Re: [Potential Spoof] Re: Getting to consensus on packet number encryption
Jana Iyengar <jri.ietf@gmail.com> Wed, 02 May 2018 00:37 UTC
Return-Path: <jri.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC9612D7EF for <quic@ietfa.amsl.com>; Tue, 1 May 2018 17:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xL9cF3Rue8zC for <quic@ietfa.amsl.com>; Tue, 1 May 2018 17:37:06 -0700 (PDT)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACE7B12D77D for <quic@ietf.org>; Tue, 1 May 2018 17:37:05 -0700 (PDT)
Received: by mail-wr0-x244.google.com with SMTP id y15-v6so445804wrg.11 for <quic@ietf.org>; Tue, 01 May 2018 17:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=msdOv2txmb7Uxv/mDBEABFhzOuCrE/YqcfauFP8ujao=; b=apkRoSgZPzNq56zEQild1U3ki9KI/ylDsxopbRpvH5wqBvShQYXbGBt4ui6tzLVF7j kb+pAOcQ2eF2gRQR5yjkItgRHlXj4jlSZaNQMfjcB8/g6X9WOqussozLqVt8Lk8EfK+o ThhfnGvKjhpUgshPMkCrBpxgYtMLwOotrjLK/3Gj8EWDHv620bs1ikQPVhJijUz5uVlx qIp2yOTJEAI2P6mTfqX7dQNR7x943XCkSdvl9JdFGkH/5giY7R43PIeoEV3fI0jX3Lef 95DPdUA6zOzJUDgG+fzolNvIp5RT6bja0ksHuGgbIgnlAbMXEy3gfRhzewcHAVO+lmif k5/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=msdOv2txmb7Uxv/mDBEABFhzOuCrE/YqcfauFP8ujao=; b=NyfdfK5DiQiw09XbDtI9api5xQjnPfEBRmJgj/lCgkQtu4IaMO++5E/VXeF171Mu3o /MhoHz6vPwwThF6HUFlKzY59y3p/GOAqsJYizrQmaVVfquAByCUQyydyNSSBqQTCFzaK 4hRvecrZ/mk3omutKqy8pE3dMotDLVVWpp+Xi7o3QktxA3nq+Byv63X3byfvhdFEGum7 PdIv9JIhZ8Xj0HmE1y4t+O9zBvP1fuwXfMjFQdfIfT8U2GmAfFmTyw+jY7sfZ8XqnkSR QRlwCMheld1i1x9PSdd93Ak1qo2lIORkJmk4LcapF9JVcyn1jEdRlpzaLC7pq2JMaCu1 b8Kg==
X-Gm-Message-State: ALQs6tCVoujlpsFbJ4AV6iO5CGv2LERs3z4Ui0YjvJVFbzv1FS4IQLu+ Nw/V/Z160iXTapf6CufwzsSS6uu1PzATXpZ+nZ1Tsw==
X-Google-Smtp-Source: AB8JxZpmyKCAkduWsl0c9+VlfmZQr3PK4538oRiSo/vcZPwpL1h0OFMQ5cS9W+X9Eqgz6JMBEsyCph61byhdZqARLPw=
X-Received: by 2002:adf:84c3:: with SMTP id 61-v6mr13569717wrg.37.1525221424050; Tue, 01 May 2018 17:37:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.187.9 with HTTP; Tue, 1 May 2018 17:37:03 -0700 (PDT)
In-Reply-To: <01AE46C6-682C-4A21-84CD-1D8DAD6F49D9@fb.com>
References: <01AE46C6-682C-4A21-84CD-1D8DAD6F49D9@fb.com>
From: Jana Iyengar <jri.ietf@gmail.com>
Date: Tue, 01 May 2018 17:37:03 -0700
Message-ID: <CACpbDcdnmHrWMCShYd1pEDBervRKfO1pMUM8hb4tkK9nqH1Mdw@mail.gmail.com>
Subject: Re: [Potential Spoof] Re: Getting to consensus on packet number encryption
To: Roberto Peon <fenix@fb.com>
Cc: Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>, Ted Hardie <ted.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>, Benjamin Kaduk <bkaduk@akamai.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002f372d056b2e4942"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/aI3baRb7q8tlyxSIax_t6v8rTT4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 00:37:10 -0000
I'll try to summarize my position on #1079. I see two points: 1. PNE will help against ossification and also, albeit to a limited extent, linkability. 2. PNE has a CPU cost. While we can speculate, we still don't *know* what this cost will be in the context of deployment, and whether this cost will be the show-stopper. PNE's CPU cost may or may not be ameliorated by NIC implementation. We should allow PNE negotiability when we have established that this cost is worth saving. My sense is that we agree on (1). This is what #1079 is doing, so we should separate the two questions and get (1) done. Whether we do (2) or not is being discussed on this thread, and I think we can continue, but #1079 should be independently submitted. FWIW, I believe that we want to iterate on versions, and that we will want to get a v2 out as soon as we have things to get deployed that left pending in v1. Thoughts on intra-DC QUIC, related to point (2) follow: I don't think we'll reach a meaningful end to this discussion by getting into security for intra-DC protocols. I understand that there may be situations where one may have fair certainty about the deployment context and given that the security tradeoff isn't the same as disabling TLS, the bar will be substantially lower for disabling PNE. On QUIC in intra-DC environments: 1. As Igor noted, the value of QUIC in the intra-DC environments is uncertain, and I'm not yet sure that compromising on PNE for an unknown cost in an uncertain deployment context is necessarily useful. 