IETF Logo Mail Archive

RE: Getting to consensus on packet number encryption

Praveen Balasubramanian <pravb@microsoft.com> Mon, 30 April 2018 21:55 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EE0C127275 for <quic@ietfa.amsl.com>; Mon, 30 Apr 2018 14:55:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhiO2id_1QJW for <quic@ietfa.amsl.com>; Mon, 30 Apr 2018 14:55:36 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0120.outbound.protection.outlook.com [104.47.41.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFEAF127241 for <quic@ietf.org>; Mon, 30 Apr 2018 14:55:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IBWG6sSJB5pmGbSPiBnUJoF1uf3FJbi/DIWp6iExWNc=; b=R+OMhEPtl1bFOVbwKokKp7w3sAeJvkN8haBLeYe23bEtxtZqKZ028pidCjPVyYjyFvuxs6+jh9uajLF8yQAfZC+Xpuiz+RMP+EgK095dCRg6f8Vqo9gdGB9c8EsXc/Ltf20FEVBmOa53Q9rpIWzW+xvZYL24FgCkt1JFe7tJ7PE=
Received: from MWHPR21MB0638.namprd21.prod.outlook.com (10.175.141.139) by MWHPR21MB0781.namprd21.prod.outlook.com (10.173.51.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.755.0; Mon, 30 Apr 2018 21:55:32 +0000
Received: from MWHPR21MB0638.namprd21.prod.outlook.com ([fe80::6d48:f7af:d267:2021]) by MWHPR21MB0638.namprd21.prod.outlook.com ([fe80::6d48:f7af:d267:2021%7]) with mapi id 15.20.0735.006; Mon, 30 Apr 2018 21:55:32 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, huitema <huitema@huitema.net>
CC: Jana Iyengar <jri.ietf@gmail.com>, "Lubashev, Igor" <ilubashe@akamai.com>, Mark Nottingham <mnot@mnot.net>, Mike Bishop <mbishop@evequefou.be>, Erik Kline <ek@google.com>, Brian Trammell <ietf@trammell.ch>, IETF QUIC WG <quic@ietf.org>, "Deval, Manasi" <manasi.deval@intel.com>, Kazuho Oku <kazuhooku@gmail.com>
Subject: RE: Getting to consensus on packet number encryption
Thread-Topic: Getting to consensus on packet number encryption
Thread-Index: AQHTy9GYaiUVNrU6h0aiyBQtEo3l9KPwZ0sAgAC4ugCAAARcAIAAFTbwgAALYgCAAAAgYIAAEcIAgACR+YCAB09lAIAFXyIAgAVK+oCAAJlSAIABxdSAgACOHICAB/EyAIACo7YAgACiMICAAADPgIAAIs8AgAAm/YCAABExgIAABpMAgAAK5wCAAPIgAIAA5wcAgACzcYCAAHHMgIAEe1cAgAABEACAABL8QA==
Date: Mon, 30 Apr 2018 21:55:31 +0000
Message-ID: <MWHPR21MB063869878060E850137210FEB6820@MWHPR21MB0638.namprd21.prod.outlook.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <ae7a63fe-0a32-893f-aa6b-e8d97b8ba87a@huitema.net> <1F436ED13A22A246A59CA374CBC543998B60C6DD@ORSMSX111.amr.corp.intel.com> <SN1PR08MB1854FD2461597D81BEE31ED6DA8F0@SN1PR08MB1854.namprd08.prod.outlook.com> <CAKcm_gMRPXgCoZ958Oj4_Pnkvmc9a7PgNVS0iae0hCW7bLKqng@mail.gmail.com> <SN1PR08MB18545D0554DED1F83862EBFBDA8F0@SN1PR08MB1854.namprd08.prod.outlook.com> <CAKcm_gNMTQg-pV8vTXkMCTh48QPZ_ujyFSEKRYf+WurUFytaWw@mail.gmail.com> <CANatvzwCYrOZULG3iVmDFp97nr=M5=Gufo8TZjOGQVFUpsn0bQ@mail.gmail.com> <CAAedzxqDcPXJUE83KVnDiU23PvqDcTCrc6rRMw09FexjJA-Y6Q@mail.gmail.com> <CANatvzwjYE6EdvFtOXJMVQnutbVQ4YY+=XsQFzKwHzqWzZ4U+w@mail.gmail.com> <d32ade7b56bf4651952659307c08893b@usma1ex-dag1mb5.msg.corp.akamai.com> <CANatvzwHtCn8rLB8npf3i7PGyYZhVDRd2uojh5hv3uxtFPEsSA@mail.gmail.com> <58447D8E-782C-431C-8FC3-71124B10A047@trammell.ch> <CACpbDcdfF9w3qqrH1eB0sGU_4vheD9aMP5EXnp1o3Y19N19NUg@mail.gmail.com> <e8b4931a-3931-5b8d-8dad-3ca1939d5542@huitema.net> <CAKcm_gPaj3o-VTdA_0+Kk+nTcVJrYcs_BMyOiDGXKub3gB=GLg@mail.gmail.com>
In-Reply-To: <CAKcm_gPaj3o-VTdA_0+Kk+nTcVJrYcs_BMyOiDGXKub3gB=GLg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:7::316]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0781; 7:9IdmQpnJFV1dcpP2OOmEfgxRitiv+vxfeTT1u2vEvYWH8t6BuriAAlWAgl4o4eLTQETO4MvllGn+prJLDRdHy/WYX4pFnDRYy19QMFMEpXpdNMTXofSIpk+KxaP7OmnN8945HaqnRr7rb8g0pY7R2j1Uq8ciu2bgXzcoX1ObNDoP/zsdBDLnA63iyAobP+9uACbnejIRzUyr4/lcaVB0uj5tRG2qy6HgvAG8iE7zfRU9ySEFn4o2UsimqhsUkHsA; 20:WqL5/rrukX5V+6XFtXVeubKMdiHpWZPl3NLPANATfW3GUD8V+W7KIdwc3Xo9U61+wf7Q4npFCTGsdRsUWv9T30nd35C3XaJPlf0M/Wriw0a0p70ZKyz+Ki4UnpEHmCw1h0ig2HFctyczQsx7XBQp/WgbH83roBXLC/WfCEWz8wo=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7193020); SRVR:MWHPR21MB0781;
x-ms-traffictypediagnostic: MWHPR21MB0781:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <MWHPR21MB07818AEFBAE084D52FECA0E9B6820@MWHPR21MB0781.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(85827821059158)(211936372134217)(100405760836317)(153496737603132)(21748063052155)(228905959029699);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231254)(2018427008)(944501410)(52105095)(93006095)(93001095)(6055026)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:MWHPR21MB0781; BCL:0; PCL:0; RULEID:; SRVR:MWHPR21MB0781;
x-forefront-prvs: 0658BAF71F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(376002)(346002)(39380400002)(396003)(366004)(39860400002)(199004)(189003)(25786009)(59450400001)(53546011)(46003)(478600001)(76176011)(7736002)(6116002)(6506007)(7696005)(10090500001)(102836004)(54906003)(106356001)(5660300001)(105586002)(8676002)(81156014)(186003)(81166006)(110136005)(486006)(99286004)(8990500004)(4326008)(8936002)(790700001)(10290500003)(476003)(446003)(6346003)(11346002)(53936002)(5250100002)(39060400002)(7416002)(316002)(22452003)(6436002)(6306002)(74316002)(68736007)(54896002)(6246003)(236005)(2906002)(55016002)(3660700001)(229853002)(86362001)(14454004)(3280700002)(2900100001)(19609705001)(93886005)(86612001)(9686003)(97736004)(33656002)(61000200001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0781; H:MWHPR21MB0638.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-message-info: x4BI0oUzNKzRs8cnHiBX3z/zdkrwN/XEoiNeHIw4IUcD9kmB5VrH6Nwc7nkmP2bGaCLRBMoNPZr7q+GhpocMUGcDjbSZgFxJUzF8AEGagE2RMHfHf1Jy3b7kg0f20H1j7xDMOpOT/yYDH/KzBYOU/8BSliexsaQ+ebCqieb+vKToA/ZMbY4vU4vwcndpkCqg
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB063869878060E850137210FEB6820MWHPR21MB0638namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: d3acb8c1-2f0b-488c-5087-08d5aee5183c
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d3acb8c1-2f0b-488c-5087-08d5aee5183c
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2018 21:55:31.7640 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0781
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/NYnB1cR8A6FEWIIXkmHZVdRoN4E>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 21:55:39 -0000

