SV: Structuring the BKK spin bit discussion

Marcus Ihlar <marcus.ihlar@ericsson.com> Wed, 31 October 2018 12:40 UTC

Return-Path: <marcus.ihlar@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18F79130E06 for <quic@ietfa.amsl.com>; Wed, 31 Oct 2018 05:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.769
X-Spam-Level:
X-Spam-Status: No, score=-4.769 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=W+fKLQys; dkim=pass (1024-bit key) header.d=ericsson.com header.b=TNuGPhRb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvcxTqUQ1MIt for <quic@ietfa.amsl.com>; Wed, 31 Oct 2018 05:40:11 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B3E5130E01 for <quic@ietf.org>; Wed, 31 Oct 2018 05:40:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1540989608; x=1543581608; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UoLWcJok7vH7LdABqQIS3hER1dBo7hOXsEGE8ToIXdc=; b=W+fKLQysBQ6K/P1TEHe9IN5nWOa31gAwr9FVCAHzr9FCZEZKIVIGMppiOhViAs1T v1N/VWK1g6W8NCE/hId3jWJhZsqlw/UmNQzGBedniY3zTylafpOnNvKWKKzWao08 u//en4E7pdTSJIHkZyGvVMaySPYAARRW/oFJuk4Xqhc=;
X-AuditID: c1b4fb25-f3b359e00000414e-52-5bd9a2a82ec4
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 8D.CD.16718.8A2A9DB5; Wed, 31 Oct 2018 13:40:08 +0100 (CET)
Received: from ESESBMR505.ericsson.se (153.88.183.201) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 31 Oct 2018 13:40:07 +0100
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESBMR505.ericsson.se (153.88.183.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 31 Oct 2018 13:40:07 +0100
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Wed, 31 Oct 2018 13:40:07 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UoLWcJok7vH7LdABqQIS3hER1dBo7hOXsEGE8ToIXdc=; b=TNuGPhRboUCumKN3gNH6KDYYvzjzpMBLmn/D1Op1qfbpm9kOlGy/HqmsEiqRhfv9V4Sly7bKfuhcgAdV+gQaK9Zz33TZpA7V4H6IFR6S+32GKdCJYDjASwTNdVynLSxuexf/j5+FrZNVf4ciC1M0criN+RpZrB3g586utFmSou8=
Received: from HE1PR0701MB2393.eurprd07.prod.outlook.com (10.168.128.12) by HE1PR0701MB2396.eurprd07.prod.outlook.com (10.168.128.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.10; Wed, 31 Oct 2018 12:40:06 +0000
Received: from HE1PR0701MB2393.eurprd07.prod.outlook.com ([fe80::1b9:990b:7c9f:1cf5]) by HE1PR0701MB2393.eurprd07.prod.outlook.com ([fe80::1b9:990b:7c9f:1cf5%5]) with mapi id 15.20.1294.022; Wed, 31 Oct 2018 12:40:06 +0000
From: Marcus Ihlar <marcus.ihlar@ericsson.com>
To: Kazuho Oku <kazuhooku@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: Lars Eggert <lars@eggert.org>, IETF QUIC WG <quic@ietf.org>, "Dmitri Tikhonov" <dtikhonov@litespeedtech.com>
Subject: SV: Structuring the BKK spin bit discussion
Thread-Topic: Structuring the BKK spin bit discussion
Thread-Index: AQHUb5vbxC4W7eXZzE+qDxda0MBukqU2Y+yAgAAMqQCAArb/gIAAJKtM
Date: Wed, 31 Oct 2018 12:40:06 +0000
Message-ID: <HE1PR0701MB23938B01BC31888DAC3629B8E2CD0@HE1PR0701MB2393.eurprd07.prod.outlook.com>
References: <18A2F994-0E82-48E4-875D-93C674483D49@eggert.org> <20181029160802.GD7258@ubuntu-dmitri> <8268B90E-F109-424C-91A8-DB7BFE208F53@huitema.net>, <CANatvzxt-QBmeJUwp+MjtbpYXstPiEigDzQe0KfWJN+q0XR4Kg@mail.gmail.com>
In-Reply-To: <CANatvzxt-QBmeJUwp+MjtbpYXstPiEigDzQe0KfWJN+q0XR4Kg@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: sv-SE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=marcus.ihlar@ericsson.com;