2. Separately, I remain unconvinced, based on my experience with trying to get QUIC used for DC transport, that this cost is going to be an important factor in QUIC adoption within DCs. I agree that CPU cost is a factor, but there are much bigger things here that will need attention (segmentation offload, smaller record sizes, userspace costs) that will dominate well before this AES operation becomes a factor. This all remains speculation though. Praveen: Not making PNE optional right now does not mean we won't do it. It just means that it's an open question. I'm not yet convinced that it's a debilitating cost or one of the proverbial "million cuts" that will keep it from getting deployed intra-DC. You are right that you'll want to standardize PNE negotiation if you use multiple platforms, but surely you will be just doing this between Windows systems for a while if you start using QUIC inside the DC. That would be a great time to use versioning to run your own version within the DC, and compare the cost to IETF v1, and see if it is worth removing PNE. I hope you find other costs that are worth eliminating or changes that are worth making to the protocol too, and that they all become part of standard QUIC as a consequence. But in the meanwhile, I don't see why making it optional is necessary right now to add PNE at all. On Tue, May 1, 2018 at 4:22 PM, Roberto Peon <fenix@fb.com> wrote: > I’d suggest we start working on it now. > > This is only partly a joke ☺ > > -=R > > > > *From: *QUIC <quic-bounces@ietf.org> on behalf of Roberto Peon < > fenix@fb.com> > *Date: *Tuesday, May 1, 2018 at 4:21 PM > *To: *Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>, Ted > Hardie <ted.ietf@gmail.com> > *Cc: *"Salz, Rich" <rsalz@akamai.com>, Benjamin Kaduk <bkaduk@akamai.com>, > IETF QUIC WG <quic@ietf.org> > *Subject: *[Potential Spoof] Re: Getting to consensus on packet number > encryption > > > > Yup. I know. > > Prism was eye-opening partially because of the fact that the packets were > not going across the internet, but rather within a secure network. > > > > I believe that ossification alone is a good enough reason to do PNE. > > The cherry for me is that it, along with other actions/mitigations, makes > linkability more difficult for malicious actors. > CRIME and related was eye-opening because it exposed the power of the > observable side-channel. > > > -=R > > > > *From: *QUIC <quic-bounces@ietf.org> on behalf of Praveen Balasubramanian > <pravb=40microsoft.com@dmarc.ietf.org> > *Date: *Tuesday, May 1, 2018 at 9:35 AM > *To: *Ted Hardie <ted.ietf@gmail.com>, Roberto Peon <fenix@fb.com> > *Cc: *"Salz, Rich" <rsalz@akamai.com>, Benjamin Kaduk <bkaduk@akamai.com>, > IETF QUIC WG <quic@ietf.org> > *Subject: *RE: Getting to consensus on packet number encryption > > > > This is not about putting plaintext data on the network, this is about not > adding PNE which is intended for preventing ossification. So I don’t > understand what the trust issue being referred to is in case of the rare > misconfig. > > > > Within a DC several things are different – the deployment may need > different congestion control like DCTCP, different settings for various > transport parameters (like minrto and max ACK delay), larger flow control > window etc. This is true for TCP today. The out of box default uses the > handshake RTT to make a determination of what’s intra-DC but there is rich > configuration to override the default and set it based on 4-tuple filters. > > > > And there workloads like cloud storage and live migration that are by > virtue of deployment intra-DC. These cannot be load shifted as they use > private IP address space. > > > > *From:* Ted Hardie [mailto:ted.ietf@gmail.com] > *Sent:* Tuesday, May 1, 2018 8:55 AM > *To:* Roberto Peon <fenix@fb.com> > *Cc:* Salz, Rich <rsalz@akamai.com>; Benjamin Kaduk <bkaduk@akamai.com>; > Praveen Balasubramanian <pravb@microsoft.com>; IETF QUIC WG <quic@ietf.org > > > *Subject:* Re: Getting to consensus on packet number encryption > > > > On Tue, May 1, 2018 at 8:13 AM, Roberto Peon <fenix@fb.com> wrote: > > Also, Prism. > > > > -=R > > > > > > > > That's a little more succinct than I would be, but yes. How does an > application know that the flow it is initiating will traverse a topology > that is deemed to be within a controlled environment? You can say > "configuration" but I fear it will turn up on a post-it > <https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fi.kinja-2Dimg.com-252Fgawker-2Dmedia-252Fimage-252Fupload-252Fs-2D-2DEdu6LPu9-2D-2D-252Fc-5Fscale-252Cf-5Fauto-252Cfl-5Fprogressive-252Cq-5F80-252Cw-5F800-252F194thbtyencs0jpg.jpg-26data-3D02-257C01-257Cpravb-2540microsoft.com-257C4da44e8ac1df4708ad8808d5af7bfca8-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C636607869411258976-26sdata-3DProlSHkbF2SgMH3qdQN-252BZFokXvsEBf-252F3o9MaUnil0g8-253D-26reserved-3D0&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=C0sUo-LFNBaYfyoaCsf6TA&m=TuVfzypo-CZLo522lgMRrLpKxcFaHvW9kdNSI57lXT0&s=By2d_to7XzLEgAL3Or9cZc2Aykye-PZEenFQDviAUlw&e=>if > you do. Loads shift, resources move, and suddenly you find that host which > used to be in the same rack, being down, has load-shifted to the next > instance, in a datacenter 500 miles away across a very different network. > > Many modern deployments are also in someone else's data center, so saying > "Data center networks" doesn't say much about why you're trusting the > network inside. > > Ted > > > > Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone > > > > > > -------- Original message -------- > > From: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> > > Date: 5/1/18 5:25 AM (GMT-08:00) > > To: Benjamin Kaduk <bkaduk=40akamai.com@dmarc.ietf.org>, Praveen > Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org> > > Cc: IETF QUIC WG <quic@ietf.org> > > Subject: Re: Getting to consensus on packet number encryption > > > > > I disagree that we need any more data for not doing PNE in the > datacenter. Why would we add an extra encrypt-decrypt step for no obvious > benefit? > > I am concerned that people will mis-interpret the meaning of a datacenter, > and think that a bunch of servers, or even a rack, in an open colo space is > a "datacenter." Computers keep getting faster. > > >
- Hardware acceleration and packet number encryption Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Kazuho Oku
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Subodh Iyengar
- Re: Hardware acceleration and packet number encry… Eric Rescorla
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Christian Huitema
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Salz, Rich
- Re: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- Re: Hardware acceleration and packet number encry… Ian Swett
- RE: Hardware acceleration and packet number encry… Swindells, Thomas (Nokia - GB/Cambridge)
- RE: Hardware acceleration and packet number encry… Deval, Manasi
- Re: Hardware acceleration and packet number encry… Christian Huitema
- Re: Hardware acceleration and packet number encry… Jana Iyengar
- Re: Hardware acceleration and packet number encry… Ian Swett
- Re: Hardware acceleration and packet number encry… Watson Ladd
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- RE: Hardware acceleration and packet number encry… Mikkel Fahnøe Jørgensen
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Re: Hardware acceleration and packet number encry… Mark Nottingham
- RE: Hardware acceleration and packet number encry… Praveen Balasubramanian
- Getting to consensus on packet number encryption Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Willy Tarreau
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- ECN signaling from userland Re: Getting to consen… Lars Eggert
- Re: ECN signaling from userland Re: Getting to co… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Eric Rescorla
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- Re: Getting to consensus on packet number encrypt… Philipp S. Tiesel
- Privacy holes (was: Re: Getting to consensus on p… Christian Huitema
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Christian Huitema
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes Gorry Fairhurst
