IETF Logo Mail Archive

Re: a proposed way forward was Re: Spin bit decision

Kazuho Oku <kazuhooku@gmail.com> Wed, 03 October 2018 13:55 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 177EE13129A for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 06:55:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dU3zXRe_HByR for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 06:55:31 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C018F131029 for <quic@ietf.org>; Wed, 3 Oct 2018 06:55:30 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id d4-v6so4225503lfa.3 for <quic@ietf.org>; Wed, 03 Oct 2018 06:55:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=uPPQ54QY2UF/I8Cz0x148A1j45VPOjKB3Sy10JOYNjk=; b=AIdg2N0Bin0ubvn9CGT8ev2G9wYPObmKy8qd1+8S21GfawpwIopzUwYoehGPN5DxD5 YizcBvfCjr1AP0YpYk/aVYwluP8Kmt35+JPog10e9qBBHF5S1r2OVfndrkWV1ueoXIRp qlVBOcMP03ujA7KGZnD042xwrqEc43Gm0vOggoHObl7G15nMDWro3saxTvOefY4OS4Kw BlbpOeWcH4kREYIEIaPIuWadwqx9yBy86CHK4rm4nu5OoM99NgOz8ZuNJ36dUE9t9zwT aC8Rrm1IUPLYXotWfWhFDAZyjtY4Z850UFB6c1d+aOs/rX6GTWv5/l2qJfgs7Mq13foT MK2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=uPPQ54QY2UF/I8Cz0x148A1j45VPOjKB3Sy10JOYNjk=; b=DGI1QMLcbyKDo07B2zZlowA70Q7YRg1NxqeRf5g1pxOWrrRWK/bAXvXICKpo7g4LEg acj1IGd6P4eDkveELPVr9apnz4hCCT5/DWY6enRssMGoLWabJFlm4IeIe/Rg2Y52lKuj Oyyk28tlFGirRCZxFfhQ7/XAT6KsU+7PN9uWuydrSDaQVw3kOkD/k+6zqMPvKjDbaF4Q T5+7ZpZzA7QCh4cgAVdFOD1AtU5supE5VKfMwEm/k0953uAY4iXMuYmACnNHdPHOu8fW a2172CSUFXGW/BjtMQpOk53Rgbl8Bkj6OpwpKX7rhKhoku7nZqye92EY/GNU3voJV8PI 0bQQ==
X-Gm-Message-State: ABuFfohapmuTuLvcX/861hSxtNepFUxIjbfb1p6UR9UfLoaWT/X375GX os5YAMTvfeqPvKzuit3FikVYtXFQoMReUCcXtP0f8H7sH2o=
X-Google-Smtp-Source: ACcGV60lX2P6gJiaxS6dBxgW6fPFtnZqBNhxmhI3hLE23s65t2uuzY5bqMWC6EpjPBk23pbImL8E+As4Z4wgRb6To3I=
X-Received: by 2002:a19:8d11:: with SMTP id p17-v6mr1080371lfd.116.1538574928812; Wed, 03 Oct 2018 06:55:28 -0700 (PDT)
MIME-Version: 1.0
References: <14531_1538460420_5BB30B04_14531_237_4_c0f3a391-9897-80b0-575b-aa73edad0d52@orange.com> <9A63F295-5DC5-4992-9A9C-A98F72C8430D@eggert.org> <22440_1538469028_5BB32CA4_22440_292_2_8e00a462-2bbf-acf0-1195-74269a0c2fbd@orange.com> <3E3DBC15-FE42-47CF-AF7A-1F2597ED2390@eggert.org> <24019_1538484216_5BB367F8_24019_26_1_8e6b0d8e-78f0-56c7-e731-da2ff22cb194@orange.com> <08A9C80F-59E6-46EE-A4D4-1F78F5085CF7@eggert.org> <9737_1538485723_5BB36DDB_9737_147_1_82e0e028-b0e8-5e09-7bd5-e66db97c556a@orange.com> <E7479831-9594-444E-9545-A162E8D9B154@eggert.org> <32072_1538492813_5BB3898D_32072_266_1_8380ff40-29fe-269b-8ed7-4331c9e53f4d@orange.com> <MWHPR22MB0991D93D706031603B077BFCDAE80@MWHPR22MB0991.namprd22.prod.outlook.com> <CAKcm_gM+zAEwfimHsorsWprJgS7O++85EOjpQoNY0LviaQ+KNQ@mail.gmail.com> <45751C2A-9F6C-4447-8D70-11ABE8C07F8D@trammell.ch> <CANatvzzCvmbu=bN1C-UCzNaT6EUPVCMPwY53wyFNkKa4HQT00g@mail.gmail.com> <7221_1538551972_5BB470A4_7221_106_1_4a70bd20-3b2e-d4a6-4832-23024e1119f0@orange.com> <CAN1APddaqCxYr5rZVfd5K_LWMDigcRdhj4CihdCVo3F=NH0idg@mail.gmail.com> <055E2627-9D6C-45E8-8130-069B4891D24C@trammell.ch>
In-Reply-To: <055E2627-9D6C-45E8-8130-069B4891D24C@trammell.ch>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 03 Oct 2018 22:55:16 +0900
Message-ID: <CANatvzwJ_aeRTcmvyrYfc=NAhPQMtO2BQ9DOKJ6ztseJz024xA@mail.gmail.com>
Subject: Re: a proposed way forward was Re: Spin bit decision
To: Brian Trammell <ietf@trammell.ch>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Lili Peaudchien <alexandre.ferrieux@orange.com>, Lars Eggert <lars@eggert.org>, Mike Bishop <mbishop@evequefou.be>, IETF QUIC WG <quic@ietf.org>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/YhPDqxlugtlZF0KAGjLEv2uiuBQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 13:55:33 -0000

