IETF Logo Mail Archive

Re: Authentication in draft-kuhn-quic-bdpframe-extension

Martin Thomson <mt@lowentropy.net> Mon, 06 November 2023 06:32 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24ECCC18FCB1 for <quic@ietfa.amsl.com>; Sun, 5 Nov 2023 22:32:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="Arulo21x"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="tfJg2GY+"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E_5Ljotope0I for <quic@ietfa.amsl.com>; Sun, 5 Nov 2023 22:32:18 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A09EC1D2D8D for <quic@ietf.org>; Sun, 5 Nov 2023 22:32:17 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id E439D3200657; Mon, 6 Nov 2023 01:32:14 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Mon, 06 Nov 2023 01:32:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1699252334; x= 1699338734; bh=2D9bHyv2SuEidDh1UF79po2n6N9rrldcHwrmIDsNkg8=; b=A rulo21xPNW00MypMGB4jgjfGGiezdXIQ3nAjkgxeScLmu4mLXllXqPsEc4x0m2Y3 LxXab2ZIkj5PAzmDUiiIif+xt9jmUauKrQlNANwgF3wD8nSn7H43zLEy/gSAP/mY vaXaaLZgcjMCwS6aLSuNTfqVk/nlr8OaZjRuO380RZ9SS4QvYs2EVGnLf4vYyrOl mIr2RoUhMpjmwMJcBEPiHU9MXG820hyd7hac+SEaA+uPK4VsYegzOobcwxQz326G UynxyZpbO0rV4X01FtDHZYKs2Bh7DWUBj1U7ayesGGJzHrUlzOMNydKIJ/W3iVO/ nNEoO0rji6icr1ln6ngCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1699252334; x=1699338734; bh=2D9bHyv2SuEid Dh1UF79po2n6N9rrldcHwrmIDsNkg8=; b=tfJg2GY++IJWA0WtYbWZYmR3UGu28 KbqXNtrod6UNEX4/f3lhTMwq2H6QkqNK/yBAbTDQk/tQ7nTFJ9N08gzyzkMi800r zAMsegKlBzIymMJRnXUmMEBpKvBXHHvnmNkiB+j9LNrGvcB6YjOoiqKDG+L47Xpx GwQUGYnjJiVTCduTinpO1230Q6M+DfeluIwtYPh7MYcYGcbg+RuV7OvOI5bT0d/K awFZqDnT/rn4O25ek43IjGPapMriRiekNYP2dhr/l8a2ntqIyTUjrgpN7xSuJr61 eZgECXckqeKHilTl7L4JfJdxsD60EJj+JnIEwBRUOXsQK7T6hrLD++wQw==
X-ME-Sender: <xms:bohIZVHPQrFCH-k0Tnzs-DT62Mm_E-3mcyoP8LInp3XnNxQa6W77Sg> <xme:bohIZaUnVyQr9eMLu0fRWjK2D02RPjwweOgjR7J6ZiT9OLCSwSFfZwbw0fNGbvMv1 wQjib3phG_1i-X1kaU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedruddufedgleejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeduleeufedthfegieeiieekkeejvdejgfevudffgeefvdffleev feekudeiieekleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:bohIZXJ3NmCB5drzrsl3v7jwL14IfoOQuoMKoaVRRG2nh0tXxXwAlA> <xmx:bohIZbGzfCQm743TOp500tuAP9f2eFdUXAOkfeYvKjl4SACOpjhVaA> <xmx:bohIZbVM-fNfr0vXp_L9SYmfdUKlFcYy1W-8wAaA5pSLgfhjqNqzCg> <xmx:bohIZYhbu4d5IggcDptQV3wq_tBh1XNbbiGeeUGntdkqywOGRPKIRA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 101A7234007E; Mon, 6 Nov 2023 01:32:14 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1108-g3a29173c6d-fm-20231031.005-g3a29173c
MIME-Version: 1.0
Message-Id: <4c4d9609-7dbd-4cd7-8cb5-50d5648637ec@app.fastmail.com>
In-Reply-To: <CACsn0cmPa2tpChSY8qKUQzCGWfW71WWzZ-L-a4H8DpDEK9BwFQ@mail.gmail.com>
References: <CAMEWqGsGCEhC97Yt-r9YBwGCPxH6+OGj7GfTmomMDJBD6S_ZBQ@mail.gmail.com> <a7d79746-59b3-4dd5-ad74-2810ac685ec5@erg.abdn.ac.uk> <CALGR9oZRReig2_dEsbtx+ODKoaZTkKp6C5gcQZVPd_gnnWbX1Q@mail.gmail.com> <CACsn0cmPa2tpChSY8qKUQzCGWfW71WWzZ-L-a4H8DpDEK9BwFQ@mail.gmail.com>
Date: Mon, 06 Nov 2023 07:31:52 +0100
From: Martin Thomson <mt@lowentropy.net>
To: Watson Ladd <watsonbladd@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Q Misell <q=40as207960.net@dmarc.ietf.org>, quic@ietf.org
Subject: Re: Authentication in draft-kuhn-quic-bdpframe-extension
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/XAI0MaBVl75jCHNuc-ms4Mukm7Y>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 06:32:23 -0000

On Mon, Nov 6, 2023, at 01:43, Watson Ladd wrote:
> I'd prefer not to incorporate user application related data (which
> QUIC info would be) in TLS resumption tickets. There is not a great
> way to do this, and particularly as BDP can vary over time so the TLS
> layer would have to send more tickets. Not fatal, but more coupling
> than I think is ideal.

That ship sailed, unfortunately.  At least as far as HTTP/3 goes, you need to remember settings when you resume and especially for 0-RTT.  The ticket is the obvious place.  NSS offers application protocols an API for generating tickets with supplementary information for exactly this reason.

v2.23.0 | Report a Bug | By Email