IETF Logo Mail Archive

RE: QUIC ossification

Mike Bishop <mbishop@evequefou.be> Mon, 04 March 2019 19:01 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93F66130DEA for <quic@ietfa.amsl.com>; Mon, 4 Mar 2019 11:01:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdX5zl71rJNu for <quic@ietfa.amsl.com>; Mon, 4 Mar 2019 11:01:35 -0800 (PST)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690118.outbound.protection.outlook.com [40.107.69.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56181126C15 for <quic@ietf.org>; Mon, 4 Mar 2019 11:01:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sVz0CsHZiHl3Y6Vvoj7Q3ZU42oy3RPgfjfGxeDKirYk=; b=aeCedeIcNNNYYjWJVxRCNbnOPQTr1tsZdHYTvrfg4fJFRMkHJR84ZCUUo6XOnh12NeE5YNCinpsK1FRAZm0YeE8KO3kJjbY2zNBAEFD5lF0K7K5X0foGZiwdGwGPzcV4XEN+90J0fmVBiS3NXIW2k024jcukZqjNi3rKY4vQ8Z0=
Received: from CY4PR22MB0983.namprd22.prod.outlook.com (10.171.164.151) by CY4PR22MB0837.namprd22.prod.outlook.com (10.171.164.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.20; Mon, 4 Mar 2019 19:01:32 +0000
Received: from CY4PR22MB0983.namprd22.prod.outlook.com ([fe80::76:e309:d27f:23e6]) by CY4PR22MB0983.namprd22.prod.outlook.com ([fe80::76:e309:d27f:23e6%2]) with mapi id 15.20.1665.019; Mon, 4 Mar 2019 19:01:32 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Martin Duke <martin.h.duke@gmail.com>, Roberto Peon <fenix@fb.com>
CC: Jana Iyengar <jri.ietf@gmail.com>, QUIC WG <quic@ietf.org>, Martin Thomson <mt@lowentropy.net>, Kazuho Oku <kazuhooku@gmail.com>
Subject: RE: QUIC ossification
Thread-Topic: QUIC ossification
Thread-Index: AQHUwxikpkoFMiv1H0edotsvCAcFS6Xcr5EAgAAK3YCAACEsAIAAAikAgAELLICAAArqgIAABPsAgAAA14CAAAMfgIAACY0AgABAYACAAAfzgIAAPEaAgAAKFoCAABbCAIAAAY+AgAACigCAAArcAIAABcEAgAAOGgCAAPW8gIAAAEPAgAAELICAAEVOAIAAAJCAgAABYACAAAEOgIAAAnkAgAAWogCABlgSgIAAzZ0AgAB6aYCAAAFDAIAAAM6AgACA9oCAAAFdAIAC+AOAgAAbZQCAAQTLgIAAGYYAgABCDoCAAQBqAIAAWGiAgAAeooCAAq9TgIAHEO2AgAP0XiA=
Date: Mon, 04 Mar 2019 19:01:32 +0000
Message-ID: <CY4PR22MB098312213219DB42B4A3984ADA710@CY4PR22MB0983.namprd22.prod.outlook.com>
