Re: comments on the spin bit, in lieu of the mic line

Kazuho Oku <kazuhooku@gmail.com> Tue, 06 November 2018 23:58 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4CEA126CB6 for <quic@ietfa.amsl.com>; Tue, 6 Nov 2018 15:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcmUjrEeFvBk for <quic@ietfa.amsl.com>; Tue, 6 Nov 2018 15:58:02 -0800 (PST)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2A331252B7 for <quic@ietf.org>; Tue, 6 Nov 2018 15:58:01 -0800 (PST)
Received: by mail-lj1-x22b.google.com with SMTP id s15-v6so13148874lji.3 for <quic@ietf.org>; Tue, 06 Nov 2018 15:58:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=g31WuKgwcKHJugccTPR4WYDsE+R8XEQqP2n223acDnA=; b=CQJJoTcFKRO1EQ9/nRzR0w1Z/M/xalpz3qHC/qN0MN/Hi6ssCD0plDruwBu+rtDz5W OsKGNeyIYlYoX+L4VeCJJZ7ZMrYgCrAhKNeUkbCxvPRl0nw0aD7UsP0hocGYWkM9BNez n35pPbDkHEOgPwxRCTogCMoXnhS68x35zVdgb0WO60qLy9jFSGulIEZ0qkQ+OFTEBvTg o38hYYw1c+2Q9Nd6Cz7XJQUKroytbHr1MCTUgbW+nGWhY4JBsWcQ9jaU9HV4tiHr/LoM 3CuNg2cKEVmd4O3XzUFEj9hwQ2xK3Gl7ztYhb0siR0JXTQnOnQoFpIaC9ogaM9OxOn5f c8aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=g31WuKgwcKHJugccTPR4WYDsE+R8XEQqP2n223acDnA=; b=C+ymKPKnJqO3IoJKMxGnTAORVTXX0WqdrbR4V0xGob3btP/SOP6KntnUy/XFBPs9hR 1SV9a3VdIUgPmD3nO+AAGibphQ9mSMsULEvztlkVPJp4UKT5lNPbJIFrsaWk5bx9jbML 33vYkzzqND4fFmk3v+8iv+vsUyNuBIWBkkWF22qb+DNV6YYye32oqNnYHNDo7nO72xgb m5xfPEOugN+pFDj5ODmcDfKJxDDQ8Aj3+eStESgiuyf4wG7f0moGFV/gwhhWh1uHGMVc Gna+3ao/vGPH+T/A00JtVtfBCP6pNcB0ategLTOqDvPyvXuote7PEYxXylZyDNU+yOtN HrtQ==
X-Gm-Message-State: AGRZ1gKSOEMaAg3c+4Rvb4fUhevXYtoGxGYTym3XuY4ceKSJGyYjG5kf ke8tI88CoejQSv2NKxZsRvea8ljCYDCMlzDyJP5a5oq8Ljo=
X-Google-Smtp-Source: AJdET5eHeBttV0ThGDWEdAmQFqglEFcmSYDz1EZPUfdhV9a0I3h6kOxc0/VOU2F2aFYvFkcC6EFu9rpPlJ09OK6WTWc=
X-Received: by 2002:a2e:9715:: with SMTP id r21-v6mr4834801lji.30.1541548679773; Tue, 06 Nov 2018 15:57:59 -0800 (PST)
MIME-Version: 1.0
References: <31F20CF7-3B82-4856-B8AF-485117A10B7B@trammell.ch>
In-Reply-To: <31F20CF7-3B82-4856-B8AF-485117A10B7B@trammell.ch>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 7 Nov 2018 06:57:47 +0700
Message-ID: <CANatvzyXSTCjp4o2E+Xw2_MvYQ=i3HoCntQ-JW_miZq_yzrbmg@mail.gmail.com>
Subject: Re: comments on the spin bit, in lieu of the mic line
To: Brian Trammell <ietf@trammell.ch>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/MEHAbW_-wIdqcVz8KaK0399sH-U>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 23:58:05 -0000