x-originating-ip: [192.176.1.88]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR0701MB2396; 6:8TbLe187TmeYhmaZSSqwnuUWPxu+q/ApwG0mQqeIzVjCGbl16vUdRc86YjdMPNxZJ2whOmvZPDuUoEvGALWpOFTWctUFTH8ToA2nYsnwK5sA0yKvDnPYqA8rqGATSHEfgO3Mmqxlv8PtgzbB5Yq6F0vWAVBfpEGqGK9KSc/riz7GNKfZ0TgtaP7L99fNK9FnEDZfmL8JNNNc25qAooY68D0fQMCg5FX7DFxWtVZ9eoCps+FSL7iqTiHUSsvVwm5EYWv7wfamalrLkmeJ5EbU2eX39Dqe+zn3OCyd0NqaMxRsoYQslO7e68m532/X3vJp2skbE05bRmrM+uD7BA6Mbb6wwv37oaLca2MoT3BowE0Gmtx+1qg2pufUaZFWzW5x85BARyDI6lVSJp0agmEQU6BD3y6oZub8GIr4lHtMSId5GgcKkGJIOCWpYj+W5l0ec1cLt9ytDubagABKttrljQ==; 5:ozLPrK9mjcjt4dA6T8kFR/b6KpefiFMcNLv4sjPMgUUTroqGo729Vv5WfKfnL6R9hXHm1xqIH6n/0mZWlm2AX2o5EsynPDa6wapMJMrxNgTSWX+8DLtkVvQJvWvHh8mrZSlb6twRmWkmvrvjuCu5cRcxSI1VTlNJETp3aBbfK+0=; 7:lz9XfkVxB25dLMl0gr1dG8WKkfc92MQWWHpKQpieOVoORA/vhcI+YnZT6229acoLl5Y9w7L1cyP5ytd3ntb1xfyU+eR8UwZKNg1Rw6a5TdCROxRVVuKkz2TAQxIHQeGbOsSmg7FEUk11OYxa8SIaoQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 852d5946-3fe3-448a-a2f6-08d63f2dfca4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2396;
x-ms-traffictypediagnostic: HE1PR0701MB2396:
x-microsoft-antispam-prvs: <HE1PR0701MB23963852ED9F160CE67A3756E2CD0@HE1PR0701MB2396.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(85827821059158)(158342451672863);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231382)(944501410)(52105095)(148016)(149066)(150057)(6041310)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:HE1PR0701MB2396; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0701MB2396;
x-forefront-prvs: 084285FC5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(346002)(376002)(366004)(136003)(189003)(199004)(6116002)(7736002)(71190400001)(44832011)(486006)(39060400002)(6506007)(71200400001)(66066001)(8676002)(81156014)(81166006)(26005)(6606003)(446003)(476003)(11346002)(97736004)(86362001)(3846002)(53546011)(186003)(5660300001)(7696005)(25786009)(76176011)(2906002)(316002)(9686003)(55016002)(68736007)(53936002)(256004)(93886005)(4326008)(19627405001)(6436002)(74316002)(54896002)(54906003)(99286004)(478600001)(110136005)(8936002)(105586002)(14454004)(33656002)(5250100002)(2900100001)(106356001)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2396; H:HE1PR0701MB2393.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: +XOGVoUcg6iU5ZMstPyvHB2S1KuIe0/HZ8WWKn1I6RYuGqIg4X1yLn5kY84flFijsiDu65bxeuL7Uz0uiS/cAIkeR/zsJDhWsAGOaCFH2MB2yPlx3ykGWta60ynPqnm0RFq0x8mDKnBgz2eHkCAqy4DYQ1iirdXgPyylxCd4VX6TDtQn6EHQ4k+5mP2CdrEpxnqHEHji/JHF6p6hr6DVC1P8V6J0UY5SpFgCKBd684sZkeilwoLzCZuYhzTmkA6xEZDs1zedfuxTzvPIipGhybs/lutNsbJtZqgmlA3AOZCCEPyEi9w/PE2OgfZEMRRv3J32b2vWih5LDN5WrkMyyWUeVa/QTwWscZhLUjuuGN0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB23938B01BC31888DAC3629B8E2CD0HE1PR0701MB2393_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 852d5946-3fe3-448a-a2f6-08d63f2dfca4
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2018 12:40:06.3189 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2396
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hUURDHPXufPpaO70kRakEqTc21aIlII5AtkQwjQ4O85UUlX9w1TT/Y RqnkGllq6Zr5JKXEdA3TFEIRxEdZmqb5fhGZZZYVZmpe7wZ++83Mf+Y/czgsYdVCObCRMfG8 EMNFKWgzMv/s80S3ytKhkH1Z3XaqpSxalX2tgFF9WUynVJ/bdIwqs9jch1Jnp3VR6kb9KKP+ kNdJqsvLl2Xqmfp2IoAKNjscxkdFJvCCx5FQs4imkpS4h0FXFhZHaC2aP52BWBbwflgzJGQg M9YKtyGorZunpOAXgqWVdlkGMpWCgiWFVCiXwWRmj0wMSJxFQE9fKilV7ssgM7uKklpmEKTO OotMY3foHtXRIttgf9BWZJMiE1iA0vrpTbbe2KOk57dRcwDuGF4Z2Re0c482Z5LYGYZWBhmR 5TgUFu4aCMl4HMFIZy0tHmSKT4GhJVHUIOwE47/HjF728KNwYvMcwBjKm3sIiW3h0/QaJbYi fA7+DMdJ6R3wtbCLltgJeot0SLQCPEhD+9RNY68bfMvNNbI/rOqXaEnUgeDGmykkPfBeyPzl ImliIa26C0nsB98r7zFZyFO/ZT2JY+FP02tCv3mmJXTkz5D6jUkE3gNPX3hIkp2Qo5tkJN4N qQ8Kma35YsQ8RrYaXnMhOlzp5c4LkRc1mtgY9xg+3oA2PlbLsxXnBtQ3f7QVYRYpLOR1OUMh VhSXoEmKbkXAEgobeXPRRkoexiUl80LseeFyFK9pRY4sqbCXTx6sC7bC4Vw8f4nn43jhf1XG mjpokVd1vSUXeCYo5y23zMx6K5VE1faqkyW3WTetSWNAhoWs5mS34F1hl76g8trVe/V9YXf7 +rz5MccCT936R1ddWMO7/mGTYodDSgfnsr/bOnxOzPUztJ/S3zVgVDtQU7s6kfJz4CX3ZNh6 2TewM+R6cl4cp47gom/lHRprchw7XqYgNRGcpwshaLh/dJjINlQDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/J_g5akbhcLiWRHTNQcKigrhhbNo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 12:40:14 -0000

