Authentication in draft-kuhn-quic-bdpframe-extension
Q Misell <q@as207960.net> Thu, 02 November 2023 16:44 UTC
Return-Path: <q@as207960.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58793C151542 for <quic@ietfa.amsl.com>; Thu, 2 Nov 2023 09:44:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbuSUK7Sh8Fi for <quic@ietfa.amsl.com>; Thu, 2 Nov 2023 09:44:33 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2A8C14CF0C for <quic@ietf.org>; Thu, 2 Nov 2023 09:44:32 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-53e2308198eso2001087a12.1 for <quic@ietf.org>; Thu, 02 Nov 2023 09:44:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1698943470; x=1699548270; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=VGRzQ5MXTRQIAoik50dAEcVIpwgIRZHAz3RmjX0fqgY=; b=Svu1a2qymVSH1MAegVu/h3UguKxdNdY3Z9WTxOTjm+6CA/hY//qyv1tJe21dFD8qtL iqYOPXSFNnr7lEY4vWdGFJgjZLKuINNhoggGUCN11+x5L+Y2PB39rYx+FMnWMeC0SsuI 8Czl+qWm0afPnIfzKNtKn2y8SrNH3tChtLiZlEoA40MAfOCu2bTzet7++4ML8i2fUSg1 6ySxmOIlep/6zOGdJWezBebuAsq/S5vB0FvKuYrbjfpiNrw0PB9+roFYjDks2fB7RY+K peBIfHXjeTn/YSO7FEMhGq1NCCDYmhMrCXPwDC81zKX8HRVwPYitkp0l8nz57+b7HB5G 1BhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698943470; x=1699548270; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=VGRzQ5MXTRQIAoik50dAEcVIpwgIRZHAz3RmjX0fqgY=; b=g2y0u9VDZ2K8zOUUncbpk0/qdAci84UUKWDFOlziXKIma/q0abUn3G0vGJe8lm+k98 7UNBBi9ZY1uo4u3TElrBEEyQXqX4zpVce7n7I4mJxG8ZrKEDdu9ITbbOJGFKp6CTfog1 2SFSazgVPfFr/JYpOz6Wlq4GMFa/nJO2tw1HELML6yE/2eTQSoiyud94TN3U9TqrQSC4 fD/hPO7WqBtwmjh9av2ru8GKbrkQBdR3VGQ4XA8EXC/p6SFi41m3Ve/N3C0XAR0AZopf fGLmO21wyTVn5szhe1caHUR85O/+EdYDWFPTMLIoE8nlLRtLxR08/a80bbRfJtyHo4cj Zn3A==
X-Gm-Message-State: AOJu0YyRLPnbF2ese0l271TlVVajO7A6SigVsAt1FPQoCcJYt9pCDss0 iU1gdh9YBiGbYDyKKCEsgETyZhehX7uiPTZZQHncMTR9K+ut+xm1ERc=
X-Google-Smtp-Source: AGHT+IEIyseuOXt+hPhydAyE8eKGt1B4zAleJbMrYfmg8aMlhAU50vdB9poykpoaDCVKYBkBcyAu0toFRAVNcJOIZgY=
X-Received: by 2002:a05:6402:1049:b0:540:c989:fcdd with SMTP id e9-20020a056402104900b00540c989fcddmr15966944edu.11.1698943469094; Thu, 02 Nov 2023 09:44:29 -0700 (PDT)
MIME-Version: 1.0
From: Q Misell <q@as207960.net>
Date: Thu, 02 Nov 2023 16:43:52 +0000
Message-ID: <CAMEWqGsGCEhC97Yt-r9YBwGCPxH6+OGj7GfTmomMDJBD6S_ZBQ@mail.gmail.com>
Subject: Authentication in draft-kuhn-quic-bdpframe-extension
To: quic@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f820b306092e190a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/LvJE_BvU3OMdJ0MIifwAWUTJEmY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2023 16:44:38 -0000
Hi all, I've been working with Gory (and others) on actually implementing the BDP frame extension, and further refining the draft based on experience from implementation. One thing that came up that I'd like to ask the WG's opinion on is that of authentication of the BDP frame, and when it should be sent in the exchange. I've had a few thoughts on this, it'd be great to hear what others think of them, or what other suggestions people might have. First, my thoughts on authentication. Do the CC parameters need to be authenticated at all? I would say yes as a client sending some unauthenticated CC parameters could cause a DoS of the server (or any other node along the path) by trying to send far too much data at once. Should the CC parameters be encrypted? Probably not, as a client which is aware of a major decrease in available capacity could compare the new link capacity to its stored CC parameters and decide not to send them. If they're encrypted the client can't inspect what CC parameters the server thinks the link will have. How should they be authenticated? There are a few options I can see here, and I'm unsure which is best: (1) Authenticated with the TLS certificate (2) Authenticated with some other asymmetric key (3) Authenticated using some symmetric key known only to the server (4) Same as 3 but with a key identifier Options 1 and 2 allow the client to verify the authentication over the CC parameters, but this doesn't seem to be of much use to me. Option 1 additionally sets a time limit on use of stored CC parameters, as the TLS certificate will eventually expire. This doesn't seem to me to be much of an issue. A new connection far into the future (say 1-2 months) would almost certainly have different CC parameters anyway. Option 3 seems the best to me. It would allow one key to be shared across an array of anycast servers, without sharing other keying material that might be used to protect more sensitive parts of the connection. Option 4 additionally expands on this by allowing key rotation without immediately invalidating all current stored CC parameters. When should the BDP frame be sent? There are two places I can see BDP frames being useful to send: (1) After initial frames but before crypto frames (2) After crypto frames and before application data Option 1 allows for the previously calculated CC parameters to be used for the sometimes quite large TLS handshake, but also precludes options 1 and 2 for authentication. Option 2 allows for greater flexibility in authentication, and also makes the BDP frame encrypted in transit. I'm unsure what the privacy implications of an unencrypted BDP frame are, so if anyone can come up with a reason CC data shouldn't be observable to an intermediary that would be greatly appreciated. Looking forward to hearing your thoughts. Cheers, Q Misell ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
- Authentication in draft-kuhn-quic-bdpframe-extens… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Watson Ladd
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Martin Thomson
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst