Re: The first octet

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Mon, 06 August 2018 20:17 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0397B130E58 for <quic@ietfa.amsl.com>; Mon, 6 Aug 2018 13:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.738
X-Spam-Level:
X-Spam-Status: No, score=-1.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQzunDTcsHFM for <quic@ietfa.amsl.com>; Mon, 6 Aug 2018 13:17:55 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FC89126F72 for <quic@ietf.org>; Mon, 6 Aug 2018 13:17:55 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id p81-v6so20007052itp.1 for <quic@ietf.org>; Mon, 06 Aug 2018 13:17:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=zN2yKhQKrb8HtljGI+TjGZWanw40An1xfYlp0DPAVsw=; b=IJdpCofjSanvmD1ksU1pEq2VCo+O8CKObRDSQpHKu2LS5JMVehBKMTzf4u36wKKZrf dbp8PeOESHC01vVTEXHI5nfRxze/pd+h1av0drcNJJkRWKVoIlCDRgl6LJnEhBUtkfkj Hye2Wx/DiFt9mL7oqGqUO98SX2w5CkCJaAAmmueYPGY90rWnwGYjbQZ7RFdtFB0RV4Sc AotEzNTvTMAEYmQpjFcMzuSZx5aQsenjHxAEl0oZwKe1xO3osbDr/JKkaKXvHEU0lxiC agQM8IGJi7T+HgIyfZ65DDmQEvijwXTKq1jb+Lv07kmf/UNBshiOb9f6NT+WpFsVbStm zPew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=zN2yKhQKrb8HtljGI+TjGZWanw40An1xfYlp0DPAVsw=; b=QpJDmVKOI1rUwt54D7KlPmUnYMZNcnZbJ+Xog0spOVvkWIbMZL1xoZcsBrFkgcg9jx 0y64glmeueR4FAtkALsmSDcBjd+hWYjHRR21R/QjbqeiyVclhzAout0CH/blOfjYfm88 Z1CVsIAVR+30HnKDL9NH9JYOuTgc7ZpSTZacpheZdpRsnxvKjgmKQTkxYcKdP/fke6nm /p/vmhpF4wm69/A7UfIBg6zQxPm3KpLH0qyfkkGpEffh+kq+6+UJby0b/DtWSPMwD6H2 shavegJNJls+lwqYHS3Gxit+hoPL55ZUL00GdsUxLkcF6nPxhkWdig9MRgSNmLJl2XAx CHZQ==
X-Gm-Message-State: AOUpUlEkqJcHvTLEMokHihBVk0OeBRNpNaJ3uY9s5iq5jCjluIPnke8X c0eQcQm0qEMffEVWC2/pLEQc9BzUG4rR5Sij50ZOyA==
X-Google-Smtp-Source: AAOMgpfjX+MRIoX1pPV6Ndf+KOa+7VM0mgMK0BjIaca6bbgDKBOyqK8orWLvHQeoCT9SGVkrn2eLybWmJZaYV6VOmxg=
X-Received: by 2002:a24:534c:: with SMTP id n73-v6mr16644997itb.25.1533586674746; Mon, 06 Aug 2018 13:17:54 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Mon, 6 Aug 2018 13:17:53 -0700
From: =?UTF-8?Q?Mikkel_Fahn=C3=B8e_J=C3=B8rgensen?= <mikkelfj@gmail.com>
In-Reply-To: <5440ceb8-681a-bdf7-b663-d6ffd0682247@huitema.net>
References: <CABkgnnVFYMjWDk6zEEA8T_6qg+6qO9yAwVF70foMj4bXEdBaqQ@mail.gmail.com> <5440ceb8-681a-bdf7-b663-d6ffd0682247@huitema.net>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Mon, 6 Aug 2018 13:17:53 -0700
Message-ID: <CAN1APdeZDcGD925+WsGZR7cOjW_1Wvfg4HP6B-2Hmyr820VC=g@mail.gmail.com>
Subject: Re: The first octet
To: Martin Thomson <martin.thomson@gmail.com>, Christian Huitema <huitema@huitema.net>, quic@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fb10590572c9f87b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Z-LctpRbTuUJSrQIeYq4ES8fDq4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 20:17:57 -0000

On 6 August 2018 at 20.13.05, Christian Huitema (huitema@huitema.net) wrote:

> A. What do we want to do with unused bits? Do we want to ensure that
> they are always used? Or can they be reserved? If so, how would they
> be reserved (fixed values, random values, greasing, etc...)?

My fast-brain response would be to use random values, 0b1RRRRRxx, and do
T=octet|0b01111100 when decoding the long header. But that's probably
wrong, because of side channels, etc. The next alternative is to define
several QUIC versions, with different codes for the four long header
types. That would grease both the types and the version field, and would
probably be a better way to teach middle-boxes not to make assumptions.

You could also overlay with a mask based on PN encryption. If the mask
doesn’t match the PN that packet is invalid and can be discarded early -
useful for DoS rejection.

I know there are arguments about timing attacks etc. but I think really
fast packet rejection can be valuable defense.

I don’t like the masking idea so much if it works against removing PNE from
AEAD so decoding can happen without buffer mutation, however, if that fails
to land, the space might be as well be used constructively.