Re: QUIC ossification
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Mon, 04 March 2019 09:28 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF17B1295EC for <quic@ietfa.amsl.com>; Mon, 4 Mar 2019 01:28:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2RSsXRzuY7mE for <quic@ietfa.amsl.com>; Mon, 4 Mar 2019 01:28:04 -0800 (PST)
Received: from virgo02.ee.ethz.ch (virgo02.ee.ethz.ch [129.132.72.10]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D89812941A for <quic@ietf.org>; Mon, 4 Mar 2019 01:28:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by virgo02.ee.ethz.ch (Postfix) with ESMTP id 44CZSf34fwz15N3h; Mon, 4 Mar 2019 10:28:02 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at virgo02.ee.ethz.ch
Received: from virgo02.ee.ethz.ch ([127.0.0.1]) by localhost (virgo02.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eFE9Y79VWsCN; Mon, 4 Mar 2019 10:27:59 +0100 (CET)
X-MtScore: NO score=0
Received: from [172.20.10.5] (ip-109-42-3-152.web.vodafone.de [109.42.3.152]) by virgo02.ee.ethz.ch (Postfix) with ESMTPSA; Mon, 4 Mar 2019 10:27:58 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: QUIC ossification
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
In-Reply-To: <CAM4esxRbCNsEmtco7oVxqhi2jxfCiQJn+zdb5SteiugVWqw6sA@mail.gmail.com>
Date: Mon, 04 Mar 2019 10:27:51 +0100
Cc: Roberto Peon <fenix@fb.com>, Jana Iyengar <jri.ietf@gmail.com>, QUIC WG <quic@ietf.org>, Martin Thomson <mt@lowentropy.net>, Kazuho Oku <kazuhooku@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CAAF0EE2-B430-467E-9C61-41A1419B784B@tik.ee.ethz.ch>
References: <f76aa399-f35d-46c5-b6a7-043d8704a90e@www.fastmail.com> <CACpbDcf_temqJ3EesvboKt280m-TEucMqa-NpYW7-UC5r0p1mQ@mail.gmail.com> <783327C4-3877-48F4-A41A-5987458C39B7@fb.com> <CACpbDccFRWeSYFGu7cjdsrWAnE_6KbhpPMZJ9kzN1KviAfEGJQ@mail.gmail.com> <067D562F-AC7C-463D-9C4D-D5ECF4D50FC9@trammell.ch> <C9BC63FD-9BE2-47B8-8D1C-EC27CEDF4D42@trammell.ch> <CACpbDcf+eE_bO4ZN3vjBmrrJ2oB4-yCZ2WVEX6vkxjKJOmk6ww@mail.gmail.com> <CAAedzxqD8UL39vaxRrugLZR38hXPK9gB8PqPi=kmG2D=eUpcmg@mail.gmail.com> <DAC9E580-909C-4E9E-82E0-A6AB22CADA24@fb.com> <50fa8e3a-a997-4c09-ba38-b8cdcde3b27c@www.fastmail.com> <d9b2ed51-a231-26e7-7ee8-08527b5fbfb1@huitema.net> <31aec777-de1e-45d2-a27f-590c73bc71b9@www.fastmail.com> <CACpbDcerks0aeVUa_6Hx3GBrRYup_7zdQdxHY7zt8pkgdY+Pcg@mail.gmail.com> <CANatvzxQ=e2Xsmn5E=D7BkGP1xFGcNmfGFWCEfFWWba_K0N8-Q@mail.gmail.com> <A44D7150-1AAB-41DE-AE0A-2A8FA1158F53@fb.com> <CAM4esxRbCNsEmtco7oVxqhi2jxfCiQJn+zdb5SteiugVWqw6sA@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/YwTUbdwozaxYMr2cZudhr7oy1OE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 09:28:07 -0000
Hi all, please see below. > Am 02.03.2019 um 07:21 schrieb Martin Duke <martin.h.duke@gmail.com>: > > When starting this thread, I wasn't thinking so much about Jana's unfortunate experience, so much as the fact that TLS 1..3 pretends it's TLS 1.2. I don't know the details of that process, but wonder if there's something the TLS designers might have done differently. The idea of a "security" device rejecting TLS versions that presumably provide more security is even more perverse than blocking future QUIC versions. > > Interestingly, a little obfuscation (hiding TLS version later in the hello) seems to have solved this problem. So I think there's a case that obfuscation isn't worthless. The logical end of the "obfuscation is worthless" case is that we should just get rid of the version field and design something buried in the TPs or something.. > I think this only worked because the ossification was already deployed and there it was „easy“ to design a work-around to a known problem.If you design something with such a hack in the first place it will however ossify around that approach. Coming back to a point Jana made earlier, I think keeping version numbers dynamic is a good thing to do and I don’t think we need encryption for this. Best would be to deploy multiple versions at once. The only question from my side