IETF Logo Mail Archive

Re: Back to work

Martin Thomson <mt@lowentropy.net> Thu, 29 October 2020 05:17 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B35C3A0B2E for <quic@ietfa.amsl.com>; Wed, 28 Oct 2020 22:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=iUEA9m56; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=OWH4URZI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9LDiF6QQ3nPX for <quic@ietfa.amsl.com>; Wed, 28 Oct 2020 22:17:24 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A3C43A0B25 for <quic@ietf.org>; Wed, 28 Oct 2020 22:17:24 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3AD215C0052 for <quic@ietf.org>; Thu, 29 Oct 2020 01:17:23 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Thu, 29 Oct 2020 01:17:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=vly5g gua64Z0yqLI6tTMtvYle32ZUpFeq7+W5XgzbfE=; b=iUEA9m56iCpVmgtu+c0Bq Yh17Xg4LkeYxMV1Qi41aoPXyZIf4Odb02l2e/rb76hiPdUtBq3Te20dNlsYeuTFc kZjxvOsIHNsqDLeTK+sHrO0YAaMObzyxs98KwD1pEhbujFVf5Ddz9RtLtwSYPGtp 0c2vMYkSlmu0hjJ5Brqgt3nUnzWDdY2rs1rpBhQsjtqCbNquVl0EB+AtgsDAtBZp eDyCt3L03xsDONaH3G/Pgc7QsnX8ALL544SRle4v70Q8goHnAdOtyik468HFOmjI XaV7pU74gMHXAJMrBUH8k/j73k/D4Fzy1x7K3uep+ffc8+drRaT6UuyCbn9VD8yL w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=vly5ggua64Z0yqLI6tTMtvYle32ZUpFeq7+W5Xgzb fE=; b=OWH4URZIj0eKvE/aYlztScfUJBgDPsZZheI7p8FHa2tDEcCGBt30elMF2 GhLZ087PQGSYI8jXOyPCSFXH6G9aeQSPAUwBZCgje/K/XZsa4qqt3yBjeIWdSKAn YH1kQ3bn25XGWfA8Y2PeNQIzPfKWOrMRfbH47U+iw8ASgsD47Nts0OLVO9P2RTw0 xru6FE5LG5m5iS8vjqV1WvTUyeEOifxQQ7kF2zYG1P8WCb3yEgvA/2ebBcpllFEf 8klyz7+zI6LjPMd5BqlcEV1WhWVuARnDMZgZvU+9S3ceR0hm63mOZ626GiTtjf++ Imkw42HdfuiBQiJTXE5RATJkEmy2g==
X-ME-Sender: <xms:YlCaX-c8W7j_1O3SyS5ilCR6jUAEMRc8oW1_xICpbethEK0nXqsieA> <xme:YlCaX4OUejac9UdztzK7MQMw7ti80lrU1rCQsvw5LuwY6XTMiLS55G3Z3yzOxYffj DCw8e5YrgdwqrFYTos>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrledvgddutdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepgfejueduieffledtge elheejvdettdejudduhefggeefgfekgfeuieetgefftddtnecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnh gvth
X-ME-Proxy: <xmx:YlCaX_hFw83dmWlmjTI5SS9YwwBmaRfKHutPDkj6WRoPlVW5VcOajA> <xmx:YlCaX78GheKEItS-Va-4V7qY96FRY3zB7km6EINWIflvvvgKbRqbwQ> <xmx:YlCaX6s9Cw2ekv-p6KXp8T0Lm0OIVroX9IDKcwwsYkeqellG0KppvA> <xmx:Y1CaX469SUGBeAkU5sdgX-S466gtwn_QKCgAdsn1v65HzG8LWj06Uw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A7FE8200F8; Thu, 29 Oct 2020 01:17:22 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-530-g8da6958-fm-20201021.003-g69105b13-v35
Mime-Version: 1.0
Message-Id: <7fca948f-6c71-45c8-8c76-8cfabf11898b@www.fastmail.com>
In-Reply-To: <59211AC5-0D72-4295-9E67-DA0BF5B92965@apple.com>
References: <0f150dec-e408-48bf-8e54-05e3e96e7a85@www.fastmail.com> <CALZ3u+a1fBq1MB52H-h-JYY=OOkOo9=jEu7smNVeyy_9U3abEw@mail.gmail.com> <CAKcm_gNoB=nP050VRfw5MXAAw-HhpnKHp6pAx9onaA4a5CH5-Q@mail.gmail.com> <b80cf41524865c171712bfcfca7ef92e2a472044.camel@ericsson.com> <efe63bdf-7af2-49c0-932d-3a36de61bdd6@www.fastmail.com> <41A07550-1BFA-43E6-83A0-93FA96DF1E9B@apple.com> <CAN1APddS_qtMoUiUL9uwtAB3rXuAQ0NmiipXGDkS4hcA5od6Ag@mail.gmail.com> <CAKcm_gOcuuF_REWszJyYC6eO6swavMD3D9VnzgJTHEwEAXOsnw@mail.gmail.com> <CAM4esxT2kD6U-Hb5cOSfykBPvTmboEozqqiYiFF63ywxstm-LQ@mail.gmail.com> <CAKcm_gPzEgEssO3LMyW=t9tvbsRrLQBJ7M=2mxySs3H-YUXF5A@mail.gmail.com> <CACpbDceKFAVZ=Vrvj8ZoOj95TNfkCqNrpLh8FOBMBUBU=Qx_eQ@mail.gmail.com> <cc9aca43-7556-7fed-8ef8-1b5343316a0d@huitema.net> <59211AC5-0D72-4295-9E67-DA0BF5B92965@apple.com>
Date: Thu, 29 Oct 2020 16:17:01 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: Back to work
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/FC5n5Mqobu8cnvqWthTPLi2nfH0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2020 05:17:26 -0000

