IETF Logo Mail Archive

Re: Privacy holes (was: Re: Getting to consensus on packet number encryption)

Kazuho Oku <kazuhooku@gmail.com> Fri, 06 April 2018 16:15 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16D0B1204DA for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 09:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esjW5mD11j_s for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 09:15:36 -0700 (PDT)
Received: from mail-pl0-x22a.google.com (mail-pl0-x22a.google.com [IPv6:2607:f8b0:400e:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 951B71200C5 for <quic@ietf.org>; Fri, 6 Apr 2018 09:15:36 -0700 (PDT)
Received: by mail-pl0-x22a.google.com with SMTP id b6-v6so905490pla.11 for <quic@ietf.org>; Fri, 06 Apr 2018 09:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gbqXfB1+ddM5jydrXDrE+WdYPXlgf2BfxGfSR6iquR4=; b=fe2SXqmG3aEKL+GHUbrvNS9JKX6DdhTaM0ALVcRib1eNaUr2vwS+NYYJAZayCZbiYo eR8x8X8yprkFzH4/xIXO69wunWNDt059kk6nX99b5mtonCGNAuh5U9fCfGhY8ESTRNc0 3ezjHxqA/xOfQBI86s1dxdpNQPEZfAsFUhiZSaloaIVfxgwpAlDc0V1Z1CopZ5ssUn6d +2Bac258vq6EAGjpqGRH2ztr71p9O2gMwi4A29oSqL8hUilIcjorx6k7HTPjxdQCj7fJ wddlkOlNj+cQ3hxCyv5Ak2P4LXJiW+qcBU6Fqbzf8r4Ub5kBmF3iomBrCMyxnjSqqBQB uPyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gbqXfB1+ddM5jydrXDrE+WdYPXlgf2BfxGfSR6iquR4=; b=N4KBA81TC7zaHSM99zxF7JB/CcvXur5BVOzotTVVtj8+WWZPl8aOJmk4F5RmpGIyHg WjWqUatbzHWM8ebdKhWmrHjyQii6lYeaZ2qftyuIeOgOlkOhdOTPq/ckiflakOWW1OJM xZCHTIDpPz8yqAoa2U7qseHiNKcHQBicZv5V/acv9GTc/uWQOeW88jkXLjX9yyMey9L2 o0WDgyfZakypiU/azRIck2pZSasyWaxd/KyQcSZMrhmRzsiPDsT5qC25sv7g1GDjxoEC hw25Xe5liPC1RIQwzYJlHl/H51QipMJ7uY/nCeNOleo7wCvm631YLNuHxS+eRimvdCGQ 8rkQ==
X-Gm-Message-State: AElRT7HuzC1PrXTx1UZB0rPARMxT+75tblWQJaKfaj8bznE+qUltrCwt lYw1Rr2aeXlD8sg2bQaIsl25BJivNctzfrm3+v0=
X-Google-Smtp-Source: AIpwx48xhOybzjHzPdV07Wh6iS8Z5SJ1+NqokxHRP4x8mn+tQOSI92/IBx3MTdoldeHI5vDRHZjLDxemR3mr6HLSqt8=
X-Received: by 2002:a17:902:8ec8:: with SMTP id x8-v6mr28557257plo.179.1523031336213; Fri, 06 Apr 2018 09:15:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.130 with HTTP; Fri, 6 Apr 2018 09:15:35 -0700 (PDT)
In-Reply-To: <CABkgnnWdAbQ-M2uNTWb8BkNJYTae8e_XVEgmO5MR_1woPnTd4A@mail.gmail.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com> <CABkgnnWdAbQ-M2uNTWb8BkNJYTae8e_XVEgmO5MR_1woPnTd4A@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Sat, 07 Apr 2018 01:15:35 +0900
Message-ID: <CANatvzx7hioPu_OVuLTbYczboBbL1HYkDqGy1PzyU_hyGi7z4Q@mail.gmail.com>
Subject: Re: Privacy holes (was: Re: Getting to consensus on packet number encryption)
To: Martin Thomson <martin.thomson@gmail.com>
Cc: "Brian Trammell (IETF)" <ietf@trammell.ch>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, QUIC WG <quic@ietf.org>, Christian Huitema <huitema@huitema.net>, Frederick Kautz <fkautz@alumni.cmu.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/J_mxKc751UlU6MgSMUsHptUcVOA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 16:15:38 -0000

2018-04-06 19:40 GMT+09:00 Martin Thomson <martin.thomson@gmail.com>:
> On Fri, Apr 6, 2018 at 7:14 PM, Kazuho Oku <kazuhooku@gmail.com> wrote:
>> One way to minimize the impact could be to suggest certain amount of
>> connections (e.g., 5%) to gratuitously migrate to a new tuple just once,
>> right after the connection is being established.
>
> I like this idea.  Do it rarely, but with a high enough probability
> that it is noticed.
>
> I don't think that we need to specify it, rather permit it (maybe with
> observations about the costs of doing it too often), then establish a
> convention.  We can reach enough of the client population in this
> group that we can probably coordinate effectively such that we reach a
> common enough proportion.  Add migrate-after-idle as the current PR
> suggests, which has a much lower chance of expanding state and I'm not
> seeing much need for "grips".

+1 to all the comments. The approach has very small (not if the least)
impact on existing QUIC implementations, middleboxes, and the
specification.

>
>> If we specify that way, we can assume that the impact on the NAT will be
>> having 5% more flows.
>
> 5% more only during the first timeout interval (whatever that is) and
> thereafter no more with this design.

Thank you for the correction. Nice catch :-)

-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email