Re: Authentication in draft-kuhn-quic-bdpframe-extension
Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 06 November 2023 12:50 UTC
Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1295EC18E18F for <quic@ietfa.amsl.com>; Mon, 6 Nov 2023 04:50:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0D7HLNqtqPZf for <quic@ietfa.amsl.com>; Mon, 6 Nov 2023 04:50:12 -0800 (PST)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA359C1B031E for <quic@ietf.org>; Mon, 6 Nov 2023 04:50:10 -0800 (PST)
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-1efad296d42so2761965fac.2 for <quic@ietf.org>; Mon, 06 Nov 2023 04:50:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699275009; x=1699879809; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+9nLLx7gAxgQBS+z5HOQ/FMqvSJ5hBJd//Xjss0YjSg=; b=eAJ1sXdKYt+s8alsd2iKYQUA6ZQVusHwM5IrwmGKWPVHXvyoc7que67i3o0mOSdZ08 6SPCXmx1a/hZ1Zffzuy6kRu6R0lR8xpaiO5dt8O0FO9dpOyr90yu+E1fnA2YLdXcznXg rjkC96iGqKIBDQLu8A2LD7xpN3f5MiHGqMuJ4U4YVSipVDfm269hi++1Ic2nWvZ6ksRJ NWr78+459ZeKTWU4nvKtJRmgx5q8U7CHdmDN/8FsOH1GNgjxIlTTF3Godu0ys2WJR/yR UtvbyzH/GmzbVEH/cHBuc33GiEjMno6gd5EuRnP3e6MCkrR/VdHiMJ2gEwaGeHMei5vW LBXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699275009; x=1699879809; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+9nLLx7gAxgQBS+z5HOQ/FMqvSJ5hBJd//Xjss0YjSg=; b=X3fnSTtv5Q5YAg6ebXa1p6n/0bjcRbMsGxvvS+wUUlgUo2KVIDwM3YYq6Dkb5wc4wR RFrUqiXXPgupchVe+u2HlIV+GRHaRSQYocr1nVw25VRUu38R1l1XF1TlNgHQa/sVAtNg C2nx1oN+Y8e6pf5hhRBEpeQPuPyFiwmy+gbi3h6yVixk0aygeW4rbiDHG5PasKHf1ILs upX5wLvuiphccfMTI+Fy+TExO+4/GwEwJS4a3+seaeVjOBn7eHJYcx7iukYWF8B8JbLa lWVOZ/neDjctEyq1Fdv9UHdT9zowQMGQRKKIMkbWaNWAZW1ChLhISuiZPWjTpOC0wMPw wOQA==
X-Gm-Message-State: AOJu0YzRQRMp4GsxgXyTqLxTl7b/Jfj1Rj1ENU43EehQ8m2NHLMTdm0v X+cg5PrBcrpppaJ4LVVONZvb8rnJLLozLexOfAI=
X-Google-Smtp-Source: AGHT+IGgUBvBAN4vHy0I6qPs6lD3DQW/81NyLzUzkCsLSHelRIfg7XYF4Cf4XRhHNyRi+Lsqb7XePb0+7XrRWVMnRR0=
X-Received: by 2002:a05:6870:cd93:b0:1e9:a713:7ad6 with SMTP id xb19-20020a056870cd9300b001e9a7137ad6mr38646943oab.44.1699275009648; Mon, 06 Nov 2023 04:50:09 -0800 (PST)
MIME-Version: 1.0
References: <CAMEWqGsGCEhC97Yt-r9YBwGCPxH6+OGj7GfTmomMDJBD6S_ZBQ@mail.gmail.com> <a7d79746-59b3-4dd5-ad74-2810ac685ec5@erg.abdn.ac.uk> <CALGR9oZRReig2_dEsbtx+ODKoaZTkKp6C5gcQZVPd_gnnWbX1Q@mail.gmail.com> <edb12370-dcba-49d7-9b2a-72660e059513@gmail.com> <18cef84568cc444f95bd8c2bc13e81b1@orange.com> <1ed18563-6de2-4d62-b6f7-b525ef6c1360@erg.abdn.ac.uk> <4f02fdee6cbf4c7aae472f2f0c177cc0@orange.com> <CANatvzzU_8OZuG7MS8dQAcyv0DSj9YegOsG3a6LifjqRncdHbQ@mail.gmail.com> <CAOYVs2o6emJ2FwtsDd83oi2L3T5rK2nB=3MUe82sFPOrtkcE_Q@mail.gmail.com> <b9229510-6c05-4f21-8b07-ea9036dea30a@erg.abdn.ac.uk> <CAOYVs2os7=AVXwp2X2dW43zJzMh8JZ9Wy6WHZWBFi3uUFEZF6g@mail.gmail.com> <CANatvzyVhMO3Zn9pt5sWGOFBbevRSSp1+8QiK+Uvs061trbuaw@mail.gmail.com> <80e7607e-f354-40d4-9346-6bdb798b5ad2@erg.abdn.ac.uk> <CANatvzzL7ip_oAtLwS2BO1qz6ztJzXVfuNnUJDPyuvZn2+9b+A@mail.gmail.com> <bf57250b-1aa2-4b9b-bfff-c3d8ec9bc445@erg.abdn.ac.uk>
In-Reply-To: <bf57250b-1aa2-4b9b-bfff-c3d8ec9bc445@erg.abdn.ac.uk>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 06 Nov 2023 12:49:58 +0000
Message-ID: <CALGR9oYvz7K0EnD7VA2E-=XDKNwYuCZvLbuF2uuisWRS41aDRw@mail.gmail.com>
Subject: Re: Authentication in draft-kuhn-quic-bdpframe-extension
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: Kazuho Oku <kazuhooku@gmail.com>, Marten Seemann <martenseemann@gmail.com>, Emile Stephan <emile.stephan@orange.com>, Nicolas Kuhn <nicolas.kuhn.ietf@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000536d2d06097b4bce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_FgnGQxWEFVoo67lgXirDdkgNBE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 12:50:13 -0000
