IETF Logo Mail Archive

Re: QUIC Address Discovery

Tommy Pauly <tpauly@apple.com> Wed, 25 October 2023 00:16 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BB9BC15155A for <quic@ietfa.amsl.com>; Tue, 24 Oct 2023 17:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrqiO3padkWa for <quic@ietfa.amsl.com>; Tue, 24 Oct 2023 17:16:17 -0700 (PDT)
Received: from rn-mailsvcp-mx-lapp02.apple.com (rn-mailsvcp-mx-lapp02.apple.com [17.179.253.23]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A271C151557 for <quic@ietf.org>; Tue, 24 Oct 2023 17:16:17 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by rn-mailsvcp-mx-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S3200O9P634ZT00@rn-mailsvcp-mx-lapp02.rno.apple.com> for quic@ietf.org; Tue, 24 Oct 2023 17:16:17 -0700 (PDT)
X-Proofpoint-ORIG-GUID: 5FasEo75EqfCHNqi8iNqsBIkYrdMDqUV
X-Proofpoint-GUID: 5FasEo75EqfCHNqi8iNqsBIkYrdMDqUV
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-24_23:2023-10-24, 2023-10-24 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 spamscore=0 bulkscore=0 mlxscore=0 malwarescore=0 mlxlogscore=503 adultscore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2310170001 definitions=main-2310240208
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=Gf/DsImVqBsFurB0LJYND6FQcPzWg4fYyc5YoYvCbBY=; b=qBo39xHVD0Lf8vC1In8fZHuhCUt5dopeJ5pj2ifNW/5pehzVm1yiDrfBnqSEdk9m03Qh +sQUACclG2Yh7LcRbC9iyPjB0BVcyo/RuGpoIyTnWPmBL4xqlxpLhtPY8B8WMGySsceT sQj2t7PV3c4nw6Stf8arGHdyJfEzzO/lQUplO6z4ppdfswsWnkJw49f5JhU4PPZWM18h cUFr4Zd45Oy0ogTNdNDtvCBLfaJuTM7U0zILHUNSsrNLbVYBFkEeDlhVa3NpzGflnEv2 qL0CJZ08DZxsjcaY0R+o+OkNlq49Y+dyIh+2UgdGQnQA43DtoiWugKDRNrWDKwVC48QY EQ==
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S3200L66634Y520@rn-mailsvcp-mta-lapp01.rno.apple.com>; Tue, 24 Oct 2023 17:16:16 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S32005005WI7O00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Tue, 24 Oct 2023 17:16:16 -0700 (PDT)
X-Va-A:
X-Va-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-Va-E-CD: bca6fe8c91c9092793936f6c467c1c56
X-Va-R-CD: 5e6c3502248d3c6fd49a3b6a0c10307f
X-Va-ID: 78ea46f5-af9e-4381-b304-fb43b235ed50
X-Va-CD: 0
X-V-A:
X-V-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-V-E-CD: bca6fe8c91c9092793936f6c467c1c56
X-V-R-CD: 5e6c3502248d3c6fd49a3b6a0c10307f
X-V-ID: 122b59eb-1554-4f67-b79b-523b62c1b14b
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-24_23:2023-10-24, 2023-10-24 signatures=0
Received: from smtpclient.apple ([17.230.146.104]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S3200ACO6341010@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Tue, 24 Oct 2023 17:16:16 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <4B3E92AC-099E-41A6-A267-C8FA099C4DF0@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_B46AF98A-7314-47ED-A28C-5A1D77719172"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Subject: Re: QUIC Address Discovery
Date: Tue, 24 Oct 2023 17:16:15 -0700
In-reply-to: <CAPDSy+5LeizGhCdo+4PSe297O8_+T_i=FF4pN1v=W-d2JeNfBg@mail.gmail.com>
Cc: Marten Seemann <martenseemann@gmail.com>, QUIC WG <quic@ietf.org>
To: David Schinazi <dschinazi.ietf@gmail.com>
References: <CAOYVs2os+0EVc-ptpFU8tbHO-4-JcPwpQ6kbbQh9n4UHC5j8rg@mail.gmail.com> <CANatvzxMFWyn6GXXB+OZAOBGNqpvAS6N565PaTvgPmqrPtN2Qg@mail.gmail.com> <CANatvzz3D-iH_-VbwVW=uJGHn_ingd7z3kB2z==eu-_JGYbtLQ@mail.gmail.com> <CAPDSy+5LeizGhCdo+4PSe297O8_+T_i=FF4pN1v=W-d2JeNfBg@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/MhJaQ6zXNYhbECFFF2XCZ2BgaUo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2023 00:16:19 -0000

Indeed, very much deja-vu to see this coming up!

I do think this is still a good idea to be handled, at some layer. The older draft did use random values for the request ID, not a sequence number.

 At the same time as that older draft, we had published a proposal to handle this in TLS extensions: https://datatracker.ietf.org/doc/html/draft-kinnear-tls-client-net-address-00

Thanks,
Tommy

> On Oct 24, 2023, at 4:19 PM, David Schinazi <dschinazi.ietf@gmail.com> wrote:
> 
> This sounds very similar to this draft:
> https://datatracker.ietf.org/doc/html/draft-pauly-quic-address-extension
> Might be worth chatting with the authors to see if they're still interested in this topic.
> 
> David
> 
> On Fri, Oct 20, 2023 at 11:29 AM Kazuho Oku <kazuhooku@gmail.com <mailto:kazuhooku@gmail.com>> wrote:
>> 
>> 
>> 2023年10月20日(金) 14:27 Kazuho Oku <kazuhooku@gmail.com <mailto:kazuhooku@gmail.com>>:
>>> Thank you for the draft.
>>> 
>>> I do not have enough knowledge to comment on the use-case, but I have one concern regarding the design.
>>> 
>>> It seems to me that the credit (i.e., permitted sequence number space) for sending REQUEST_ADDRESS frames is not bounded.
>>> 
>>> Doesn't that mean that an attacker can issue an arbitrary number of REQUEST_ADDRESS requests without sending acks, thereby causing state exhaustion at the receiver?
>>> 
>>> That leads me to wonder if it is the best way to implement this sort of request-response protocol directly on top of QUIC frames. What is the rationale for defining this protocol not on top of QUIC streams, as part of the application protocol?
>>> 
>>> FWIW, if use of QUIC streams is undesirable, one alternative would be to use TLS post handshake messages (i.e., the CRYPTO stream at the application packet number space). The benefit of such a design would be that the address discovery mechanism would then work on any protocol built on top of TLS (e.g., TLS-over-TCP, DTLS, QUIC).
>> 
>> PS. Or, if we are seeing an emerging pattern of using one QUIC connection for conveying multiple application protocols (looks at WebTransport), is there a need to agree on (if not standardize) how QUIC streams are shared among the application protocols?
>> 
>>> 
>>> 
>>> 2023年10月20日(金) 3:39 Marten Seemann <martenseemann@gmail.com <mailto:martenseemann@gmail.com>>:
>>>> I just published an I-D that defines a mechanism for QUIC endpoints to discover their (public) IP address and helps them determine their position in the network (e.g. if they're behind a NAT): https://datatracker.ietf.org/doc/draft-seemann-quic-address-discovery/
>>>> This is especially helpful for QUIC nodes running in a p2p setting.
>>>> 
>>>> A similar result could be achieved by using STUN on the same UDP socket, but there are several advantages of doing it inside of QUIC. See the draft for details.
>>>> 
>>> 
>>> 
>>> --
>>> Kazuho Oku
>> 
>> 
>> --
>> Kazuho Oku

v2.23.0 | Report a Bug | By Email