Re: Structuring the BKK spin bit discussion

"Brian Trammell (IETF)" <> Wed, 31 October 2018 14:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 088FF130E27 for <>; Wed, 31 Oct 2018 07:18:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YWDep4rIZXqy for <>; Wed, 31 Oct 2018 07:18:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 729C0130DCC for <>; Wed, 31 Oct 2018 07:18:45 -0700 (PDT)
Received: from (localhost []) by localhost (Postfix) with ESMTP id 137E9341C98; Wed, 31 Oct 2018 15:18:43 +0100 (CET)
X-Iway-Path: 0
Received: from localhost (localhost []) by localhost (ACF/20439.12204); Wed, 31 Oct 2018 15:18:42 +0100 (CET)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS; Wed, 31 Oct 2018 15:18:42 +0100 (CET)
Received: from [] (account HELO []) by (CommuniGate Pro SMTP 6.2.9) with ESMTPSA id 72262924; Wed, 31 Oct 2018 15:18:42 +0100
From: "Brian Trammell (IETF)" <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_0E4952A1-AC2D-41CB-8D48-45671CF1DDF9"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: Structuring the BKK spin bit discussion
Date: Wed, 31 Oct 2018 15:18:41 +0100
In-Reply-To: <>
Cc: Kazuho Oku <>, Christian Huitema <>, Lars Eggert <>, IETF QUIC WG <>, Dmitri Tikhonov <>
To: Marcus Ihlar <>
References: <> <20181029160802.GD7258@ubuntu-dmitri> <> <> <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 31 Oct 2018 14:18:49 -0000

hi Kazuho, Marcus,

+1 to this; the intra-network latency variation on the mobile segment of the mobile networks we looked at via the MONROE in the testbed in our PAM paper the followed from the RTT DT work (see, especially section 3.1 and figure 2(b)) makes RTT measurement on a mobile network useless for geolocation.

We did notice (not shown in the paper) that different carriers (n = 4, if I recall correctly) had distinct latency distributions, so with traffic from all Japanese mobile users you could probably use RTT data in the aggregate to build a "carrier classifier". This is of course a useless exercise because you can already tell which carrier a subscriber is coming from by looking at the IP address of the CGNAT exit.

IMO there are only a few edge cases where there are actual potential geoprivacy issues raised by the spin bit with respect to tunneled VPN traffic. All of these involve trans- or intercontinental tunnels (>30ms of additional RTT, for 3000km of location uncertainty -- how far is it from Okinawa to Hokkaido?). In every case the handshake latency gives you away as well, but in every case long RTTs might also have non-distance related causes. So while I see disabling the spin bit as a necessary feature, especially for clients to have, IMO its utility is more useful for peace of mind and information reduction than for actual information elimination.



> On 31 Oct 2018, at 13:40, Marcus Ihlar <> wrote:
> Hi Kazuho,
> I believe the biggest difference is the size of the hidden network segment.
> In the NAT case the client and NAT are still in the same country or continent.
> A quick glacne at shows that the city farthest from Tokyo in Japan is Naha-Shi, at 1554 km.
> That translates to roughly 5ms at the speed of light, so the kinds of measurements to determine distance from Tokyo based on RTT will be extremely sensitive and error prone.
> Please note that the distance analyis can be performed on handshake RTT as well, for connections where the initial handshake is visible at the measurement point.
> Från: QUIC <> för Kazuho Oku <>
> Skickat: den 31 oktober 2018 11:20
> Till: Christian Huitema
> Kopia: Lars Eggert; IETF QUIC WG; Dmitri Tikhonov
> Ämne: Re: Structuring the BKK spin bit discussion
> 2018年10月30日(火) 1:54 Christian Huitema <>:
> >
> >
> >
> > > On Oct 29, 2018, at 9:08 AM, Dmitri Tikhonov <> wrote:
> > >
> > >> On Mon, Oct 29, 2018 at 05:26:34PM +0200, Lars Eggert wrote:
> > >> We'd specifically like to ask client and server implementors with
> > >> projected sizable deployments to indicate whether they intent to
> > >> implement and deploy, if the WG decided to include the spin-bit in
> > >> the spec.
> > >
> > > LiteSpeed Technologies will support the spin bit -- both in our
> > > server and client QUIC implementations -- if it make it into the
> > > draft.
> >
> > My implementation is not used in any large scale deployment, but it does support the spin bit. In fact, it has configuration options to support spin bit variants: node, just spin, spin + vec, spin + QR.
> >
> > I think the strongest objection to the spin bit was put up by Marten during the last interim: measuring the RTT with the spin bit discloses the use of hidden path segments like VPN. This issue was not discussed during the privacy analysis.
> May I ask if the VPN users are the only ones that lose some privacy
> with spin bits?
> I ask this because I live in a country where IIUC the mobile carriers
> place their nation-wide carrier-grade NAT near the capital city (i.e.,
> Tokyo). That means that for people living in the country, having spin
> bits turned on could reveal their distance from Tokyo.
> So the question is: if VPN users need special care, do some NAT users
> as well? Or if the answer is no, what is the difference from between
> the two groups?
> Generally speaking, I am not against giving users the freedom to
> expose spin bits, however I am wondering how the endpoints should
> provide the freedom of choice (UI question) as well as what the
> default should be.
> >
> > The privacy issue could be mitigated by turning off the spin bit at privacy sensitive clients, but this would make these clients "stick out".
> >
> > One solution would be to remove the spin bit from the spec, trading off better privacy for worse management. I am considering another solution in which privacy sensitive clients hide the RTT by controlling the spin, for example spinning at fixed intervals. I plan testing that option in Picoquic.
> >
> > -- Christian Huitema
> >
> >
> --
> Kazuho Oku