IETF Logo Mail Archive

Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))

Martin Thomson <martin.thomson@gmail.com> Fri, 06 April 2018 10:55 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80A941243FE for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 03:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_MUTUALBENEFIT=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ff34rjUK38Y for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 03:55:13 -0700 (PDT)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89BAA124205 for <quic@ietf.org>; Fri, 6 Apr 2018 03:55:13 -0700 (PDT)
Received: by mail-ot0-x234.google.com with SMTP id p33-v6so713278otp.11 for <quic@ietf.org>; Fri, 06 Apr 2018 03:55:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=v61C8s2dq/voseLP2iRFYU3XUIdkZIV6Fq0ICFCkZxU=; b=MHYK9jgRK8rXCQR1jJkCXXlgDXO/7ohpuI9C6B34xHIT57SOlUzOPBbfITx51mGk9Z bjlSy7bQ1H1r6d6s1QvGisPE8zymFQSib2sQkYJinSI7ODMjMUJ0ewPo0DR5Xf7QO6+u 2UYVbyl15T4l32bUmXnfcBUMHjZWIBfkq5dSP09SDPHqJ6mdG1wkR8ux9LmdbdWtqr6N Z0VyPAmUyEx7Z0GoNx+RrQCpd2YJ3a+vyxmXtVFpxHa0kxjYe2p70RKpzLQGjM96meaP egsOGBM+asXFHKyYc/VMb5bZXBj+PD2hxR7wqWnes8CEk93FcBDkGnxrUpY8RhrOylkl r5Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=v61C8s2dq/voseLP2iRFYU3XUIdkZIV6Fq0ICFCkZxU=; b=uNz6Mgi6IZTtPHUD0cDciWbix737ChSJ8sygO/+VdatsPZZVR4zO43BQsq7EDydQnX 8N+hdQHj0GKhhfUW+MfQl6QxcuEbNfLTALMTFiv/oeD51t06YSnUBwTXF3WFqT/cwFyB RvyQ4+W6FtldvgdrFY4ZtlfmcuGoq8NB8XgBQH38xVpy8eIJCIw95LNdJXdlA9Rwpiwp vag5L6OzA5xcYmHJM4zaTF8NfgbhxUYSXo3zvzjBjrcQW06lFd+slmhLsy3b7RqsXsZ4 OGvG4XrDlYez4J6VDyXuGkk55fgCiWTy+fL5/Y3o3XjBCgxRZocBSBiBxPKWDwpNrtdu QGig==
X-Gm-Message-State: ALQs6tBPPVAOBIovaDZUmi5+uxqnfJG6nVzotyyrSXyvPqZi3ai4kfvm M0QuhdJjaGHv4E9Gy4BW7MffsvUormuqKhB28xo=
X-Google-Smtp-Source: AIpwx4+s77newWTMWdpTNXubR1V8ET+N12IjL0HmBNk5mg8JXZvqIGMCs57lqQXazxBRfu4qwbavqlljA8apK6dRaPU=
X-Received: by 2002:a9d:4c81:: with SMTP id m1-v6mr10503344otf.396.1523012112807; Fri, 06 Apr 2018 03:55:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Fri, 6 Apr 2018 03:55:11 -0700 (PDT)
In-Reply-To: <FFEC6258-4B0F-473F-BAF6-28C655EE6DAF@trammell.ch>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com> <FFEC6258-4B0F-473F-BAF6-28C655EE6DAF@trammell.ch>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 06 Apr 2018 20:55:12 +1000
Message-ID: <CABkgnnVPUhp0f6-ZBV6CpZ8QJk_cwf7SWzOCtTD5FsNNvtnkjw@mail.gmail.com>
Subject: Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: Kazuho Oku <kazuhooku@gmail.com>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Christian Huitema <huitema@huitema.net>, QUIC WG <quic@ietf.org>, Frederick Kautz <fkautz@alumni.cmu.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/BWLT9l1G3MPtuauIgfACg5y2q7g>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 10:55:15 -0000

I don't know how to game this one out.

If we're looking for mutual benefit, the best I can come up with is
that the middlebox knows about flow up/down, so it can extend timeouts
for most flows and endpoints thereby enjoy better chance of flow
liveness after longer periods of quiescence.  That would be something
like with TCP where you can expect timeouts to be in the order of
minutes or tens of minutes (30 minutes if you pick the right port
number) and not merely tens of seconds.

The problem here is that you need enough of the middlebox population
to extend timeouts in the common case.  Tuning to specific networks is
difficult and time-consuming.  So endpoints would deploy this "grip"
without any expectation of reciprocation for potentially a very long
time.  That's in the order of the end-of-life cycle for home routers,
or an entire Internet era.

In the meantime, endpoints have to assume flow liveness based on the
Internet of today.  30s is the benchmark now, despite the wishful
"requirement" for 2 minutes in RFC 4787.

Thus we end up with the tension between the documented wire image that
says that there is a "done" signal, and the actual wire image, which
has activity every 30 seconds.  Add genuine cases of migration,
crashes, stateless resets, and the other reasons that the "done"
signal doesn't appear and the timer has to come down.

There might be benefits if everything comes together, but it's a long
game to play.

On Fri, Apr 6, 2018 at 7:38 PM, Brian Trammell (IETF) <ietf@trammell.ch> wrote:
> Hi, Kazuho,
>
>> On 6 Apr 2018, at 11:14, Kazuho Oku <kazuhooku@gmail.com> wrote:
>>
>>> It's multiplicative by a factor of three, which means that the max flow concurrency will reduce by a factor of three. I agree it's probably tolerable, but we do need to understand what we're actually getting for that cost. I remain dubious about the actual privacy benefits WRT third party passive surveillance here -- they don't accrue at all unless there's a CGNAT in the way that doesn't bind an address/port range to a customer at a given point in time. In the common case, ISTM that just burn more in-network state than they additionally require at the surveillance point to track the change. Defenses with such scaling curves are not a good idea.
>>>
>> I think I share the same concern.
>>
>> One way to minimize the impact could be to suggest certain amount of connections (e.g., 5%) to gratuitously migrate to a new tuple just once, right after the connection is being established.
>>
>> If we specify that way, we can assume that the impact on the NAT will be having 5% more flows. Middlebox vendor that mistakenly tries to use the cleartext bits in the packet header as the signal of connection initiation will also see failures at the same rate.
>
> If the goal is only ossification agility, ensuring that migration can actually work, then this seems like a much better approach.
>
> However, I would submit that if we think we are in a position where:
>
> - there is a strong incentive for firewalls/NATs to want to see start- (and end-) of flow (which seems to me to be the threat model we're trying to mitigate with this); and
>
> - we do not want arbitrary information in the QUIC wire image to be used to detect these conditions, since that might cause bits of the wire image we don't want to end up in the accidental invariants;
>
> then we really should consider adding explicit advisory flow state signals, both for establishment and teardown. The theory here is that if you give in-network functions a "grip" in the wire image of the protocol they can use for state management, they won't try to grab on to the slippery bits. Together with probabilistic migration, these signals would divorce "on-path state" from "transport session state", reducing the privacy impact with respect to SYN/FIN in TCP.
>
> (The alternative is to make the wire image so inscrutable that on-path state tracking becomes completely futile and goes away. I'm not sure we're that good at inscrutable wire images.)
>
> Cheers,
>
> Brian

v2.23.0 | Report a Bug | By Email