IETF Logo Mail Archive

Re: Authentication in draft-kuhn-quic-bdpframe-extension

Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 06 November 2023 12:50 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1295EC18E18F for <quic@ietfa.amsl.com>; Mon, 6 Nov 2023 04:50:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0D7HLNqtqPZf for <quic@ietfa.amsl.com>; Mon, 6 Nov 2023 04:50:12 -0800 (PST)
Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA359C1B031E for <quic@ietf.org>; Mon, 6 Nov 2023 04:50:10 -0800 (PST)
Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-1efad296d42so2761965fac.2 for <quic@ietf.org>; Mon, 06 Nov 2023 04:50:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699275009; x=1699879809; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+9nLLx7gAxgQBS+z5HOQ/FMqvSJ5hBJd//Xjss0YjSg=; b=eAJ1sXdKYt+s8alsd2iKYQUA6ZQVusHwM5IrwmGKWPVHXvyoc7que67i3o0mOSdZ08 6SPCXmx1a/hZ1Zffzuy6kRu6R0lR8xpaiO5dt8O0FO9dpOyr90yu+E1fnA2YLdXcznXg rjkC96iGqKIBDQLu8A2LD7xpN3f5MiHGqMuJ4U4YVSipVDfm269hi++1Ic2nWvZ6ksRJ NWr78+459ZeKTWU4nvKtJRmgx5q8U7CHdmDN/8FsOH1GNgjxIlTTF3Godu0ys2WJR/yR UtvbyzH/GmzbVEH/cHBuc33GiEjMno6gd5EuRnP3e6MCkrR/VdHiMJ2gEwaGeHMei5vW LBXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699275009; x=1699879809; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+9nLLx7gAxgQBS+z5HOQ/FMqvSJ5hBJd//Xjss0YjSg=; b=X3fnSTtv5Q5YAg6ebXa1p6n/0bjcRbMsGxvvS+wUUlgUo2KVIDwM3YYq6Dkb5wc4wR RFrUqiXXPgupchVe+u2HlIV+GRHaRSQYocr1nVw25VRUu38R1l1XF1TlNgHQa/sVAtNg C2nx1oN+Y8e6pf5hhRBEpeQPuPyFiwmy+gbi3h6yVixk0aygeW4rbiDHG5PasKHf1ILs upX5wLvuiphccfMTI+Fy+TExO+4/GwEwJS4a3+seaeVjOBn7eHJYcx7iukYWF8B8JbLa lWVOZ/neDjctEyq1Fdv9UHdT9zowQMGQRKKIMkbWaNWAZW1ChLhISuiZPWjTpOC0wMPw wOQA==
X-Gm-Message-State: AOJu0YzRQRMp4GsxgXyTqLxTl7b/Jfj1Rj1ENU43EehQ8m2NHLMTdm0v X+cg5PrBcrpppaJ4LVVONZvb8rnJLLozLexOfAI=
X-Google-Smtp-Source: AGHT+IGgUBvBAN4vHy0I6qPs6lD3DQW/81NyLzUzkCsLSHelRIfg7XYF4Cf4XRhHNyRi+Lsqb7XePb0+7XrRWVMnRR0=
X-Received: by 2002:a05:6870:cd93:b0:1e9:a713:7ad6 with SMTP id xb19-20020a056870cd9300b001e9a7137ad6mr38646943oab.44.1699275009648; Mon, 06 Nov 2023 04:50:09 -0800 (PST)
MIME-Version: 1.0
References: <CAMEWqGsGCEhC97Yt-r9YBwGCPxH6+OGj7GfTmomMDJBD6S_ZBQ@mail.gmail.com> <a7d79746-59b3-4dd5-ad74-2810ac685ec5@erg.abdn.ac.uk> <CALGR9oZRReig2_dEsbtx+ODKoaZTkKp6C5gcQZVPd_gnnWbX1Q@mail.gmail.com> <edb12370-dcba-49d7-9b2a-72660e059513@gmail.com> <18cef84568cc444f95bd8c2bc13e81b1@orange.com> <1ed18563-6de2-4d62-b6f7-b525ef6c1360@erg.abdn.ac.uk> <4f02fdee6cbf4c7aae472f2f0c177cc0@orange.com> <CANatvzzU_8OZuG7MS8dQAcyv0DSj9YegOsG3a6LifjqRncdHbQ@mail.gmail.com> <CAOYVs2o6emJ2FwtsDd83oi2L3T5rK2nB=3MUe82sFPOrtkcE_Q@mail.gmail.com> <b9229510-6c05-4f21-8b07-ea9036dea30a@erg.abdn.ac.uk> <CAOYVs2os7=AVXwp2X2dW43zJzMh8JZ9Wy6WHZWBFi3uUFEZF6g@mail.gmail.com> <CANatvzyVhMO3Zn9pt5sWGOFBbevRSSp1+8QiK+Uvs061trbuaw@mail.gmail.com> <80e7607e-f354-40d4-9346-6bdb798b5ad2@erg.abdn.ac.uk> <CANatvzzL7ip_oAtLwS2BO1qz6ztJzXVfuNnUJDPyuvZn2+9b+A@mail.gmail.com> <bf57250b-1aa2-4b9b-bfff-c3d8ec9bc445@erg.abdn.ac.uk>
In-Reply-To: <bf57250b-1aa2-4b9b-bfff-c3d8ec9bc445@erg.abdn.ac.uk>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 06 Nov 2023 12:49:58 +0000
Message-ID: <CALGR9oYvz7K0EnD7VA2E-=XDKNwYuCZvLbuF2uuisWRS41aDRw@mail.gmail.com>
Subject: Re: Authentication in draft-kuhn-quic-bdpframe-extension
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: Kazuho Oku <kazuhooku@gmail.com>, Marten Seemann <martenseemann@gmail.com>, Emile Stephan <emile.stephan@orange.com>, Nicolas Kuhn <nicolas.kuhn.ietf@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000536d2d06097b4bce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_FgnGQxWEFVoo67lgXirDdkgNBE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 12:50:13 -0000