References: <f76aa399-f35d-46c5-b6a7-043d8704a90e@www.fastmail.com> <CACpbDcf_temqJ3EesvboKt280m-TEucMqa-NpYW7-UC5r0p1mQ@mail.gmail.com> <783327C4-3877-48F4-A41A-5987458C39B7@fb.com> <CACpbDccFRWeSYFGu7cjdsrWAnE_6KbhpPMZJ9kzN1KviAfEGJQ@mail.gmail.com> <067D562F-AC7C-463D-9C4D-D5ECF4D50FC9@trammell.ch> <C9BC63FD-9BE2-47B8-8D1C-EC27CEDF4D42@trammell.ch> <CACpbDcf+eE_bO4ZN3vjBmrrJ2oB4-yCZ2WVEX6vkxjKJOmk6ww@mail.gmail.com> <CAAedzxqD8UL39vaxRrugLZR38hXPK9gB8PqPi=kmG2D=eUpcmg@mail.gmail.com> <DAC9E580-909C-4E9E-82E0-A6AB22CADA24@fb.com> <50fa8e3a-a997-4c09-ba38-b8cdcde3b27c@www.fastmail.com> <d9b2ed51-a231-26e7-7ee8-08527b5fbfb1@huitema.net> <31aec777-de1e-45d2-a27f-590c73bc71b9@www.fastmail.com> <CACpbDcerks0aeVUa_6Hx3GBrRYup_7zdQdxHY7zt8pkgdY+Pcg@mail.gmail.com> <CANatvzxQ=e2Xsmn5E=D7BkGP1xFGcNmfGFWCEfFWWba_K0N8-Q@mail.gmail.com> <A44D7150-1AAB-41DE-AE0A-2A8FA1158F53@fb.com> <CAM4esxRbCNsEmtco7oVxqhi2jxfCiQJn+zdb5SteiugVWqw6sA@mail.gmail.com>
In-Reply-To: <CAM4esxRbCNsEmtco7oVxqhi2jxfCiQJn+zdb5SteiugVWqw6sA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [38.134.241.6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 19528223-c428-4805-2cb8-08d6a0d3d105
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:CY4PR22MB0837;
x-ms-traffictypediagnostic: CY4PR22MB0837:
x-microsoft-antispam-prvs: <CY4PR22MB083752C64FAB3DCD5218BD11DA710@CY4PR22MB0837.namprd22.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(136003)(346002)(396003)(39830400003)(189003)(199004)(486006)(6436002)(71200400001)(71190400001)(3480700005)(256004)(6306002)(14444005)(93886005)(236005)(74482002)(55016002)(54896002)(9686003)(229853002)(221733001)(54906003)(5660300002)(52536013)(97736004)(316002)(110136005)(106356001)(2906002)(561944003)(66066001)(33656002)(53546011)(6506007)(99286004)(8936002)(4326008)(508600001)(26005)(790700001)(3846002)(6116002)(7736002)(186003)(25786009)(68736007)(14454004)(7116003)(81166006)(105586002)(53936002)(6246003)(7696005)(76176011)(446003)(74316002)(476003)(86362001)(8676002)(11346002)(81156014)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR22MB0837; H:CY4PR22MB0983.