2018年11月6日(火) 23:03 Brian Trammell (IETF) <ietf@trammell.ch>;:
>
> Greetings, all,
>
> As I might not make it to tomorrow's discussion remotely, I wanted to go ahead and say a few things that I would say in the mic line. To the questions posed in the agenda:
>
>
> - Yes, we should consider only the 1-bit variant. The VEC protects the fidelity of the signal very well (indeed, well beyond the bounds of network conditions the transport will tolerate), but (1) Marcus' work in particular has shown that even in challenging network conditions, relatively simple heuristics at the observers can compensate for not having it, so (2) at the cost of two extra bits the marginal value is low.
>
> - Yes, the spin bit is clearly fit for purpose. I'll note we've done more research on this question than for any other single feature under consideration for inclusion in QUIC.
>
> - I am not at this time responsible for any sizeable deployment, so I can't speak directly to the third question. While I hope we'll hear from more implementers during the discussion tomorrow that they intend to implement, IMO even just a deployment from Microsoft would be sufficient to generate enough spinning flows to make deployment of observers useful.
>
> - The spin bit should be included in the specification. It provides the continued ability to measure RTT passively in a future world where TCP traffic is increasingly replaced by QUIC traffic, at negligible complexity cost, essentially zero runtime overhead, with negligible privacy impact, and what negligible impact it may have on privacy in certain corner cases can be easily mitigated.
>
> - As to requirement levels, I'd stick with my own recommendation from the earlier thread: client and server SHOULD implement, though server SHOULD is IMO marginally more important than client SHOULD.
>
>
> Now some details (presuming, of course, that the discussion gets that far):
>
> - In any case, both server and client SHOULD independently randomly disable spinning on some proportion of connections (1/8 to 1/16) to target a given proportion (1/4 to 1/8) of connections spinning, as in [section 4 of the author's copy of spin-exp](https://quicwg.org/base-drafts/draft-ietf-quic-spin-exp.html#rfc..section.4). This is to ensure that those endpoints that wish to opt out have a large anonymity set to hide in.
>
> - If we want to maintain the principle of linkability reduction across CIDs, then this non-spinning-state should be independent for each CID. In contrast to what's in section 4 of spin-exp, non-spinning spin bits shouldn't be set to zero, rather to a random value on a per-CID basis. This is easily recognizable by an observer in all cases (client/server participate/nonparticipate-1/nonparticipate-0), and reduces the risk of ossification around nonparticipant action. (This risk is small, to be sure, but we should not clamp a bit to a constant value, if only because we want the protocol's design to consistent.)
>
> - As to whether non-spinning should be negotiated (see [the appendix in the author's copy](https://quicwg.org/base-drafts/draft-ietf-quic-spin-exp.html#rfc.appendix.A)) versus "discretionary", I was originally a fan of negotiation (as it provides a better-than-greasing way to exercise the version negotiation mechanism), but the rules for maintaining the principle of linkability reduction across CIDs become more complicated for negotiated spin, and the benefits for observers (i.e., that an observer can classify flows by version) become far less clear in the face of that linkability reduction. So I would lean toward the discretionary approach for the sake of simplicity -- we'll just have to exercise version negotiation by shipping version 2 soon after version 1. ;)

Brian, thank you for starting the discussion.

I’m attending, but let me respond here, because I would like to
“optimize to avoid” people using their brain to parse my broken
English expressed verbally :-)

If we are to adopt spin bit, my view is that the use MUST be negotiated.

It seemed to me that we agree to the fact that at least in extreme
cases (e.g. a client or a server behind a intercontinental VPN), there
is a privacy concern in exposing the spin.

Assuming that is true, an endpoint cannot discretionary start exposing
spin bits, because it exposes to the observer who knows the location
of the endpoint (which is the common case) how far the peer is from
it's VPN gateway.

It might be true that negotiating the use makes implementations
slightly complex. But the complexity should not be used as a reason to
ignore privacy concerns, especially in case where the additional
complexity is small.

>
> If I can't join, have fun tomorrow. Cheers,
>
> Brian
>


-- 
Kazuho Oku