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- RE: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- RE: ECN signaling from userland Re: Getting to co… Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Frederick Kautz
- Re: Privacy holes (was: Re: Getting to consensus … Willy Tarreau
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Privacy holes (was: Re: Getting to consensus … Lubashev, Igor
- Re: Privacy holes (was: Re: Getting to consensus … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes (was: Re: Getting to consensus … Brian Trammell (IETF)
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Grips in the Wire Image for In-Network State (was… Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Mikkel Fahnøe Jørgensen
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Privacy holes Roland Zink
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Grips in the Wire Image for In-Network State … Martin Thomson
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Grips in the Wire Image for In-Network State … Brian Trammell (IETF)
- Re: Privacy holes Ian Swett
- Re: Grips in the Wire Image for In-Network State … Spencer Dawkins at IETF
- Re: Grips in the Wire Image for In-Network State … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Grips in the Wire Image for In-Network State … Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Bona fide loss measurement bits alexandre.ferrieux
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- RE: Privacy holes (was: Re: Getting to consensus … Praveen Balasubramanian
- Re: Privacy holes Christian Huitema
- RE: Privacy holes Praveen Balasubramanian
- Re: Privacy holes (was: Re: Getting to consensus … Ian Swett
- Re: Privacy holes (was: Re: Getting to consensus … Kazuho Oku
- Re: Privacy holes (was: Re: Getting to consensus … Martin Thomson
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Privacy holes (was: Re: Getting to consensus … Mike Bishop
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Mark Nottingham
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- RE: Getting to consensus on packet number encrypt… Deval, Manasi
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Mike Bishop
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Erik Kline
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Patrick McManus
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Kazuho Oku
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- Re: Getting to consensus on packet number encrypt… Jana Iyengar
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Boris Pismenny
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Ian Swett
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Martin Thomson
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Salz, Rich
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Brian Trammell (IETF)
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- Re: Getting to consensus on packet number encrypt… Ted Hardie
- RE: Getting to consensus on packet number encrypt… Lubashev, Igor
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: Getting to consensus on packet number encrypt… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Roberto Peon
- Re: [Potential Spoof] Re: Getting to consensus on… Jana Iyengar
- RE: [Potential Spoof] Re: Getting to consensus on… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Spencer Dawkins at IETF
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: [Potential Spoof] Re: Getting to consensus on… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Benjamin Kaduk
- Re: Getting to consensus on packet number encrypt… Ian Swett
- Re: Getting to consensus on packet number encrypt… Mirja Kühlewind
- RE: Getting to consensus on packet number encrypt… Roni Even (A)
- Re: Getting to consensus on packet number encrypt… Dmitri Tikhonov
- Re: Getting to consensus on packet number encrypt… Gorry Fairhurst
- RE: Getting to consensus on packet number encrypt… Praveen Balasubramanian
- Re: Getting to consensus on packet number encrypt… Christian Huitema
- Re: Getting to consensus on packet number encrypt… Mikkel Fahnøe Jørgensen
- Re: Getting to consensus on packet number encrypt… Christian Huitema