Re: Getting to consensus on packet number encryption
Ian Swett <ianswett@google.com> Wed, 04 April 2018 21:44 UTC
Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46DC1120454 for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 14:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwAW1UYOvtMT for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 14:43:59 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5BA5126BF0 for <quic@ietf.org>; Wed, 4 Apr 2018 14:43:58 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id 71-v6so630160ith.2 for <quic@ietf.org>; Wed, 04 Apr 2018 14:43:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VnHa445pETr8gqWDyWFjBOOClfz6TPS8gkp1J98vb7U=; b=GYbquvgTuwrMTU6F3LxTNh4yu7nRDbFa7IbWUhH9J+88gYt/BdCE3uQSqysESPvLXw 8iCHexp0ghlxfpBA9WKpavH5RKaGkor9xD3wtMaHopEjFk78ZhmbiTlNPI4d0dkaUoEf CWm5dvUEL3YfKFZaArFNI+Cx97Y6RjDmVSb8VcXdL3MGxVlA45loBUAMMCrrNjZ4Adl6 4ZKvM0nEDetST5fvAhdl+BqQG2uHuyYff9dKzNnXhrWs/dPYZmDmTSvfj1rEKrDJ9Wf1 9vtfFKp5ARr1VxBB6/9QuSjeBdcMCYsZWZgesr0RNRPO5hEcNMJlX8xOjTJf1JrWPCTc yYNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VnHa445pETr8gqWDyWFjBOOClfz6TPS8gkp1J98vb7U=; b=J0o9oFxBdg4M/kvNukHGrM/tdtNf1WuKegol7OQ8vOEXpJpdYgJpaj7efdeF/4S7J4 6bCW7RLZlbxErgji/ROd7Y+/2cDyX6Anu6weTzfzrD4IjBR55pCaLy9A/iuBc33hdc3p bIshN4Ph1kEWfz1exwsPzy0ux5dWYywfIUvhbJ/OAXqcTtDg2lJoFvGwMr1dmw5N5dMw uX3KznfJ9de28FV+yGY0l17SoMIldWh3alcty+Bsm7MaGAwkGuv3lF/ySK+shVgXkD8Q Y89e5ATB5AXkRn0OzwVIBQYgaDFejj+y0+e6Xub3DUy3liIGt7b6rUKeApIRl8ybInDf XszA==
X-Gm-Message-State: ALQs6tBZCW21b42eBOl8tqGSUfrsbxiUNZcd0dmKpLLzCex3xtHnN5v4 GDGEfhCWJ8cqgfDIm9pYXUt2vrWsdGXX3622vhpeL8Zx
X-Google-Smtp-Source: AIpwx4/flVqsupdsi3uheyYLs2m7diKNpE8up16nvO4/sfxtwGKvPGblqLiO/oH67KHAxQGC3S3057RmdnbS8F/Nlgo=
X-Received: by 2002:a24:45a2:: with SMTP id c34-v6mr11888662itd.31.1522878237866; Wed, 04 Apr 2018 14:43:57 -0700 (PDT)
MIME-Version: 1.0
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net>
In-Reply-To: <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net>
From: Ian Swett <ianswett@google.com>
Date: Wed, 04 Apr 2018 21:43:46 +0000
Message-ID: <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com>
Subject: Re: Getting to consensus on packet number encryption
To: Mark Nottingham <mnot@mnot.net>
Cc: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Lars Eggert <lars@eggert.org>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000067fef705690cb888"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/H2gMqMtiHzCZiRSP3PQFJH589VA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 21:44:03 -0000
As expressed previously, I tend to think PN encryption is the most pragmatic way forward at the moment. However, is anyone who would prefer a different solution(ie: packet number jumps or separate spaces) willing to send out a PR they think solves the link-ability issue PN encryption solves? My mental model is there are a fair number of thorny edge cases, but maybe if I saw them in a PR, it wouldn't be as scary as I think? On Wed, Apr 4, 2018 at 5:28 PM Mark Nottingham <mnot@mnot.net> wrote: > Mirja, > > On 4 Apr 2018, at 8:27 pm, Mirja Kühlewind < > mirja.kuehlewind@tik.ee.ethz.ch> wrote: > > > > Hi Mark, > > > > without intending to state a technical opinion, I think I need to > disagree with your assessment of the situation. Please see below. > > > >> Am 04.04.2018 um 06:58 schrieb Mark Nottingham <mnot@mnot.net>: > >> > >> Hi everyone, > >> > >> The editors have told your chairs that this issue is starting to block > progress on other aspects of QUIC. Coming to consensus on it soon (i.e., > before Stockholm, if possible) would be good. > >> > >> It looks like this thread has come to a natural pause. Reading through > it, I think we agree there are some unpleasant tradeoffs here, but so far > we have only one concrete proposal -- PR#1079. > > > > The other proposal is to use a random offset that can/should be changed > when the connection ID is changed. Which is mostly inline with what the > draft currently says. > > As I understand it, the status quo has caused a significant amount of > pain, complexity and potential bugs. PN encryption was proposed by Kazuho > in Melbourne as a way to work around that. > > We can, of course, decide that the status quo is the right approach. > However, my current reading of the WG is that it isn't acceptable. > > > >> My AU$.05 - While we're chartered to produce a protocol that's > encrypted as much as operational concerns allow, > > > > I don’t think this is what the charter say. The charter says "Providing > always-secure transport, using TLS 1.3 by default.