Re: QUIC-LB update: Eliminate block ciphers?
Martin Duke <martin.h.duke@gmail.com> Wed, 06 October 2021 16:32 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF6D3A1F63 for <quic@ietfa.amsl.com>; Wed, 6 Oct 2021 09:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ja-HDkdZVIqg for <quic@ietfa.amsl.com>; Wed, 6 Oct 2021 09:32:48 -0700 (PDT)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A9803A1F4B for <quic@ietf.org>; Wed, 6 Oct 2021 09:32:48 -0700 (PDT)
Received: by mail-ua1-x929.google.com with SMTP id i13so2208281uat.4 for <quic@ietf.org>; Wed, 06 Oct 2021 09:32:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=icKOaMpH1XmKW8Tq5YOZZ9b1RPpeQrXLiqAq675rZJ0=; b=OOj/H6F31MUDPhmUox7zXbUYZf9Pqr+Dmj2oZyd/C7EqOPY2gM3B5s/obrETOu+4FI NeAgKiDsOiA76OjLl0ZLB8pN4jGmL/bESOoQcmel/oO4kGc/yn+Hw3kg7N4Fx3vWCzrQ K02jDEBxHZuip71b/r67a+2/RHVdZS1VxCMVikJ/TjR/ZpHe2eaj6Da05+tiiOZ6Ra1z czL/MrovrHl/BZg2epz1+O0midHv0Ca53KpCRLc/8LkFUqALG+j5RKdgnruz2slAsze+ +U279mQ2yyaA1HJSddsfCCZiJp21/3/tbV2kdCYq2ge2eC4GBXagiRY11hrQOZo6VZy8 QfUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=icKOaMpH1XmKW8Tq5YOZZ9b1RPpeQrXLiqAq675rZJ0=; b=S2Jbz0s5LVwOiqS2ePITQxWCNmHcjBZ832Rw/ugqk6krwAASHc8OCtw7qNy7LVKrdY ucFaBqZH28ZQts2W98QjnGL4ctg2+1C0lcLEF9croMN46IkA5pcq0GeEBCqG2A85cN0l mWqAQoTMJ2NLYx1pgrcNzvBIwG7pkNBS8wRC3ILW+OjzWfBAYg44qvvATnpIs6Yl1jGD kPO90FRjOvVwzp5TARSOjIOF1oBX1RIcDv1piAsx1gsrr2keOsMkowhgi6q+kAiwNLjV wYO2//aNYPg++FBl8f/ybo8DqQCqmZ+GiFD60rdSspND1aSQLPkqjXGfW1SPfhN+dpkN Qldg==
X-Gm-Message-State: AOAM532m756jTcJS7pX8464ZxspGJ4nmd2YeR/M+QaeHK2mTJpitpICX hQqNIavekZ4/KGrBKidMEA1Ams0klCIGMPdjB911pT/UFsQ=
X-Google-Smtp-Source: ABdhPJyyrk7khM7OzHSYmmlN6PGej+J+V8hIAJWMVuupDMyJNnDzGKa+U64Nz5nvfG/XGkn8cDyAGUh2IHKvMVmj3HE=
X-Received: by 2002:ab0:63d9:: with SMTP id i25mr15894015uap.138.1633537967456; Wed, 06 Oct 2021 09:32:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxT=QrJBaPsmK-6dXV+WUYn+tiHUEk_PpJu9L_agdU4EtQ@mail.gmail.com> <6f4f125359b247f588c8a74eb7ebfa1a@huawei.com> <CAKcm_gNRmKEDninEbHd6L_Jf7qJRBOvh5q2VyQT4FFabnDKL6g@mail.gmail.com>
In-Reply-To: <CAKcm_gNRmKEDninEbHd6L_Jf7qJRBOvh5q2VyQT4FFabnDKL6g@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Wed, 06 Oct 2021 09:32:36 -0700
Message-ID: <CAM4esxQ7oUb2k3HKs21gUy15FxDr3wMDPH4EyR8FkX8q+a9A3Q@mail.gmail.com>
Subject: Re: QUIC-LB update: Eliminate block ciphers?
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Cc: Antoine FRESSANCOURT <antoine.fressancourt@huawei.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000047042705cdb1b207"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/UEIARISWP7nKH7-PN7urIxzkhyY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 16:32:54 -0000
Hi Antoine, Yes, the configuration agent generates the key in both cases. Sorry this is confusing; if the block cipher goes away, the entire section will need a deep editorial rewrite that will hopefully remove the confusion. Martin On Wed, Oct 6, 2021 at 2:58 AM Ian Swett <ianswett= 40google.com@dmarc.ietf.org> wrote: > I agree that the Block Cipher is not that likely to be deployed, and > removing it simplifies the draft. > > On Wed, Oct 6, 2021 at 5:26 AM Antoine FRESSANCOURT < > antoine.fressancourt@huawei.com> wrote: > >> Hello, >> >> >> >> A side remark on the Stream cipher and block cipher CID sections. As I >> was reading both sections, I struggled a bit with understanding which keys >> were used in each cryptographic operation. The block cipher section tells >> that the key is generated by the configuration agent and distributed to the >> LB, but there is no such mention for the stream cipher section. >> >> >> >> As I don’t have a clear view about how keys are created and managed, I >> would love to see those concerns answered in the draft (and unfortunately I >> would only be able to push misinformation myself) >> >> >> >> Thanks, >> >> >> >> Antoine Fressancourt >> >> >> >> *From:* QUIC [mailto:quic-bounces@ietf.org] *On Behalf Of *Martin Duke >> *Sent:* Monday, October 4, 2021 10:21 PM >> *To:* IETF QUIC WG <quic@ietf.org> >> *Subject:* QUIC-LB update: Eliminate block ciphers? >> >> >> >> Hello QUICWG, >> >> >> >> There has quietly been some recent work on tightening up the QUIC-LB >> specification. At the moment, we are still short on implementations but I >> am hearing something might happen soon. >> >> >> >> Anyway, Christian Huitema has made substantial contributions to the >> security properties of Stream Cipher CID, which allows smallish CIDs, by >> making it a three-pass algorithm. We still have the "Block Cipher CID >> option" which requires CIDs of at least 17 bytes; AFAICT the only advantage >> at this point is that it can be decoded with 1 block encryption operation >> instead of three. >> >> >> >> In principle, QUIC-LB load balancers can be run with no per-connection >> state, in which case this would be a per-packet operation. I strongly >> suspect that real LBs will keep some per-4tuple state, as they do today; if >> so, this crypto operation only needs to occur once per packet where the >> 4-tuple is new. If so, the CPU impact is vanishingly small except in a >> storm of garbage packets. >> >> >> >> So AFAICT, the use case for Block Cipher is as follows: >> >> - Willing to run one crypto operation per packet/new 4-tuple >> >> - Not OK with doing three crypto operations >> >> - satisfied with 17B + CIDs >> >> >> >> I strongly suspect this does not describe a real implementer, and am >> inclined to simply delete this option in my effort to simplify the design. >> Nevertheless, I'm taking this to the list in case someone thinks this is an >> important use case. >> >> >> >> This is Issue 138 in Github >> <https://github.com/quicwg/load-balancers/issues/138>. >> >> >> >> Thanks, >> >> Martin >> >> >> >
- QUIC-LB update: Eliminate block ciphers? Martin Duke
- RE: QUIC-LB update: Eliminate block ciphers? Antoine FRESSANCOURT
- Re: QUIC-LB update: Eliminate block ciphers? Ian Swett
- Re: QUIC-LB update: Eliminate block ciphers? Martin Duke
- Re: QUIC-LB update: Eliminate block ciphers? Phillip Hallam-Baker
- Re: QUIC-LB update: Eliminate block ciphers? Christian Huitema
- Re: QUIC-LB update: Eliminate block ciphers? Phillip Hallam-Baker
- Re: QUIC-LB update: Eliminate block ciphers? Martin Thomson
- Re: QUIC-LB update: Eliminate block ciphers? Phillip Hallam-Baker
- Re: QUIC-LB update: Eliminate block ciphers? Martin Duke
- Re: QUIC-LB update: Eliminate block ciphers? Christian Huitema