Hi Eric,

I don't know what you mean by: "How worried are we about the 3x limit?".

I got the impression that Christian's request was that we avoid padding where it is unnecessary.

The two things we need to balance here are:
* Amplification (the reason we have a 3x limit)
* Odd failures when things only work sometimes (the reason we require padding of probes)

My belief is that the proposed PR #4264 achieves this balance in a minimal fashion.

Yes, there are two things you need to verify for a new path, but for the most part, probes can be padded and so will verify both.  Both that the address is live and that the path supports a reasonable MTU.  These are separated into two separate checks if checking the latter would violate the amplification limit.

Padding packets sent on either path is sub-optimal if you already know that the MTU is OK, so I'd be happy to create a carve-out for that.  It seems like a fine optimization, but the space can be used for things other than PADDING frames, so I don't see it as critical.  My migration implementation (almost finished, thanks) will include other frames in these packets where possible.

Cheers,
Martin

On Thu, Oct 29, 2020, at 13:13, Eric Kinnear wrote:
> I was originally shying a bit away from that option, Christian, but the 
> more I think about it the less painful it seems: back out the padding 
> requirement, add in a note that “after a new path has been validated, 
> endpoints can/should/must do PMTUD to validate the MTU on that path”. 
> 
> The natural responses that an endpoint goes through during path 
> validation (or abrupt migration) leave it with either a working or 
> failing path when trying to migrate; this was always the case and is no 
> more or less the case due to MTU concerns. 
> 
> Alternately, you also note that we might want to avoid forcing the 
> server specifically to send large packets — in my opinion, that would 
> be another equally valid way to tackle this: require the padding only 
> for PATH_CHALLENGES sent from the client and any PATH_RESPONSE to a 
> padded challenge.
> That’s really nice in a number of ways, especially for the MOTS cases 
> where I can make the server think that every new packet is on a new 
> path, etc.
> 
> So… lots of words to say: I very much agree with what you’re saying. :) 
> 
> It seems like these would be good options to use if we think that 
> there’s something we *don’t* like about the 3x limit (perhaps how it 
> interacts with NAT rebinding). Otherwise, the 3x limit is nice and 
> general.
> 
> How worried are we about the 3x limit?
> 
> Thanks,
> Eric
> 
> 
> > On Oct 28, 2020, at 5:41 PM, Christian Huitema <huitema@huitema.net> wrote:
> > 
> > 
> > On 10/28/2020 5:17 PM, Jana Iyengar wrote:
> >> I like the universality of the 3x limit. The reasoning applies broadly
> >> and there's no reason to separately reason about how a server responds
> >> to new addresses, be it at the start of a connection or
> >> mid-connection. Overall, I have a few minor suggestions to make, but
> >> I'm happy with the way the PR is headed.
> > 
> > 
> > I think that we can devise proper solutions for "organized migrations",
> > such as requiring both receipt and acknowledgement of a long enough
> > packet before validating a path. I am not going to belabor that. But NAT
> > traversal is a can of worms, and some of the norms are going to bite us.
> > 
> > I order to support NAT traversal, we request servers to take action if
> > they see a packet arriving from a new address of the client. This opens
> > a huge hole through which enterprising MOTS or "specially crafted
> > clients" can harass servers. We have an OK defense: send a challenge to
> > both old and new IP to force "proof of address ownership". That defense
> > is OK because it uses minimal length packets, and thus does not cause
> > too much amplification. I think we should leave it at that, and not
> > force the server to send large packets. There is a need to then validate
> > that the path can carry traffic, which will happen naturally when the
> > server tries to send a large packet. But if the server only sends these
> > large packets after address ownership has been verified, things ought to
> > be quite good.
> > 
> > -- Christian Huitema
> > 
> > 
>

v2.23.0 | Report a Bug | By Email