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-exchange-diagnostics: 1;CY4PR22MB0837;23:BIrCmkcbRFRJWvrVrPtOHeNApKqEfBMjnhESql8vBrYjVSt54VWkGMWH6ZEYeyIbpOZ+GwRxGEgsAUPHyyJSQ9c9bGteSxBBxVwqbGCjpERKWwFbCZGDad2V+HfmP1PntDlj3696t7hzVuT8FbvLKfkfE3TF9NUDrzMSMfF2lAGr+WCFSKr7ocW0XggEWag8Gv0xhfUHbCpQvx6cpBGRB4g9ThXJpxWnhxLCGz/26jWquiDMb5YTfWeU/czUFSPpbbMHZ/uE/4oeGDwpcPOh5/L/o61y/2TPGCB4OLegEWuYfYU3C/VNcDpUMG05XWfASohwCx0xTcCPlMAmSqmD/PlQp8ZTJyOAaO5imZzT5bjbKwK/ZNmwHcf0L80GjyHY6yTtLlROg2cZUPxp+bh3E915Hl8c1dMPA036VjYfnLFDGxqDGsgaYARrsRfIrJ5UXIaCxIiE8VQgu/LXTT7Fdlrmu9Ayc8lT6ym0gtFbIOj0uypTwf918N3aX8u/7M/lg31ASBs3q7wLcpTENW3Sll6rrHxGZj2XgQZutUeMqJL2d+KZ/hEH+hYrGXxuAv51Muno5kWvWq/ktgfcYKUkt1+A4zfwx5JzqxH2bw6+fyt1S2IySFLdj9uWgodlHgPzFK6UCc1I+MxHPmljXVwUgZpnSgKVbaBNeghQuduzyvcp2h7gKxceUTSih1BYdLthjSOzbxBhOwqsJI91I3DzlQzw36iumuqp9+2nCXMbCo1BNiGlQ7lV69TXhY8gF5a5b0l0Zruo+oUFQTzXSTW5Esx2ovRCcqIuNazvzNdiOusTUrFrgb7IWSxih5q5g3yVGZPFmm8JkKoGYsYTpknyJShEwHUq5q9925qfgGf2Sl7mywQWA7A+0aYQXGy7cimAr9RpBCRu5PLM3IoO4UpUaC9JOL525qaaF3gTgDsSYVghgzqvlAJN6DsSXiemlfD2MXk/B8s9+czBzo1U5Gl6NCr8JIpJUwr2ecz8UWPZHI0AWbz+C3hm6bqSLWiczeYEhFtpkTDICNZHWiq/DAs1kn3n6VN3i8qcH/cMPnb2Dfv+RhAc15i2Yu0qFbPxkky2Oe7lsc0TTtv4f6r+8f+hxtMmA03yVCaMyqTMRxdsRv2eogESZPxH2zAeOTKQlMAJ27Pv2vEw6dHtmtJBEn1LSbACOeuskLxWlHOrhE6vVNQ9LE/hGLzSdKSVd82EMbcUumUSIPPR5ClGRPF2813CYVvs7RWR0tEE3Y8MsthXJohXJ/L7kUpvo8GQpVBTMdCGkpFEblFyrwYW7CHC4iOLGletvvf+Ke+amWV4yUgLBl1kZtmNGBj4ludEagREBu3R1EghOzXDtwtDe4m8YreT58xU5SSSyW90007CinkQ0oiMAqgEmETtt+8r2kBaTypvYrrCppd9XGzbhZebgudHuKbJ9FfxmVgGQmtMo9QAoZQ=
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uW0u6vP2Vr9HyL0BBUcfeDxbvHtaja7BSQUTIDoiSGAliz9Kf2o/9zBsQK0L0cV/KLv/v/hnruU7a8aCjfzkWDi1SRrVsaXUnuYENvnY3J6YjupJETOgLnZxKZdbUyhqTSTSoO4PR9h7wERrMOVsltI+u+W04yvprr/Q3ZxqeE1qFZ53j+wXPXotH/p2N5GOD/cT8Bxg2wcDMSeqz/yfG/7lmGVoS9p8EVawyIXYgq8RQ2gRFOt0zi9YqxtgBU+9mmFSowpcoWo4Lo+rQjBmHx7PKlu2YdJLh5LdWeZDLd+b/gQPupFLNvHl6Kcjy8oK8pY7m8Fh3IPw/NHD0W3UYY83UY8F79kCE8JfHd83G4Kb+j/1i38n1in4iB0NHDTGWkh65UmhUSesh2Lo6f7zN82TSJBK+45L9R6wrZ3Px6A=
Content-Type: multipart/alternative; boundary="_000_CY4PR22MB098312213219DB42B4A3984ADA710CY4PR22MB0983namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 19528223-c428-4805-2cb8-08d6a0d3d105
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 19:01:32.3283 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR22MB0837
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/5ggH33qHwnNLfuo52L1MGaUMjtg>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 19:01:39 -0000