is how big of a time span „at once“ can be. I'm actually (at least a bit) optimistic that we could publish another version of quic relatively soon, if we concentrate on a small change only. However, others might call me naive… Mirja > On Mon, Feb 25, 2019 at 10:27 AM Roberto Peon <fenix@fb.com> wrote: > You'd certainly get agreement that the only way to prevent things from reacting/recognizing to something is to make it unrecognizable as that something. > > So, in the long-term we want some combination of encryption (bytes unrecognizable) and pattern/timing obfuscation. I'm sure we'd all be happy if we could have this tomorrow and thus apply to V1, but it seems unlikely. > > If that is true, then for V1 the question is what potentially imperfect thing could we do that gives us the breathing room to get to V2, which could/should have the more perfect and more robust (likely encryption-based) solution? > > The answer to that depends on our shared understanding of the threat model. > > My understanding is that we're worried about accidental pattern-matching based "threats"-- i.e. protecting against assumptions that a particular range of bits in a particular place indicate the presence of QUIC. > > -=R > > On 2/23/19, 5:27 PM, "QUIC on behalf of Kazuho Oku" <quic-bounces@ietf.org on behalf of kazuhooku@gmail.com> wrote: > > 2019年2月24日(日) 8:37 Jana Iyengar <jri.ietf@gmail.com>: > > > > On Sat, Feb 23, 2019 at 10:21 AM Martin Thomson <mt@lowentropy.net> wrote: > >> > >> > >> On Fri, Feb 22, 2019, at 19:03, Christian Huitema wrote: > >> > > >> > Martin, you seem uncharacteristically restrained today. How about, "If > >> > it is not encrypted, middle boxes will ossify, and pathetic efforts at > >> > obfuscation are not going to save you?" > >> > >> That is what I typed first... Maybe if we all agree on this point, we can move on. > > > > > > I've seen and worked through one ossification case with QUIC so far, I can say that making versions dynamic in any way would have helped us. This is after talking to the middlebox vendor, and understanding their process. > > > > I think I've made my case -- that there's value in making the on-the-wire version more dynamic. If there is a proposal to encrypt version number, I'm all ears. This conversation is premised on not having encryption to save us. Without a proposal that encrypts version numbers, it does not make sense to say that encryption is the only solution. > > > > It is counter-productive to argue that nothing should be done in any situation when encryption is not available as a solution. > > Yeah. And IIUC encryption cannot be a solution for QUIC v1. > > To be precise, encryption can be a solution for QUIC v1 only when we > can assume that ESNI (or something other that allows the endpoints to > negotiate shared knowledge) gets deployed along with QUIC v1 by a > significant portion of the endpoints. > > I'd be very happy to see that happen, but I am skeptical if it would. > > -- > Kazuho Oku > > >
- QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Ian Swett
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification David Benjamin
- RE: QUIC ossification Mike Bishop
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification David Schinazi
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Ian Swett
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Spencer Dawkins at IETF
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Ted Hardie
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Brian Trammell (IETF)
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Erik Kline
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Christian Huitema
- Re: QUIC ossification Mikkel Fahnøe Jørgensen
- Re: QUIC ossification Martin Thomson
- Re: QUIC ossification Jana Iyengar
- Re: QUIC ossification Kazuho Oku
- Re: QUIC ossification Roberto Peon
- Re: QUIC ossification Martin Duke
- Re: QUIC ossification Mirja Kühlewind
- RE: QUIC ossification Mike Bishop
- Re: QUIC ossification Martin Duke