IETF Logo Mail Archive

Re: Getting to consensus on packet number encryption

Ted Hardie <ted.ietf@gmail.com> Wed, 04 April 2018 18:06 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B549A12D775 for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 11:06:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZPXfL0_5Zpy for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 11:06:43 -0700 (PDT)
Received: from mail-ot0-x232.google.com (mail-ot0-x232.google.com [IPv6:2607:f8b0:4003:c0f::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9B38126BFD for <quic@ietf.org>; Wed, 4 Apr 2018 11:06:43 -0700 (PDT)
Received: by mail-ot0-x232.google.com with SMTP id h26-v6so24320689otj.12 for <quic@ietf.org>; Wed, 04 Apr 2018 11:06:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lnI1QlCOWPSzV9eMQd6EGRU0SRnvxu1l+anMEKW+kx0=; b=lRCX/guzMU7LTBrlZAwAUs9+iO8vEL/de3eTeRftugu6jVfBge8/qik5YbrsIGWOzv lx6VVievlx1UE8yMHaOrKoPMbzGuIt1rK9xI7sC6qPkL8krr8nMYCT57LImVQYHITj5o 4O1fGaKPXhIHg3noYAYiqJh1xunwnweUju/UW8o0Ccla8UajQlt+psu7CmR+rDT7wg/E BeK06RkFyYg+6Z8+q/fZipuAMDmImCsIs95akC232EzpnwrXi6373dLU0rBKMbQX1gvC G1Rh+GusvEAZT6CxYP4DFeJ1+jiKn8BgzShJFV7UfidQ4xrhY2eXgAXX0KQ2RFOd9ZF1 DMjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lnI1QlCOWPSzV9eMQd6EGRU0SRnvxu1l+anMEKW+kx0=; b=sgccEhLzPRb1YljtfaTHaDj2sNVgjYma/80f2ucV28/hZfkogBGbFCCH2IEPbHHL27 gU1c4mDno91tInGdNXfEotS8Z+1+EN31DoWNUHQwPxQRxlicWj+MfC6/EzgSi2OjbhFm Qo0TkWGtjeZBvVY4u03AhijMF45jrzC2e5y+Sh/oAF1FCrH9+zMNo/63dFKwMWB1fpFy UNFBAh9I4yUiwS2Q13cszDukCD+U+mHVWX7oTWmegFMwhsgzo0WZ8VGi8TNao49yivDP dx7scaaAtYqXlvK78xp8m2vex+2FqYrzP5RfLtho2Tc76/RhWAOsVEyOMm4G+DiNZLuH OexA==
X-Gm-Message-State: ALQs6tDAKSXixyD9dYMHWClhs5G6+hiC4rPFkOv6A1GHdt/iyf51N0qV VjK2dnxUWbOJnRCG6WhuogOp23eI/rrxQ5zAMSCtbg==
X-Google-Smtp-Source: AIpwx48nmzSntQ+CqBTTjPBx5kkGOiA+p1WYN4d1bH5udoBcu+KbojjIA8CACNc65OdEnVdQpz+0Uw0G1rhO9yqty6g=
X-Received: by 2002:a9d:fa1:: with SMTP id d30-v6mr10707794otd.18.1522865202804; Wed, 04 Apr 2018 11:06:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.139.174 with HTTP; Wed, 4 Apr 2018 11:06:12 -0700 (PDT)
In-Reply-To: <2DB3AC71-89B1-425C-8128-E673D34B7AFA@trammell.ch>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <2DB3AC71-89B1-425C-8128-E673D34B7AFA@trammell.ch>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 04 Apr 2018 11:06:12 -0700
Message-ID: <CA+9kkMD6a_hF-a8J+Tz-kzEVra8dUqsmpgD_PnD+RshhuzjsUA@mail.gmail.com>
Subject: Re: Getting to consensus on packet number encryption
To: Brian Trammell <ietf@trammell.ch>
Cc: IETF QUIC WG <quic@ietf.org>, Mark Nottingham <mnot@mnot.net>, Lars Eggert <lars@eggert.org>
Content-Type: multipart/alternative; boundary="000000000000743b33056909afef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/WWLhEbKqCyo45ewOxlqtcmv8cMk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 18:06:46 -0000

On Wed, Apr 4, 2018 at 7:31 AM, Brian Trammell <ietf@trammell.ch> wrote:

>
>
> Of course, it's more complicated than that, because isn't it always. Way
> more detail below (or just read draft-hardie-path-signals)...
>
>
Given the citation above, it is probably no surprise that I generally agree
with Brian on this.  There is one place where I think we probably would
emphasize things slightly differently.  For more on his take, see
https://github.com/britram/draft-trammell-wire-image/blob/master/draft-trammell-wire-image.md
which talks a good bit about the ossification issue that he touched on in
his message here.

My emphasis is slightly different:  how much does this choice constrain the
working group's later choices?  From my take, making the choice to encrypt
the packet number in v1 has the lesser set of constraints, because it is
possible for later versions to add a path-visible signal of sequence
numbers if we see a reason to do so.  That set of sequence numbers might
not be the same as those being used for protocol state mechanics by the
endpoints, but that's okay as they wouldn't be serving the same purpose.
Looking at Brian's text on the utility of sequences to observers:

Utility to on-path devices. The path can use the packet number for various
> forms of classification (i.e., "is this probably QUIC?") and state tracking
> ("does this look like a valid packet for a flow I know about?"), as well as
> passive measurement and diagnostic purposes (i.e., for one-point upstream
> loss and reordering measurement, as well as for rejecting loss and
> reordered spin edges with a single spin bit).
>

it seems pretty clear that the passive measurement and diagnostic purposes
would work with fairly small sequence numbers, maybe even down to sizes
small enough to make the linkability problem less scary.  The other issues
("does this look like quic" and "does this look like a known flow") seem
like they don't really require packet numbers or even deliberately exposed
sequence numbers, just consistency.   In other words, if we do anything to
expose sequences, the wire image we engineer does not have to simply re-use
the packet numbers used for protocol mechanics. It can focus on the message
we want to send to the path instead.

regards,

Ted

v2.23.0 | Report a Bug | By Email