I disagree that we need any more data for not doing PNE in the datacenter. Why would we add an extra encrypt-decrypt step for no obvious benefit? The cost of this operation will keep magnifying as UDP performance improves. We have several optimizations planned for UDP, but short of hardware offload, none for crypto – this is an important trend to account for performance wise. For short packets like ACKs an extra encrypt decrypt step can become a large fraction of CPU cost over time.

If QUIC is not intended to be a general purpose transport but only for the Internet, then we should say so in the charter. Then we can invent custom protocols over UDP for datacenter scenarios and give up on interop.

Also, what is the urgency behind getting PNE adopted – is it blocking progress on interop or other issues? If it is deemed urgent then I am fine with adopting PNE as long as we add a negotiation mechanism in V1.

From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Ian Swett
Sent: Monday, April 30, 2018 1:38 PM
To: huitema <huitema@huitema.net>
Cc: Jana Iyengar <jri.ietf@gmail.com>; Lubashev, Igor <ilubashe@akamai.com>; Mark Nottingham <mnot@mnot.net>; Mike Bishop <mbishop@evequefou.be>; Erik Kline <ek@google.com>; Brian Trammell <ietf@trammell.ch>; IETF QUIC WG <quic@ietf.org>; Deval, Manasi <manasi.deval@intel.com>; Kazuho Oku <kazuhooku@gmail.com>
Subject: Re: Getting to consensus on packet number encryption

SGTM

On Mon, Apr 30, 2018 at 4:34 PM Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote:


On 4/28/2018 1:08 AM, Jana Iyengar wrote:
> I agree that negotiating PNE runs the risk of having two types of
> connections on the Internet. I agree that the risk of blockage doesn't
> seem high, but honestly, having seen how middlebox features get
> deployed, I'm not convinced that it won't happen (though I suspect
> it's unlikely to happen at a large scale). I understand the desire to
> have it off within DCs though, so I'm sensitive to that need.
>
> I'd like to hear more about why making PNE optional isn't a decision
> that we can punt to later though. I'd like to move along with PNE now,
> and come back to negotiating this as an option once we have some
> deployment work/experience in intra DC environments. I'm not yet
> convinced that this is going to be your biggest cost in an intra-DC
> environment, and if it is, then we can surely revisit this decision
> and add a param later to make PNE optional, either later in v1 or in
> v2. We are talking about a very narrow view into total cost at this
> point -- this one AES op is unlikely to be the bottleneck. But I have
> no data, and I don't think anyone has any full deployment experience yet.
>
> TL;DR: I'd like to suggest that we move ahead with PR #1079, and
> continue discussion on adding optional PNE in Issue #1296.

+1

-- Christian Huitema

v2.23.0 | Report a Bug | By Email