Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
Nick Harper <nharper@google.com> Fri, 27 September 2019 04:54 UTC
Return-Path: <nharper@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C721120170 for <quic@ietfa.amsl.com>; Thu, 26 Sep 2019 21:54:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dO4XKUvhSAwJ for <quic@ietfa.amsl.com>; Thu, 26 Sep 2019 21:54:45 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4363612009C for <quic@ietf.org>; Thu, 26 Sep 2019 21:54:45 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id k20so4139770oih.3 for <quic@ietf.org>; Thu, 26 Sep 2019 21:54:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=lq0xOfYuliCuE0xqwBrLLHwH48bD1KwIbhizNy8QmQs=; b=PW7CQJl7lm6Bc9ZZbUzEj0tPL0jvn+HALjGZFMntns2GvPqM+acFpgHEjZqkFTKCpE LBJA9n0u4Cgc20btzMZ269NXThdRSpHCON5eo4FBPGkY7nCxdY4OzJECI9H1SrF58WHL hU9xzvxYmvSVw0ECqHdo1HFaHlwhrcYbS9MdP0ii5WWhEg4/Q9punexyrAuua6r128nw 9/JuniCSA1i5XDVuFU0CoptHufePzC6zLmsYbXnlaKhWGC9OAWzUxRzmHLE/zP3z+5fN lw3wjrNLFjVnaS5/W9NJCrJ+lReSuoh6NS25PCQ50err9MFpib+vRzLN/0VkZWCdOUZn C9hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=lq0xOfYuliCuE0xqwBrLLHwH48bD1KwIbhizNy8QmQs=; b=JXyRzgO316uXuOGKklQxzu2vj5WfKbkSxOEED55K+Kj7PbOuNMbQn05JhUvgQfWEX9 K7mCFGIMPrkgUPsnI9VfJiuHY6qcefzAB1yHhMoObr7ducTCQiKkJxeGtFPnx5pi/TGZ +SMz7et34KonrQDY1J/y8GzmAfug5+HY0WsfKstpLHT6totuVMdGpG8UTXAxzmNl6Hci h5XGzl3GVe4HL9JNZ086Ja5tJCgR+76bymowSmEJXjCzQlUgT92UiXTHE/fm3FPEM2XJ 2ydlaTRxK5cBAVoT5F8lMng22k8az25k0nXLW8Hlx/gXNVnHD5QDNRB9yr+vD5eCmyT+ toyA==
X-Gm-Message-State: APjAAAVMVSZLTKFCrLn8EjVCF9fFAo5C77aA7I1+ivsC0fkzax42iXnQ ZGvFN0Nv5LpCdMfTv/BSmV90jl8TeGVbgYBhCWTwdkRwQLQ=
X-Google-Smtp-Source: APXvYqzl3A2OMLKedzO8U2HOmfamMWxl3e5hpOra8FaJDUdSGEBKFH28W69HSz7/wd10ZEYPb0zPPQSaIF5um2vA/gM=
X-Received: by 2002:aca:eb09:: with SMTP id j9mr5730837oih.105.1569560084022; Thu, 26 Sep 2019 21:54:44 -0700 (PDT)
MIME-Version: 1.0
References: <CACdeXiLEnvmqmxSgXbvAwEo0rgm-F59RL2sk0Ugu6PNuiDkfsw@mail.gmail.com> <c22f8e1d-887e-1bef-799f-47e4f3151966@huitema.net>
In-Reply-To: <c22f8e1d-887e-1bef-799f-47e4f3151966@huitema.net>
From: Nick Harper <nharper@google.com>
Date: Thu, 26 Sep 2019 21:54:32 -0700
Message-ID: <CACdeXiJhC+gOKKj49CTh7JfOPFsy0=6fG69Fy=GH=280+aGdOw@mail.gmail.com>
Subject: Re: Add application parameters to QUIC handshake and use it for H3 SETTINGS
To: Christian Huitema <huitema@huitema.net>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/I90lqFX_Ovogv5iO-fYFlcoZ2UU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 04:54:47 -0000
On Thu, Sep 26, 2019 at 7:48 PM Christian Huitema <huitema@huitema.net> wrote: > > On 9/26/2019 2:51 PM, Nick Harper wrote: > > > I propose introducing application parameters to the QUIC handshake and > > using this new mechanism for H3 SETTINGS instead of sending them as > > the first thing in the control stream. Application parameters would > > allow applications using QUIC to advertise or negotiate > > application-specific parameters during the cryptographic and transport > > handshake. It would guarantee that the client and server have > > exchanged their application parameters once the handshake is complete. > > > > Specifically, I’m proposing a new “application_layer_parameters” > > transport parameter, which when sent by the client is a series of ALPN > > identifiers with an opaque blob of application parameters per > > identifier, and when sent by the server is a single opaque blob of > > application parameters for the application identified in the ALPN > > extension. > > > I am a tad concerned with the privacy aspects of this proposal, at least > on the client side. Currently, the settings frame is sent encrypted in > 0-RTT or 1-RTT packets. With your proposal, it would be sent in > clear-text, allowing very easy fingerprinting of clients. > > -- Christian Huitema > Yes, this does provide a fingerprinting vector. Transport Parameters also provide a fingerprinting vector with about 10 parameters that could reasonably be used for fingerprinting, compared to the 3 we have in H3. The nature of both of those sets of parameters is that they'd likely fingerprint implementations but not individual clients. In terms of the application parameters design, individual applications can choose whether or not they want to use them in the client flight or just the server flight. We could keep client SETTINGS in the control stream and only put server SETTINGS in application parameters.
- Add application parameters to QUIC handshake and … Nick Harper
- Re: Add application parameters to QUIC handshake … Christian Huitema
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Mikkel Fahnøe Jørgensen
- Re: Add application parameters to QUIC handshake … Ian Swett
- Re: Add application parameters to QUIC handshake … Lucas Pardue
- Re: Add application parameters to QUIC handshake … Roberto Peon
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Eric Rescorla
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Ted Hardie
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … David Schinazi
- Re: Add application parameters to QUIC handshake … Kazuho Oku
- Re: Add application parameters to QUIC handshake … Nick Harper
- Re: Add application parameters to QUIC handshake … Dmitri Tikhonov
- Re: Add application parameters to QUIC handshake … David Schinazi