To pick up on one point:

On Mon, 6 Nov 2023, 13:38 Gorry Fairhurst, <gorry@erg.abdn.ac.uk> wrote:

> See below:
>
> On 06/11/2023 10:59, Kazuho Oku wrote:
>
>
>
> 2023年11月6日(月) 10:08 Gorry Fairhurst <gorry@erg.abdn.ac.uk>:
>
>> On 05/11/2023 15:49, Kazuho Oku wrote:
>>
>>
>>
>> 2023年11月5日(日) 16:41 Marten Seemann <martenseemann@gmail.com>:
>>
>>> > On different CC's: the set of parameters exchanged are fairly generic,
>>> and I think it's very likely a client will use the same CC to talk to the
>>> same server when it next resumes a session, so I am unsure i share the
>>> concern about different CCs.
>>>
>>> Gorry, I might be misreading the draft, but in my understanding the
>>> BDP_FRAME frame is used by servers to offload state to the client, not the
>>> other way around, so your argument should be that the server will use the
>>> same CC on the original and the resumed connection. The client might also
>>> remember CC parameters, but they wouldn't be sent on the wire.
>>> My argument here is twofold: If this frame is supposed to be read and
>>> acted upon by the client, you now have to deal with the situation where
>>> client and server use different CCs, which will lead to problems if server
>>> and client don't use the same CC. On the other hand, if the frame is not
>>> supposed to be acted upon by the client, there's no reason to use a frame
>>> in the first place, as servers can just unilaterally decide to put the
>>> information into the token.
>>>
>>
>> FWIW, in case of quicly I'm not sure we'd want to use CWND and current
>> RTT to calculate the jump CWND.
>>
>>
>> That is because quicly has a delivery rate estimate based on ACK clock
>> that gives us a better estimation of the available bandwidth; we'd prefer
>> using that and the min RTT.
>>
>> Sure. This makes this interesting, and I know that ACK'ed rate can have
>> advantages.
>>
>>
>> As such, I'm not sure if having a standard definition of a BDP frame
>> would help server implementers.
>>
>> I don't agree (yet?) The CC params that are used are to characterise the
>> path, and have two roles - to enable "reconnaisance" in CR and to decide
>> upon the unvalidate jump size.  This needs at least a saved RTT value and a
>> rate/window.
>>
>> While I agree using rate is different to cwnd, for this specific purpose,
>> isn't it possible to simply used  saved cwnd = rate*RTT? II think we might
>> be able to agree on parameters for this specific use.
>>
> The problem is that the kind of RTT that we want to choose can be
> different depending on if we have ack clock or if we rely on CWND.
>
> When ack clock is available, it would make sense to use idle RTT, because
> that resembles the state of connection when we are not sending much data
> (i.e., at the beginning of the connection). I think we should be comparing
> the previous idle RTT and the new initial RTT in this case.
>
> Right, this seems fine. This is why we called it "capacity" ... in recent
> drafts, let's agreee on a term for the next rev!
>
>
> But when relying on CWND, it would make more sense to send SRTT, CWND
> changes depending on the size of the bottleneck buffer as well.
>
> Also, because CWND is an unconfirmed estimate of the path, it can be 2x as
> large (at the end of slow start), calculation of CR has to be more
> conservative than when jumping based on the ack clock.
>
> Sure, so iin observation phase CR stores a  "saved_capacity" (if we
> conbtinue  to call it that), which ought toi be calculated in the correct
> way by the sender to measure the capacity. We have some text in the Careful
> Resume text to say this ought to not include over buffering or data-limited
> moments - if people think it useful, we can certainly add more text for
> scenarios using different CCs.  (We haven't yet, because the CC saving the
> params, is in most cases the CC using the params for CR.)
>

>From a protocol deployability perspective, we should expect that larger
fleets of servers will be wanting to run multivariate testing of CCs in a
way that doesn't require any coordination with the peer. For example, if I
want to experiment with something I might deploy to canary machines or some
subset of machines, and clients have limited-to-no influence on how resumed
connections are traffic steered.

A token-based approach provides some attractiveness. I can encode private
information there to help me decide what to do with it later.

Cheers
Lucas

v2.23.0 | Report a Bug | By Email