“ plus another paragraph > that talks about TLS1.3. It does not spell out the desire of some > individual to „encrypt as much as possible“. > > I think that depends on how you read "always-secure." The charter also > says we will provide "confidentiality and integrity protection of both > application data and QUIC headers." > > > >> and that privacy is a natural extension of that (especially in light of > RFC7258 and RFC6973), there is no *requirement* that we produce a protocol > that is able to be accelerated by hardware. > > > > Not there is no requirement that the protocol need to be accelerated by > hardware. However, not all requirement are listed in the charter. We as a > group have to define the requirement. However, there is of course an > implicit requirement for all work in the IEFT that is must be deployable > and serve the needs of those people who want to deploy it. > > Yes - a discussion that I'm trying to draw out. Thanks. > > > >> That being the case, I think we need to ask ourselves if we believe > that inclusion of PR#1079 will significantly inhibit deployment of the > protocol. Based on the discussion so far, that doesn't seem to be the case, > but I'd be interested to hear what others think. > > > > Here my assessment is also different. There are multiple people that > have raised concerns that this could hinder deployment. > > As you know, we don't assess consensus just by the number of people that > have raised concerns, but also the technical merit of the arguments. So > far, the arguments have been all over the map, and I want them to converge. > > The data that's been provided has been very helpful, but we need to > evaluate that in the context of how QUICv1 will actually be deployed and > used -- something which a few threads have touched upon. > > Overall, I do not think it is a goal of QUIC to be deployable on any > system for any purpose; if we try to design it for all purposes, we're > going to fail. The question, then, is how much deployment / implementation > / adoption we need to make it succeed -- and to design for that. > > > >> If we can get to consensus to incorporate the PR, and folks come back > later with a more hardware-friendly replacement that doesn't change the > Invariants or increase linkability, I suspect the WG will be amenable to > that. > > > > I don’t think to just go with what we have even though there are > concerns, is the right approach and definitely not the approach that was > chosen for other proposals. In the sake of getting version v1 out quickly, > I would think that not incorporating another change that does not have > consensus is the proposer approach. > > I wasn't proposing that we incorporate a change without consensus -- > please re-read my statement. You may disagree with how the chairs > eventually call consensus on this issue, and there are mechanisms for you > to appeal (or even DISCUSS) that, but it's premature to start that now. > > That said -- One way to prove that PNE hurts deployability is to try it; > implementers have a very strong incentive to make sure their code can be > deployed, so if those who have concerns are correct, it's probably the > easiest way for them to be proven right. > > Thanks, > > > > Mirja > > > > > > > >> > >> What do folks think? > >> > >> Cheers, > >> > >> > >>> On 29 Mar 2018, at 11:39 am, Ian Swett <ianswett= > 40google.com@dmarc.ietf.org> wrote: > >>> > >>> Thanks for the nice summary Jana. > >>> > >>> As much as I'd love to have easier crypto HW acceleration, I've ended > up arriving at the same conclusion. I don't want to bite off the work to > do proper multipath in QUIC v1, which I think is the only other reasonable > option of those Christian outlined. > >>> > >>> If someone comes up with a way to transform packet number to make it > non-linkable, but doesn't have the downside of making hardware offload > difficult, then I'm open to it. But we've been talking about this for 2 > months without any notable improvements over Martin's PR. > >>> > >>> Given we never talk about any issue only once in QUIC, I'm sure this > will come up again, but for the time being I think #1079 is the best option > we have. > >>> > >>> > >>> > >>> On Wed, Mar 28, 2018 at 8:03 PM Jana Iyengar <jri.ietf@gmail.com> > wrote: > >>> A few quick thoughts as I catch up on this thread. > >>> > >>> I spent some time last week working through a design using multiple PN > spaces, and it is quite doable. I suspect we'll head towards multiple PN > spaces as we consider multipath in the future. That said, there is > complexity (as Christian notes). This complexity may be warranted when > doing multipath in v2 or later, but I'm not convinced that this is > necessary as a design primitive for QUICv1. > >>> > >>> We may want to creatively use the PN bits in v2, say to encode a path > ID and a PN, for multipath. We want to retain flexibility in these bits > going into v2. We've used encryption to ensure that we don't lose > flexibility elsewhere in the header, and it follows that we should use PNE > to retain flexibility in these bits as well. (Simplicity of design is the > other value in using PNE, since handling migration linkability is > non-trivial without it.) > >>> > >>> This leaves the question of HW acceleration being at loggerheads with > the design in PR #1079. First, I expect that the primary benefit of > acceleration will be in DC environments. Yes, there are some gains to be > had in serving the public Internet as well, but I'm unconvinced that this > is the driving use case for hardware acceleration. I understand that others > may disagree with me here. > >>> > >>> AFAIK, QUIC has not been used