As Roberto said, that’s a threat model question.  I wouldn’t call that “obfuscation”; it’s simply ossification.  TLS 1.3 was able to observe that middleboxes were looking at the (second) version field, and decided to abandon it and create a third version field.  Eventually, something will be updated to look at that field, and some future version of TLS will quite possibly require a fourth version field while retaining the first, second, and third as fixed values for all time.

This brings to mind Raymond Chen’s articles about the layers of undocumented regkeys that can’t be modified because someone took a dependency; so they create a new one, and then someone takes a dependency on that; and so forth with a new iteration in each release of Windows.

From: QUIC <quic-bounces@ietf.org> On Behalf Of Martin Duke
Sent: Friday, March 1, 2019 10:21 PM
To: Roberto Peon <fenix@fb.com>
Cc: Jana Iyengar <jri.ietf@gmail.com>; QUIC WG <quic@ietf.org>; Martin Thomson <mt@lowentropy.net>; Kazuho Oku <kazuhooku@gmail.com>
Subject: Re: QUIC ossification

When starting this thread, I wasn't thinking so much about Jana's unfortunate experience, so much as the fact that TLS 1..3 pretends it's TLS 1.2. I don't know the details of that process, but wonder if there's something the TLS designers might have done differently. The idea of a "security" device rejecting TLS versions that presumably provide more security is even more perverse than blocking future QUIC versions.

Interestingly, a little obfuscation (hiding TLS version later in the hello) seems to have solved this problem. So I think there's a case that obfuscation isn't worthless. The logical end of the "obfuscation is worthless" case is that we should just get rid of the version field and design something buried in the TPs or something..

On Mon, Feb 25, 2019 at 10:27 AM Roberto Peon <fenix@fb.com<mailto:fenix@fb.com>> wrote:
You'd certainly get agreement that the only way to prevent things from reacting/recognizing to something is to make it unrecognizable as that something.

So, in the long-term we want some combination of encryption (bytes unrecognizable) and pattern/timing obfuscation. I'm sure we'd all be happy if we could have this tomorrow and thus apply to V1, but it seems unlikely.

If that is true, then for V1 the question is what potentially imperfect thing could we do that gives us the breathing room to get to V2, which could/should have the more perfect and more robust (likely encryption-based) solution?

The answer to that depends on our shared understanding of the threat model.

My understanding is that we're worried about accidental pattern-matching based "threats"-- i.e. protecting against assumptions that a particular range of bits in a particular place indicate the presence of QUIC.

-=R

On 2/23/19, 5:27 PM, "QUIC on behalf of Kazuho Oku" <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org> on behalf of kazuhooku@gmail.com<mailto:kazuhooku@gmail.com>> wrote:

    2019年2月24日(日) 8:37 Jana Iyengar <jri.ietf@gmail.com<mailto:jri.ietf@gmail.com>>:
    >
    > On Sat, Feb 23, 2019 at 10:21 AM Martin Thomson <mt@lowentropy.net<mailto:mt@lowentropy.net>> wrote:
    >>
    >>
    >> On Fri, Feb 22, 2019, at 19:03, Christian Huitema wrote:
    >> >
    >> > Martin, you seem uncharacteristically restrained today. How about, "If
    >> > it is not encrypted, middle boxes will ossify, and pathetic efforts at
    >> > obfuscation are not going to save you?"
    >>
    >> That is what I typed first... Maybe if we all agree on this point,  we can move on.
    >
    >
    > I've seen and worked through one ossification case with QUIC so far, I can say that making versions dynamic in any way would have helped us. This is after talking to the middlebox vendor, and understanding their process.
    >
    > I think I've made my case -- that there's value in making the on-the-wire version more dynamic. If there is a proposal to encrypt version number, I'm all ears. This conversation is premised on not having encryption to save us. Without a proposal that encrypts version numbers, it does not make sense to say that encryption is the only solution.
    >
    > It is counter-productive to argue that nothing should be done in any situation when encryption is not available as a solution.

    Yeah. And IIUC encryption cannot be a solution for QUIC v1.

    To be precise, encryption can be a solution for QUIC v1 only when we
    can assume that ESNI (or something other that allows the endpoints to
    negotiate shared knowledge) gets deployed along with QUIC v1 by a
    significant portion of the endpoints.

    I'd be very happy to see that happen, but I am skeptical if it would.

    --
    Kazuho Oku

v2.23.0 | Report a Bug | By Email