To pick up on one point: On Mon, 6 Nov 2023, 13:38 Gorry Fairhurst, <gorry@erg.abdn.ac.uk> wrote: > See below: > > On 06/11/2023 10:59, Kazuho Oku wrote: > > > > 2023年11月6日(月) 10:08 Gorry Fairhurst <gorry@erg.abdn.ac.uk>: > >> On 05/11/2023 15:49, Kazuho Oku wrote: >> >> >> >> 2023年11月5日(日) 16:41 Marten Seemann <martenseemann@gmail.com>: >> >>> > On different CC's: the set of parameters exchanged are fairly generic, >>> and I think it's very likely a client will use the same CC to talk to the >>> same server when it next resumes a session, so I am unsure i share the >>> concern about different CCs. >>> >>> Gorry, I might be misreading the draft, but in my understanding the >>> BDP_FRAME frame is used by servers to offload state to the client, not the >>> other way around, so your argument should be that the server will use the >>> same CC on the original and the resumed connection. The client might also >>> remember CC parameters, but they wouldn't be sent on the wire. >>> My argument here is twofold: If this frame is supposed to be read and >>> acted upon by the client, you now have to deal with the situation where >>> client and server use different CCs, which will lead to problems if server >>> and client don't use the same CC. On the other hand, if the frame is not >>> supposed to be acted upon by the client, there's no reason to use a frame >>> in the first place, as servers can just unilaterally decide to put the >>> information into the token. >>> >> >> FWIW, in case of quicly I'm not sure we'd want to use CWND and current >> RTT to calculate the jump CWND. >> >> >> That is because quicly has a delivery rate estimate based on ACK clock >> that gives us a better estimation of the available bandwidth; we'd prefer >> using that and the min RTT. >> >> Sure. This makes this interesting, and I know that ACK'ed rate can have >> advantages. >> >> >> As such, I'm not sure if having a standard definition of a BDP frame >> would help server implementers. >> >> I don't agree (yet?) The CC params that are used are to characterise the >> path, and have two roles - to enable "reconnaisance" in CR and to decide >> upon the unvalidate jump size. This needs at least a saved RTT value and a >> rate/window. >> >> While I agree using rate is different to cwnd, for this specific purpose, >> isn't it possible to simply used saved cwnd = rate*RTT? II think we might >> be able to agree on parameters for this specific use. >> > The problem is that the kind of RTT that we want to choose can be > different depending on if we have ack clock or if we rely on CWND. > > When ack clock is available, it would make sense to use idle RTT, because > that resembles the state of connection when we are not sending much data > (i.e., at the beginning of the connection). I think we should be comparing > the previous idle RTT and the new initial RTT in this case. > > Right, this seems fine. This is why we called it "capacity" ... in recent > drafts, let's agreee on a term for the next rev! > > > But when relying on CWND, it would make more sense to send SRTT, CWND > changes depending on the size of the bottleneck buffer as well. > > Also, because CWND is an unconfirmed estimate of the path, it can be 2x as > large (at the end of slow start), calculation of CR has to be more > conservative than when jumping based on the ack clock. > > Sure, so iin observation phase CR stores a "saved_capacity" (if we > conbtinue to call it that), which ought toi be calculated in the correct > way by the sender to measure the capacity. We have some text in the Careful > Resume text to say this ought to not include over buffering or data-limited > moments - if people think it useful, we can certainly add more text for > scenarios using different CCs. (We haven't yet, because the CC saving the > params, is in most cases the CC using the params for CR.) > >From a protocol deployability perspective, we should expect that larger fleets of servers will be wanting to run multivariate testing of CCs in a way that doesn't require any coordination with the peer. For example, if I want to experiment with something I might deploy to canary machines or some subset of machines, and clients have limited-to-no influence on how resumed connections are traffic steered. A token-based approach provides some attractiveness. I can encode private information there to help me decide what to do with it later. Cheers Lucas
- Authentication in draft-kuhn-quic-bdpframe-extens… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Watson Ladd
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Martin Thomson
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst