Re: Packet number encryption
Kazuho Oku <kazuhooku@gmail.com> Tue, 06 February 2018 12:49 UTC
Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DB5F12DFDB for <quic@ietfa.amsl.com>; Tue, 6 Feb 2018 04:49:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caj8_nF5ZLud for <quic@ietfa.amsl.com>; Tue, 6 Feb 2018 04:49:07 -0800 (PST)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFF0112DA6A for <quic@ietf.org>; Tue, 6 Feb 2018 04:49:06 -0800 (PST)
Received: by mail-pg0-x22f.google.com with SMTP id x25so1050392pge.3 for <quic@ietf.org>; Tue, 06 Feb 2018 04:49:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FIs8L/9TBTzMh4hjwFSgZ7NP5QJ7eDqgW6oULQN4TPY=; b=Req+easf/5srm2iaX6OBBeFAOyjlQTo67zd4mcMUtkwXTVVAqg0ZxH1ZLsy0scmzPG IH35+UdPnYVDCQbPqzIvfcNynLG7I8kZx0P/zSIL9MCNKn9RfEnxIeAyGdKAWNU1Av06 T5f7PDNn+0b2caVQcOTyXYNqU+xyTp+uiMt190nXVXPDCop00Dlqhn8NEWB/fI0azFvE fQ2vz07mt1JHwbBt3lTvAE1spB9r90BbtSkggNKNxcZCTHeDT73qn5hb+zU84kooRmgu RCwJB2s98kk9H9y48Wm1bvR1TXu/IjdVq0/TtEaWDiyD/XCkll2XX81uQvIjVuK7mkE9 bQLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FIs8L/9TBTzMh4hjwFSgZ7NP5QJ7eDqgW6oULQN4TPY=; b=EJIxds5n6tlNM7Yty4P7dCALdqgAW/qs7xOYPtMU6XZHU0ReRURqc0pinfjd7bo+ns qLcaebR7edfsWD820r7Rq3povyD+5pnVCrJ5deQm18mgKKNHd5X+omFiigeq4XgVi8dP PpqlQ8CAEV7UTU94DcxYM/M8Zx5x7lRVu2O4rGHTxZFJXuR9KewwyKRZNiJBLGp0AXSB VGfLxQEcRZBaJaWEe/GWYpjYYySaeIoXBOZ0QK8rnTPPECBr/Swr9fk5piZqY3pomKnH D80fyOolaJVOg5VA2P+dw78lC+ZAuCgc6IBmO1tPC8y2QUxZC/sAfLrYv5FUTwOx5XPy blXg==
X-Gm-Message-State: APf1xPDgJqtW/hpErkIBEOnmM9Zkw9rmzzJYRRCAOc0Nu5Df/mGiYhrq fKo5kuxdc3DahjYuSiwnIDI8MxqO/yn2cFH/MZk=
X-Google-Smtp-Source: AH8x227amrXqZunCmGeASnhyv4/tXb70mNyIrdFwlsKj4fPs8HCTWolZTJX3fqcPyTKQOuzgRECRJ7tlmA1+RMJYwMg=
X-Received: by 10.99.124.66 with SMTP id l2mr1878739pgn.290.1517921346050; Tue, 06 Feb 2018 04:49:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.236.156.11 with HTTP; Tue, 6 Feb 2018 04:49:05 -0800 (PST)
In-Reply-To: <CAGD1bZbOAaSBcQw4nVtGuwRunaAW8MYHq9yPxNN6DdKHzt5HtQ@mail.gmail.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <1F7FB3B8-A94C-4354-9944-FB09FB8DB68B@trammell.ch> <CABcZeBMbwdwyC9TxxHBLYaZKfNB-FG2wCGjqUZ_mNR-A1R47FA@mail.gmail.com> <9096e5ec-581e-875a-b1dd-bff0b05206fd@huitema.net> <CABkgnnWRQSAufwPss+qf=xAzCwRYeNNH8XLPm3yFaHxOb+ba4g@mail.gmail.com> <BF80500A-6277-45DC-8525-9C3FE138B76D@tik.ee.ethz.ch> <5A7191E0.6010003@erg.abdn.ac.uk> <5214AD93-8376-4B25-922F-AF5551CC2E95@netapp.com> <F990E064-E6F8-41A3-B791-F776C9955E15@nokia.com> <CAGD1bZab0GaZFsHwC+nw3AxxC4VusxMJ6oDanzk3dSDdWKAXdw@mail.gmail.com> <2C515BE8694C6F4B9B6A578BCAC32E2F83BA1443@MBX021-W3-CA-2.exch021.domain.local> <BY2PR15MB07757473DB9788558B902EB5CDF80@BY2PR15MB0775.namprd15.prod.outlook.com> <6E58094ECC8D8344914996DAD28F1CCD861B7F@DGGEMM506-MBX.china.huawei.com> <e529144067624fcba636fc8c24ee3ff4@usma1ex-dag1mb5.msg.corp.akamai.com> <BY2PR15MB07754D83A1721F2BD742359BCDFE0@BY2PR15MB0775.namprd15.prod.outlook.com> <2CD9DC43-D69B-43F0-8474-DFE798850A52@akamai.com> <CAGD1bZaUuNxqpDkn62B0wWcFD8=mCUWrAwWGG-rAOxH7Mf1=cQ@mail.gmail.com> <CY4PR21MB01334E30C7AF6AE75F58EEFDB6FE0@CY4PR21MB0133.namprd21.prod.outlook.com> <CAGD1bZaxrqzdkk0wxRaULwOTgg6wnrSrXNBK31s4uxdozaACBA@mail.gmail.com> <CAGD1bZbOAaSBcQw4nVtGuwRunaAW8MYHq9yPxNN6DdKHzt5HtQ@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 06 Feb 2018 21:49:05 +0900
Message-ID: <CANatvzx+uDHMV5XS=OuVYBqe_RYX=EmVWAmjuONS8BpNYCPweA@mail.gmail.com>
Subject: Re: Packet number encryption
To: Jana Iyengar <jri@google.com>
Cc: Praveen Balasubramanian <pravb@microsoft.com>, "Salz, Rich" <rsalz@akamai.com>, "Lubashev, Igor" <ilubashe@akamai.com>, Roberto Peon <fenix@fb.com>, QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Tjxt1AActRs9P1Fn8AjK6a6NuNU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 12:49:09 -0000
2018-02-06 9:30 GMT+09:00 Jana Iyengar <jri@google.com>: > I don't think we're converging here, so I'd like to try and encourage us to > move towards it. I have my opinion, but I care more about forward progress > at this point. > > There are three designs so far: > 1. Packet numbers as is, with random gaps around migration. > 2. Packet numbers encrypted, as per Martin's PR. > 3. Packet numbers encrypted, plus a small modulo sequence number somewhere. I wonder if we can provide opportunity to observe upstream loss / reorder rate by just reserving one bit per packet. The strawman is as follows. Sender exposes one bit per packet that can be observed by on-path devices. The bit is flipped for every 256 packets that the sender sends. Observer records the bit of each packet as they pass by. If there is no loss or reorder, the pattern an on-path device would observe is repetition of 256 zeros and 256 ones. In other words, the wavelength is 512 samples. When there is a loss, the wavelength becomes shorter. The wavelength becomes 512 * (1-loss_rate) samples. For example, if the wavelength being observed is 384, loss rate is 25%. If there is reorder, the edge (i.e. shift from zereos to ones, or vice versa) becomes unclear. Duration of the transition will reflect the extent of reordering. Theoretically, it might be possible to explain the approach as a way to let the sender emit a wave, then FFT the wave in on-path devices to observe loss / reorder. Or it could be explained as just sending one bit of the sequence number, somewhere in the middle (i.e., not LSB nor MSB). The pros of the approach is obvious; we will only spend 1 bit per packet. Privacy impact is minimum. Implementing it is easy. Another benefit is that it would be difficult (if not impossible) for on-path devices to use the bit for purposes other than observation (i.e., change the ordering of the packets "for performance"). OTOH I am not sure how hard it would be to build tools for observing upstream behavior using the proposed approach. Or I could well be missing some requirements that operators have, as I am an endpoint developer. > > The concrete ones here are (1) and (2). I'm listing (3) but am not inclined > to consider it seriously, since it's not concrete enough, (and I don't want > more bits to be spent in the QUIC packet header if that's where this info > goes.) > > There are opinions about ossification, privacy, and manageability. I'm not > hearing bloody murder, so for what it's worth, I'd like to stipulate first > that we can all live with the final design, whichever one it is. If anyone > disagrees, please say so -- I think it'd be useful to hear if there are > folks who think a particular design is fundamentally problematic. > > My opinion is still for (2) over (1), but I can live with either. > > On Mon, Feb 5, 2018 at 3:32 PM, Jana Iyengar <jri@google.com> wrote: >> >> Praveen, >> >> That was precisely my point about the ecosystem evolving. Now that we have >> the ability to classify flows, various things have been built around being >> able to tell TCP flows. This obviously has benefits as you point out, but >> the downside is that that I can't get good network utilization with a single >> flow. I understand the scaling point, but speaking of common cases, any >> server in the wild is usually serving a large number of connections at >> moderate speeds, not a single one at 25-35 Gbps... which makes that sort of >> scaling less exciting than in a microbenchmark. >> >> FWIW, the other downside of ECMP is that multipath transport doesn't work >> -- you need to hash on something else besides the 4-tuple. (We had to work >> around this in Google's deployment of connection migration.) >> >> I'll disagree with your point about reordering being the uncommon case. >> While that's true today, this is again an expectation that the network works >> hard to maintain, though the ecosystem and what we expect as "usual" would >> be quite different had we not built TCP's requirements into the network. >> There's nothing wrong with having n-modal latencies... we can engineer >> around that. Any sensible load distribution scheme within the network will >> give you increased variance but it should limit the worst-case latency. >> You'd perhaps agree that that's a net win. >> >> This was an example of how exposing packet number or not can have long >> term ecosystem effects. My point was about the fact that exposing can cause >> ossification. >> >> - jana >> >> On Mon, Feb 5, 2018 at 9:24 AM, Praveen Balasubramanian >> <pravb@microsoft.com> wrote: >>> >>> >> This was definitely true for implementations of TCP, but that is TCP's >>> >> problem, not the network's >>> >>> Flow classification happens through the network and also on the end host >>> with RSS where a flow is mapped to a core. This allows for building high >>> performance receive processing that could be lock free for the most part. >>> The only downside of ECMP on the network and RSS on the CPU is that a single >>> flow will not take multiple paths or get processed on more than one core. >>> Windows on server machines today can saturate 25-35 Gbps for a single TCP >>> connection before being CPU limited. This is a reasonable trade off because >>> I don’t know of cases where a single flow is driving more than that amount >>> of traffic. Assumptions about how flows get classified help make for more >>> efficient processing. They also lead to consistent latency. You do not want >>> the traffic to take a bi-modal or N-modal paths (on the network or the host) >>> to being processed because the fluctuations in latency will hurt the >>> workload. I am not arguing for TCP not being resilient to reordering but IMO >>> that should be the uncommon case not the common case. With QUIC if streams >>> were exposed on the network you could take advantage of stream level ECMP >>> and RSS to scale better than TCP but we have chosen to keep the 4-tuple (or >>> the 5-tuple) as the flow classifier on the network which is ok by me since >>> it leads to TCP parity. >>> >>> >>> >>> Thanks >>> >>> >>> >>> From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Jana Iyengar >>> Sent: Sunday, February 4, 2018 8:35 PM >>> To: Salz, Rich <rsalz@akamai.com> >>> Cc: Lubashev, Igor <ilubashe@akamai.com>; Roberto Peon <fenix@fb.com>; >>> QUIC WG <quic@ietf.org> >>> Subject: Re: Packet number encryption >>> >>> >>> >>> Privacy-protection can't be a user choice, for the reasons others have >>> noted on this thread. >>> >>> >>> That said, my primary argument is for encryption to avoid ossification. >>> Not that it matters now, but I'll note that much of GQUIC's original >>> motivation for encrypting headers was to avoid ossification. >>> >>> >>> >>> I'll reiterate that fields we expose will get ossified and there are >>> long-term ecosystem effects to this. Let me illustrate this with precisely >>> the packet number field. Middleboxes commonly assume that a TCP flow can >>> only handle packets in-order. This assumption comes from the fact that TCP >>> implementations get poor performance when packets are reordered. This was >>> definitely true for implementations of TCP, but that is TCP's problem, not >>> the network's. However, almost all load-balancers I know of now will pin all >>> packets within a TCP flow to one path, leading to sub-optimal performance in >>> the network, and destroying incentives for the endpoints to deploy >>> reordering-resilient TCP implementations (even though there are plenty of >>> ways of doing this.) >>> >>> >>> >>> Exposing QUIC's packet number field (as any field) is likely to have >>> similar consequences and a similar ecosystem arc. >>> >>> >>> >>> >>> >>> On Sun, Feb 4, 2018 at 7:51 PM, Salz, Rich <rsalz@akamai.com> wrote: >>> >>> > Optional security tends to devolve to non-secure. >>> >>> >>> >>> That’s a great aphorism. And sadly all too true. >>> >>> >> >> > -- Kazuho Oku
- Packet number encryption Martin Thomson
- Re: Packet number encryption Ian Swett
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Eric Rescorla
- Re: Packet number encryption Christian Huitema
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Mirja Kühlewind
- Re: Packet number encryption Gorry Fairhurst
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Eggert, Lars
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Ted Hardie
- Re: Packet number encryption Ted Hardie
- Re: Packet number encryption Christian Huitema
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Christian Huitema
- Re: Packet number encryption Jana Iyengar
- RE: Packet number encryption Roni Even (A)
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Martin Duke
- Re: Packet number encryption Kazuho Oku
- Re: Packet number encryption Christian Huitema
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mirja Kühlewind
- Re: Packet number encryption Mirja Kühlewind
- Re: Packet number encryption Kazuho Oku
- Re: Packet number encryption Dmitri Tikhonov
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: Packet number encryption Jana Iyengar
- RE: Packet number encryption Piotr Galecki
- Re: Re: Packet number encryption alexandre.ferrieux
- Re: Packet number encryption Patrick McManus
- Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
- Re: Packet number encryption Stephen Farrell
- Re: Packet number encryption Roberto Peon
- RE: Packet number encryption Piotr Galecki
- RE: Packet number encryption Roni Even (A)
- RE: Packet number encryption Lubashev, Igor
- RE: Packet number encryption Lubashev, Igor
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Lubashev, Igor
- Re: Packet number encryption Stephen Farrell
- Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
- Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
- Re: Packet number encryption Stephen Farrell
- Re: Packet number encryption Willy Tarreau
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Brian Trammell (IETF)
- Reducing ossification through protocol design (wa… Brian Trammell (IETF)
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Roberto Peon
- Re: Packet number encryption Salz, Rich
- Re: Packet number encryption Jana Iyengar
- RE: Packet number encryption Roni Even
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Roni Even (A)
- Re: Packet number encryption Roberto Peon
- Re: Reducing ossification through protocol design… Gorry Fairhurst
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Kazuho Oku
- RE: Packet number encryption Roni Even (A)
- Re: Reducing ossification through protocol design… Mirja Kühlewind
- Re: Reducing ossification through protocol design… Salz, Rich
- Re: Reducing ossification through protocol design… Mirja Kühlewind
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mike Bishop
- RE: Reducing ossification through protocol design… Mike Bishop
- Re: Packet number encryption Jana Iyengar
- Re: Packet number encryption Jana Iyengar
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Ted Hardie
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Marten Seemann
- RE: Packet number encryption Roni Even (A)
- Re: Packet number encryption Marten Seemann
- Re: Packet number encryption Brian Trammell (IETF)
- Re: Packet number encryption Kazuho Oku
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Gorry Fairhurst
- Explicit measurability in the QUIC wire image (wa… Brian Trammell (IETF)
- Explicit measurability in the QUIC wire image (wa… Brian Trammell (IETF)
- RE: Explicit measurability in the QUIC wire image… Roni Even (A)
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mirja Kühlewind
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Stephen Farrell
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- RE: Packet number encryption Mike Bishop
- Re: Packet number encryption Jana Iyengar
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Eric Rescorla
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Ian Swett
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Martin Thomson
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Christian Huitema
- Re: Packet number encryption Marten Seemann
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Explicit measurability in the QUIC wire image… Martin Thomson
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mirja Kühlewind
- Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Packet number encryption Brian Trammell (IETF)
- RE: Packet number encryption Praveen Balasubramanian
- Re: Explicit measurability in the QUIC wire image… Christian Huitema
- Re: Explicit measurability in the QUIC wire image… Christian Huitema
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Explicit measurability in the QUIC wire image… Kazuho Oku
- Re: Packet number encryption Victor Vasiliev
- Re: Packet number encryption Salz, Rich
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mike Bishop
- Re: Packet number encryption Christian Huitema
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mike Bishop
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Salz, Rich
- Re: Packet number encryption Eric Rescorla
- Re: Packet number encryption Eric Rescorla
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Eric Rescorla
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Ian Swett
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Salz, Rich
- Re: Packet number encryption Ian Swett
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption David Benjamin
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Deval, Manasi
- RE: Packet number encryption Deval, Manasi
- Re: Packet number encryption Victor Vasiliev
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: hardware offload (was: Packet number encrypti… Ian Swett
- Re: Packet number encryption Ian Swett
- Re: Packet number encryption Martin Thomson
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- RE: Packet number encryption Praveen Balasubramanian
- Re: Packet number encryption Salz, Rich
- RE: Packet number encryption Praveen Balasubramanian
- RE: hardware offload (was: Packet number encrypti… Praveen Balasubramanian
- Re: Packet number encryption Salz, Rich
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Victor Vasiliev
- Re: hardware offload (was: Packet number encrypti… Christian Huitema
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: hardware offload (was: Packet number encrypti… Eggert, Lars
- RE: Packet number encryption Praveen Balasubramanian
- RE: hardware offload (was: Packet number encrypti… Praveen Balasubramanian
- RE: Packet number encryption Praveen Balasubramanian
- RE: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Victor Vasiliev
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Kazuho Oku
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen
- Re: Packet number encryption Mikkel Fahnøe Jørgensen