Hi Kazuho,

I believe the biggest difference is the size of the hidden network segment.

In the NAT case the client and NAT are still in the same country or continent.

A quick glacne at distancecalculator.net shows that the city farthest from Tokyo in Japan is Naha-Shi, at 1554 km.

That translates to roughly 5ms at the speed of light, so the kinds of measurements to determine distance from Tokyo based on RTT will be extremely sensitive and error prone.

Please note that the distance analyis can be performed on handshake RTT as well, for connections where the initial handshake is visible at the measurement point.


________________________________
Från: QUIC <quic-bounces@ietf.org>; för Kazuho Oku <kazuhooku@gmail.com>;
Skickat: den 31 oktober 2018 11:20
Till: Christian Huitema
Kopia: Lars Eggert; IETF QUIC WG; Dmitri Tikhonov
Ämne: Re: Structuring the BKK spin bit discussion

2018年10月30日(火) 1:54 Christian Huitema <huitema@huitema.net>;:
>
>
>
> > On Oct 29, 2018, at 9:08 AM, Dmitri Tikhonov <dtikhonov@litespeedtech.com>; wrote:
> >
> >> On Mon, Oct 29, 2018 at 05:26:34PM +0200, Lars Eggert wrote:
> >> We'd specifically like to ask client and server implementors with
> >> projected sizable deployments to indicate whether they intent to
> >> implement and deploy, if the WG decided to include the spin-bit in
> >> the spec.
> >
> > LiteSpeed Technologies will support the spin bit -- both in our
> > server and client QUIC implementations -- if it make it into the
> > draft.
>
> My implementation is not used in any large scale deployment, but it does support the spin bit. In fact, it has configuration options to support spin bit variants: node, just spin, spin + vec, spin + QR.
>
> I think the strongest objection to the spin bit was put up by Marten during the last interim: measuring the RTT with the spin bit discloses the use of hidden path segments like VPN. This issue was not discussed during the privacy analysis.

May I ask if the VPN users are the only ones that lose some privacy
with spin bits?

I ask this because I live in a country where IIUC the mobile carriers
place their nation-wide carrier-grade NAT near the capital city (i.e.,
Tokyo). That means that for people living in the country, having spin
bits turned on could reveal their distance from Tokyo.

So the question is: if VPN users need special care, do some NAT users
as well? Or if the answer is no, what is the difference from between
the two groups?

Generally speaking, I am not against giving users the freedom to
expose spin bits, however I am wondering how the endpoints should
provide the freedom of choice (UI question) as well as what the
default should be.

>
> The privacy issue could be mitigated by turning off the spin bit at privacy sensitive clients, but this would make these clients "stick out".
>
> One solution would be to remove the spin bit from the spec, trading off better privacy for worse management. I am considering another solution in which privacy sensitive clients hide the RTT by controlling the spin, for example spinning at fixed intervals. I plan testing that option in Picoquic.
>
> -- Christian Huitema
>
>


--
Kazuho Oku