RE: Adding ECN to Transport and Recovery

"Lubashev, Igor" <ilubashe@akamai.com> Tue, 12 June 2018 14:41 UTC

Return-Path: <ilubashe@akamai.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF701130F3F for <quic@ietfa.amsl.com>; Tue, 12 Jun 2018 07:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdl1sspVBlwR for <quic@ietfa.amsl.com>; Tue, 12 Jun 2018 07:41:47 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0115130F55 for <quic@ietf.org>; Tue, 12 Jun 2018 07:41:42 -0700 (PDT)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w5CEfUDu009963; Tue, 12 Jun 2018 15:41:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=4Mqv6J4c0IJ6+AWiS0ayfnUnZMzosyMAEZuKy2YVaSM=; b=d2okNn4XE5Mhr+Ew4oCMnSwHmMM9R92sMbGion61xubbHRp8S7uJ+WjfZVlAoSjkK34Y 9+WtTOh0EyOyX0qxpXjwzGopT8Pd+KY4z6vlQiQwJnrkWgzfEIJ1B+6+6V0vgEvsmxrI ebXDnO4cY7VE+rEjVk7WbSfYVZGTXpva4ihfDxchV7n//ccnNLSR1koBzDj/HwvyAjqP Qx8shwtinP2d6J02Lz6FHkuH9kQqJwsNvGO3OceslX43PK8x5BoIG7bRxQUkbrLredH7 oh8QnMG7Rnun3Mixnz1WJIY+87OVWOrv/vOVmmuA4NrDX1IiSqzpI3LfcRH+pdsz9J+0 CA==
Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 2jg65ns7pk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Jun 2018 15:41:31 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w5CEewHb017596; Tue, 12 Jun 2018 10:41:30 -0400
Received: from email.msg.corp.akamai.com ([172.27.25.34]) by prod-mail-ppoint4.akamai.com with ESMTP id 2jga7vhgrp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 12 Jun 2018 10:41:30 -0400
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 12 Jun 2018 09:41:29 -0500
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.27.107]) by ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.27.107]) with mapi id 15.00.1365.000; Tue, 12 Jun 2018 07:41:29 -0700
From: "Lubashev, Igor" <ilubashe@akamai.com>
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, "Eggert, Lars" <lars@netapp.com>
CC: Magnus Westerlund <magnus.westerlund@ericsson.com>, Jana Iyengar <jri.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>, Brian Trammell <ietf@trammell.ch>, IETF QUIC WG <quic@ietf.org>
Subject: RE: Adding ECN to Transport and Recovery
Thread-Topic: Adding ECN to Transport and Recovery
Thread-Index: AQHT9sK0H8sBCsQDiUuMTPA/hgyVTqRW+DkAgAAEvoCAABm1gIAAXg8AgAAm5gCAALVPgIAAQ7eAgAADFgCAAa0SAIABLgUA//+cLbCAAcXYgP//zEk/gAB4BICAAAHBgP//rYfQ
Date: Tue, 12 Jun 2018 14:41:29 +0000
Message-ID: <67a111e1eb754e118255ef67afeac60f@ustx2ex-dag1mb6.msg.corp.akamai.com>
References: <26584f2a-230b-c55e-db16-d32225c8ee4d@ericsson.com> <5a82e9ef-971f-6510-866c-9886e73796a9@ericsson.com> <20180608150833.GB13418@ubuntu-dmitri> <CAKcm_gM_OHgWcJ+ktAg9BCQx1rtHc9GFg2bZG40-NcO2MoVG9w@mail.gmail.com> <CANatvzySuzK9EO13m_UQxb4wZkYW=+6By3QMU5gKXhq69gaUag@mail.gmail.com> <790ec098-9ec9-5eff-4785-d71d9ac92059@huitema.net> <73B82E99-EFEE-4DBC-A2CA-8FA381F33C5E@trammell.ch> <CAKcm_gN-s0XVsGL2LLusvcm5_hp-Z5_9OFMkwph5m_bGMDbAtQ@mail.gmail.com> <55DA3F1D-2B09-4D25-9630-6BC85B68A3AF@huitema.net> <CACpbDcdTtQBLNhhiX_+wWCo-OzVvBKBpS-8RsYRcZ30xhefQZQ@mail.gmail.com> <1023590e-83d4-bed2-640a-f5cd131677d4@ericsson.com> <c89e100409774521b24cbe0c1167d978@ustx2ex-dag1mb6.msg.corp.akamai.com> <8cbb589e-860b-9007-4f07-adf7c43f037b@ericsson.com> <af85bf371c9f423d88acc4a674e9e3b0@ustx2ex-dag1mb6.msg.corp.akamai.com> <7FBCB032-0B09-42CA-B3F3-4F2EBE664D7A@netapp.com> <CAKcm_gPbfCS_51feanmVBCwCFhZETBhzPMPN6g0sti_DrWJQPg@mail.gmail.com>
In-Reply-To: <CAKcm_gPbfCS_51feanmVBCwCFhZETBhzPMPN6g0sti_DrWJQPg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.35.206]
Content-Type: multipart/alternative; boundary="_000_67a111e1eb754e118255ef67afeac60fustx2exdag1mb6msgcorpak_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-12_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806120167
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-12_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806120167
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/PGx2pocm5H0euMV41I2UHGvaECw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 14:41:50 -0000

I think we are in an agreement here.

A more generic conclusion from this discussion is that defense against man-on-a-side DoS attacks is out of scope for this WG (at least for v1).


  *   I

From: Ian Swett [mailto:ianswett=40google.com@dmarc.ietf.org]
Sent: Tuesday, June 12, 2018 8:33 AM
To: Eggert, Lars <lars@netapp.com>
Cc: Lubashev, Igor <ilubashe@akamai.com>om>; Magnus Westerlund <magnus.westerlund@ericsson.com>om>; Jana Iyengar <jri.ietf@gmail.com>om>; Christian Huitema <huitema@huitema.net>et>; Brian Trammell <ietf@trammell.ch>ch>; IETF QUIC WG <quic@ietf.org>
Subject: Re: Adding ECN to Transport and Recovery

I'd be shocked if anyone tried to use this attack in practice, and as Lars said, this is in no way specific to QUIC.  The one case I can imagine someone wanting to inject ECN is an on path middlebox, in which case that's what ECN is for.

I don't think this needs to be part of v1.

On Tue, Jun 12, 2018 at 8:27 AM Eggert, Lars <lars@netapp.com<mailto:lars@netapp.com>> wrote:
On 2018-6-12, at 14:17, Lubashev, Igor <ilubashe=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:
> The only thing that makes an attack on the congestion window nefarious vs an attack on version negotiation is that it leaves the user with an impression that the service is poor vs that the network is interfering with him connecting to the service.

Right, but that is not specific to QUIC.

There are possibilities to add mitigations at a later stage (QUIC v2 or v1.1), but I personally don't think these need to be part of v1.

Lars