IETF Logo Mail Archive

Re: Privacy holes (was: Re: Getting to consensus on packet number encryption)

Martin Thomson <martin.thomson@gmail.com> Fri, 06 April 2018 10:40 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2669126BF3 for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 03:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qx5HkC3rYu-g for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 03:40:07 -0700 (PDT)
Received: from mail-ot0-x232.google.com (mail-ot0-x232.google.com [IPv6:2607:f8b0:4003:c0f::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B631243FE for <quic@ietf.org>; Fri, 6 Apr 2018 03:40:07 -0700 (PDT)
Received: by mail-ot0-x232.google.com with SMTP id v64-v6so679300otb.13 for <quic@ietf.org>; Fri, 06 Apr 2018 03:40:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=il0Esi1adiAWnSqd0uzr9Ku4+IfWT9h37AHgGIIqDwg=; b=nZe0b7navlBjFxa4HINlar7ZHljrsKHeSTwXP14gbdM28/B9JoL8KU7gA79eTeldQ6 ZS9+kEH8O/moBvGM1HgGnOO0avhSnFL8wrQTFW4OB4pkuMT2hLu2W/t91IxgwQVS7YHh kYkHLeUVr7K4usjGxgUsEX24W86agPqDqf4T0UehwNaw4e9JMgQm/8v3Ky2mTJjeeM9q boX7OJx6fGBnFJWNdOQdlW0mhdc1wVa7oz+1/vvEzkZofUEsCkTKt8XPEC/a3mlXf7Wf FYOK7SJHFmTCU1fGJfMYIGZabWYRYmXWraso0qQmLxm3GAYr0g0b7BHVVEuNqAUQc+DH zegw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=il0Esi1adiAWnSqd0uzr9Ku4+IfWT9h37AHgGIIqDwg=; b=OicIjncqe2o9kPVBi9dpCL8JeeuZvljy3gSUbddM3fKVuqvd4+kLD2PT13zJVjcQKX nf2o711OesYEXJ85OpX/WC9szPHoSb/R2tTbYh2rsfGW9M0LHo+BjR/flhSOAPQVZj1h Z04TyZ3/4+vRDwEnttNFCowZanLn2TnYoj0jso3MIj+X7kh+8is/5jw95VzFootu7Aau tireWCK+Fuayljfvujqd6R0JvRbukbXj6jZeUSZnHkQA5esl2p6TdWQorLRdWvRzXbGv h5sXhfzV2KSUCMoPVvO7wfMk8pvn/wJ0w4TM77HxnYz/ddkfb88k/y9QQEeKzorhaiHE G87A==
X-Gm-Message-State: ALQs6tBzLd5k4BWQ28bGv4UYrmuKrENmIzjyDZ5A+BaBhlR6ZuXXMeWx Kv/vzPjwY+Mb5lspOQmYYFwcPijJK+Rcu1IxrFI=
X-Google-Smtp-Source: AIpwx49crOXpRT2Nqjb9uNra7nYCENZ1sJnGQ24aNhluFCh7RYYJni2MnIlK/XCmX5Dp17GxM/t01O0uoXxiuvnU2vs=
X-Received: by 2002:a9d:2a09:: with SMTP id t9-v6mr7197523ota.392.1523011207013; Fri, 06 Apr 2018 03:40:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Fri, 6 Apr 2018 03:40:06 -0700 (PDT)
In-Reply-To: <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 06 Apr 2018 20:40:06 +1000
Message-ID: <CABkgnnWdAbQ-M2uNTWb8BkNJYTae8e_XVEgmO5MR_1woPnTd4A@mail.gmail.com>
Subject: Re: Privacy holes (was: Re: Getting to consensus on packet number encryption)
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: "Brian Trammell (IETF)" <ietf@trammell.ch>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, QUIC WG <quic@ietf.org>, Christian Huitema <huitema@huitema.net>, Frederick Kautz <fkautz@alumni.cmu.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/H3OABOwobh2sGTcNoDhTsyZHAUw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 10:40:10 -0000

On Fri, Apr 6, 2018 at 7:14 PM, Kazuho Oku <kazuhooku@gmail.com> wrote:
> One way to minimize the impact could be to suggest certain amount of
> connections (e.g., 5%) to gratuitously migrate to a new tuple just once,
> right after the connection is being established.

I like this idea.  Do it rarely, but with a high enough probability
that it is noticed.

I don't think that we need to specify it, rather permit it (maybe with
observations about the costs of doing it too often), then establish a
convention.  We can reach enough of the client population in this
group that we can probably coordinate effectively such that we reach a
common enough proportion.  Add migrate-after-idle as the current PR
suggests, which has a much lower chance of expanding state and I'm not
seeing much need for "grips".

> If we specify that way, we can assume that the impact on the NAT will be
> having 5% more flows.

5% more only during the first timeout interval (whatever that is) and
thereafter no more with this design.

v2.23.0 | Report a Bug | By Email