in DC environments yet. I expect there > are other things in the protocol that we'd want to change as we gain > experience deploying QUIC in DCs. Spinning up a new version to try QUIC > within DCs is not only appropriate, I would recommend it. This allows for > rapid iterations internally, and the experience can drive subsequent > changes to QUIC. It's what *I* would do if I was to deploy QUIC inside a DC. > >>> > >>> So, in short, I think we should go ahead with PR# 1079. This ensures > that future versions are guaranteed the flexibility to change the PN bits > for better support of HW acceleration or multipath or what-have-you. > >>> > >>> - jana > >>> > >>> On Mar 26, 2018 9:41 AM, "Christian Huitema" <huitema@huitema.net> > wrote: > >>> > >>> On 3/26/2018 8:20 AM, Swindells, Thomas (Nokia - GB/Cambridge) wrote: > >>>> Looking at > https://en.wikipedia.org/wiki/AES_instruction_set#Intel_and_AMD_x86_architecture > it seems to imply a large range of server, desktop and mobile chips all > have a CPU instruction set available to do AES acceleration and other > similar operations (other instruction sets are also available). > >>>> > >>>> If we are considering the AES instructions then it looks like it is > (or at least will be in the near future) a sizeable proportion of the > public internet have it to be used. > >>>> > >>> > >>> Certainly, but that's not the current debate. PR #1079 is fully > compatible with use of the AES instructions. The issue of the debate is > that the mechanism in PR #1079 required double buffering, first encrypt the > payload, then use the result of the encryption to encrypt the PN. This is > not an issue in a software implementation that can readily access all bytes > of the packet from memory, but it may be an issue in some hardware > implementations that are designed to do just one pass over the data. > >>> > >>> > >>> -- Christian Huitema > >>> > >>> > >>> > >> > >> -- > >> Mark Nottingham https://www.mnot.net/ > >> > > > > -- > Mark Nottingham https://www.mnot.net/ > >
- Hardware acceleration and packet number encryption Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Subodh Iyengar
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Christian Huitema
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Salz, Rich
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- RE: Hardware acceleration and packet number encry… Swindells, Thomas (Nokia - GB/Cambridge)
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Jana Iyengar
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Watson Ladd
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Re: Hardware acceleration and packet number encry… Mark Nottingham
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Getting to consensus on packet number encryption Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- ECN signaling from userland Re: Getting to consen… Lars Eggert
- Re: ECN signaling from userland Re: Getting to co… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Eric Rescorla
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Philipp S. Tiesel
- Privacy holes (was: Re: Getting to consensus on p… Christian Huitema
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Christian Huitema
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes Gorry Fairhurst
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- RE: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: ECN signaling from userland Re: Getting to co… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Willy Tarreau
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- Re: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Grips in the Wire Image for In-Network State (was… Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes Roland Zink
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Grips in the Wire Image for In-Network State … Martin Thomson
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Privacy holes Ian Swett
- Re: Grips in the Wire Image for In-Network State … Spencer Dawkins at IETF
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Grips in the Wire Image for In-Network State … Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Bona fide loss measurement bits alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- Re: Privacy holes Christian Huitema
- RE: Privacy holes Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Ian Swett
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- RE: Getting to consensus on packet number encrypt… Deval, Manasi
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Erik Kline
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Boris Pismenny
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Salz, Rich
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Jana Iyengar
- RE: [Potential Spoof] Re: Getting to consensus on… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: [Potential Spoof] Re: Getting to consensus on… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Roni Even (A)
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Gorry Fairhurst
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Christian Huitema