2018年10月3日(水) 16:58 Brian Trammell (IETF) <ietf@trammell.ch>:
>
> hi Mikkel,
>
> I think we're having trouble with the many meanings of the word "proxy" here. It can mean at least three things in this context, each of which has different implications for RTT measurement:
>
> (1) Web proxying. The web proxy terminates transport connections, and as such the spin bit would only expose the RTT on the segment between the proxy and its Internet-side peer. Since the whole point of the proxy from a privacy standpoint is to make traffic look like it's coming from the proxy, exposing this RTT is not an issue.
>
> (2) Transport-terminating proxying. Here the proxying happens at the stream, as opposed to the request level. For spin bit measurement, this is equivalent to (1) above. (Note that this is widely deployed for TCP in the form of transparent back-to-back proxies, which won't work in QUIC since the security association protecting the transport is end-to-end.)

FWIW, IIUC TCP proxies that forward HTTPS traffic exist in the market.
At the very least, we care of such proxies in the ESNI draft [1]. The
practical merit of using such proxy is to mitigate DDoS attacks in an
application-protocol-agnostic way, but I would not be surprised if
some of the users are also interested in hiding the true location of
the server.

As you correctly note, such proxy services do not leak the end-to-end
RTT, because TCP is terminated by the proxy, but for QUIC the
transport becomes end-to-end, and it would essentially leak the RTT
between the proxy and the hidden server.

In my view, this should be considered as a degradation in terms of
privacy preservation from TCP to QUIC. I am opposed to having such
degradation, even though it could be considered as a niche. Hence my
argument for SHOULD rather than MUST.

[1] https://tools.ietf.org/html/draft-ietf-tls-esni-01#section-3.1

> (3) Proxy-via-NAT. Here the proxy simply rewrites UDP addresses; in this case, since the transport association is not terminated, the spin bit will expose full end-to-end RTT. Indeed, in this case, endpoints may want to disable RTT measurement.
>
> > On 3 Oct 2018, at 09:45, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote:
> >
> >>
> >> At last a concrete argument, thanks ;)
> >> But why would exposing the RTT be harmful in a NAT/UDP-proxy scenario ?
> > Great firewall censorship.
>
> Say more here? I don't see the relevance.
>
> > VPN proxy to bypass streaming restrictions by country.
>
> AFAIK most/all of these are of type (1) and (2), so not relevant to the discussion.
>
> > Hackers that proxy traffic via a legitimate cooperation.
>
> For web traffic, at least, this would probably be of type (1).
>
> > Internet access providers prioritising local traffic.
>
> This can and always will be done via other identifiers, so even if RTT is exposed here, it is of limited utility/threat (depending on which team you're rooting for).
>
> > High latency onion routing traffic.
>
> Necessarily always terminates transport. However, the fundamental design properties of circuit-based anonymity systems do mean that if you're doing something like running a VPN tunnel over ToR (for.. some reason?), then you should turn off the spin bit for traffic within that tunnel. Client opt-outs seem to be mostly sufficient for this, though.
>
> Cheers,
>
> Brian
>
>
> >
> >>
> >>
> >>
> >> _________________________________________________________________________________________________________________________
> >>
> >> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> >> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >>
> >> This message and its attachments may contain confidential or privileged information that may be protected by law;
> >> they should not be distributed, used or copied without authorisation.
> >> If you have received this email in error, please notify the sender and delete this message and its attachments.
> >> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> >> Thank you.
>


-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email