKMAHtvz8ciP4HkbpgLynBO/YgtzytzcxDJNJT1sm8kXyo4D8A3RkengbB/onQ9mQV/
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR08MB18545D0554DED1F83862EBFBDA8F0SN1PR08MB1854namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 660d37a2-d852-45b6-ac61-08d5aaf81ae1
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 660d37a2-d852-45b6-ac61-08d5aaf81ae1
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2018 22:01:32.1151 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1791
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9bD2EWko8qE9CGhYAXKPAfqZy9E>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2018 22:01:47 -0000

I think that’s been suggested before, though we’d need to sort out the details of what that looks like.  I don’t have a particular design in mind.

From: Ian Swett [mailto:ianswett@google.com]
Sent: Wednesday, April 25, 2018 12:57 PM
To: Mike Bishop <mbishop@evequefou.be>
Cc: Christian Huitema <huitema@huitema.net>; Deval, Manasi <manasi.deval@intel.com>; Mark Nottingham <mnot@mnot.net>; IETF QUIC WG <quic@ietf.org>
Subject: Re: Getting to consensus on packet number encryption

Hi Mike,

To clarify, are you suggesting adding a way to disable packet number encryption via negotiation in the v1 spec as well as adopting #1079?  Or would the choice of whether PNE is to be used unilateral, such as a transport param?

On Wed, Apr 25, 2018 at 3:54 PM Mike Bishop <mbishop@evequefou.be<mailto:mbishop@evequefou.be>> wrote:
Yes -- it seems that the biggest objection to #1079 was the difficulty in hardware implementation.  If we're hearing that hardware implementation is feasible at a reasonable cost, then I think we might have a winner.

The CPU cost for a software implementation is still worth considering, and an option to not encrypt is probably reasonable to limit that burden for implementations / use cases that don't care.

-----Original Message-----
From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> On Behalf Of Christian Huitema
Sent: Wednesday, April 25, 2018 3:14 AM
To: Deval, Manasi <manasi.deval@intel.com<mailto:manasi.deval@intel.com>>; Mark Nottingham <mnot@mnot.net<mailto:mnot@mnot.net>>
Cc: quic@ietf.org<mailto:quic@ietf.org>
Subject: Re: Getting to consensus on packet number encryption

On 4/23/2018 6:55 PM, Deval, Manasi wrote:

> I had brought up the issue with PNE several weeks ago as a barrier to hardware offload. After further review, it looks like a hardware offload can implement the PNE at a small cost.
>
> The implementation can modify current HW crypto accelerators to support encrypting a buffer in the first pass and then encrypting packet number in the 2nd pass as already discussed on this thread. The exact requirement (header checksum, packet length encoding) is still in flux so there may be some small variations depending on the accelerator and final algorithm chosen for PNE. Future offload designs can do more to further reduce the overhead.

Thanks for the information, Manasi. I have modified the wiki page describing the PNE issues and alternatives to reflect this new data:
https://github.com/quicwg/base-drafts/wiki/Summary-of-the-PN-encryption-issues-and-alternatives.
With that new information, it appears that PR #1079 is superior to every other alternative.

-- Christian Huitema