Re: Expected Client Response to SERVER_BUSY
Töma Gavrichenkov <ximaera@gmail.com> Wed, 20 February 2019 19:43 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13842130E7E for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 11:43:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 205RuF3FUfjf for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 11:43:28 -0800 (PST)
Received: from mail-yw1-xc32.google.com (mail-yw1-xc32.google.com [IPv6:2607:f8b0:4864:20::c32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4471F130E6A for <quic@ietf.org>; Wed, 20 Feb 2019 11:43:28 -0800 (PST)
Received: by mail-yw1-xc32.google.com with SMTP id q128so9673623ywg.8 for <quic@ietf.org>; Wed, 20 Feb 2019 11:43:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=vmZShSUwoPlGZeDNkSiIj1ZPEOirjJ41lUey0+/ji5M=; b=RCPKvhquKSzjYhv29fn0i3dhd0L9Us8Oa28wUsZuQoKSVq5yKGhVwnfdOWf3ioVab7 xPqB1BTmz0gexvfazX78Wji6CFnkPpUhziwG2QtL1Zy8aRq0xqQu/Ha/f320araTaJ8X AQUrzQtATuI1UK47TswhlCLe6jOgX4yyBTrEfpl9chF9ILJZ9qjs+lGr0P1l5v8K0Fy0 mxSNmuRFh0ZugaiK/XTI5d4yWG+BNyaNRQSTrYyBO0aqs1Dby+38GXuZaw65znKX9bJv PdQlAGOf169HgOUO+SlBm6Zc1irUZmY6nJCVsgjzzfD+bWE/blWDgeJXuBDvcypbarl6 OF0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=vmZShSUwoPlGZeDNkSiIj1ZPEOirjJ41lUey0+/ji5M=; b=mU19VdO8EfujuaNWZ/30ojC3CHL0U970HiY8WHLEt834aeKdFKxNnJwM8UvJPq0XkM /Bl/zOW8xiLOOn4UCryBbRXYFxCCTIe92i3R4n2c/WrmF5pC1cQ2sz5quowC69zAr5rT 0sMRtLmuWyM6hV5CpKyi/w+A+rGH0ocGSdNzAbimNzWWhRNehsP74fgrEtkjCycy1NMa PtTyjgAuNrsFGw98jPcPG3A1qdQX9W4Jyw6id89DyGbla4R76ogkW+8TkoUZRW2wa6hq rSdhpH5bU3SffkBbDIRt/z+W3OmJ1uRrs1mx+ZvYPraWeDav58pNp7fcYODCqbpOREwC MGJg==
X-Gm-Message-State: AHQUAubbC+dnllaRTQn4cK0drkABJzhDdvXPN4gHu3qeMuKiWUwiDgq0 bmagbcJ75Rtdc5YnGO1ng+2T1bd9JJd34VesBlg=
X-Google-Smtp-Source: AHgI3IZOCVgJGsXYFKbLnjE5oMHTTZXXUeFOyxCyoE8vipsDyQoPmmAVveDstYcK/dG1rD+KoPo82jrTsDLH8oy+KMc=
X-Received: by 2002:a81:6b09:: with SMTP id g9mr18003803ywc.255.1550691807100; Wed, 20 Feb 2019 11:43:27 -0800 (PST)
MIME-Version: 1.0
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com> <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net>
In-Reply-To: <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Wed, 20 Feb 2019 11:43:08 -0800
Message-ID: <CALZ3u+YxHeVuF-27pjO6gGZ__RT7Y9cAx0vE+x-n8vJbWM+L6g@mail.gmail.com>
Subject: Re: Expected Client Response to SERVER_BUSY
To: Christian Huitema <huitema@huitema.net>
Cc: Nick Banks <nibanks@microsoft.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/ARZJC44RFic35uFaogAPl4YH9XA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 19:43:30 -0000
On Wed, Feb 20, 2019 at 10:49 AM Christian Huitema <huitema@huitema.net> wrote: > the proposition here allows a middle-box or a man-on-the-side to send an > unencrypted signal and have the client immediately immediately drop the > connection. That does not feel right. A man-on-the-side (don't even mentioning a box-in-the-middle) could *always* make a client drop a connection, e.g., by sending a large amount of junk packets towards the client that the client would be unable to correctly handle. It's just a matter of how much harm does that box need to do to the network. Any opposite approach I can think of requires to put the private key of the server on a DDoS handling machine or to deploy it onto a DDoS mitigation cloud, which not only increases exposure of the users' data but is also explicitly forbidden in certain countries for companies from certain industries. It's already only narrowly possible to avoid doing so with QUIC (and that already requires either a collaboration between the QUIC library supplier and the DDoS mitigation vendor — which in turn leads to vendor lock — or a reverse engineering-based design), so until we have a v2 which is (hopefully) more LB and DDoS-aware, this is the lesser of two evils. -- Töma
- Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- Re: Expected Client Response to SERVER_BUSY Brian Trammell (IETF)
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Christian Huitema
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Roberto Peon
- RE: Expected Client Response to SERVER_BUSY Praveen Balasubramanian
- Re: Expected Client Response to SERVER_BUSY Roberto Peon
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Kazuho Oku
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Mirja Kühlewind
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen