IETF Logo Mail Archive

Re: Read-out on offline connection ID discussion

Roberto Peon <fenix@fb.com> Wed, 24 January 2018 23:57 UTC

Return-Path: <prvs=45620a3ca9=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15BAC12D830 for <quic@ietfa.amsl.com>; Wed, 24 Jan 2018 15:57:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=dCFEpGCA; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=eCvjsKA4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZzO9QApIA95 for <quic@ietfa.amsl.com>; Wed, 24 Jan 2018 15:57:04 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 165F7127078 for <quic@ietf.org>; Wed, 24 Jan 2018 15:57:04 -0800 (PST)
Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w0ONrwux007320; Wed, 24 Jan 2018 15:56:56 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=EPR3speCOCEGmQiGcpUDu54eZ8w81rIJCxB+Z4Iljmc=; b=dCFEpGCAP7RajV8TLgIixk5Xy9S1l1eO5wIjbS27pHZg3gxYSBnaz15haDoHlLIo7ANa qInni5xwjy/+ypmPAgJPXePRbgfQLwQWKeVwlXGkMkSesbw8jO4H+uHWkr8CcF6xsKd7 WW0dOd2vbrVd5qmAjVXxKxKQjx/l0qC3IQI=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2fq1sw8h08-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 24 Jan 2018 15:56:56 -0800
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.13) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 24 Jan 2018 15:51:38 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EPR3speCOCEGmQiGcpUDu54eZ8w81rIJCxB+Z4Iljmc=; b=eCvjsKA4JIwEDQWKxpAI/WVqvVmZ8hGEWOlhwq7VT4YkOoSl0P0GjGMl9rWsYsPXthXM4TG0EGCf+CD4CGLl3/YoEQcYfPO1IK2jN76Nd6tbLT7aZYW2elqMcLDrLyfVdwfUGxSCguWQ43sBM6NnGMRSMneywG+L7KUA1ofK6/M=
Received: from DM5PR1501MB2183.namprd15.prod.outlook.com (52.132.131.33) by DM5PR1501MB2182.namprd15.prod.outlook.com (52.132.131.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.17; Wed, 24 Jan 2018 23:51:28 +0000
Received: from DM5PR1501MB2183.namprd15.prod.outlook.com ([fe80::d456:358e:8371:a44a]) by DM5PR1501MB2183.namprd15.prod.outlook.com ([fe80::d456:358e:8371:a44a%13]) with mapi id 15.20.0428.014; Wed, 24 Jan 2018 23:51:28 +0000
From: Roberto Peon <fenix@fb.com>
To: "Lubashev, Igor" <ilubashe@akamai.com>, Christian Huitema <huitema@huitema.net>, Eric Rescorla <ekr@rtfm.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
CC: IETF QUIC WG <quic@ietf.org>
Subject: Re: Read-out on offline connection ID discussion
Thread-Topic: Read-out on offline connection ID discussion
Thread-Index: AQHTlWQIcw/rnBpHIU2EI+BcfJeacaODoNeAgAAHCICAAAKVAIAABdAAgAAAncc=
Date: Wed, 24 Jan 2018 23:51:28 +0000
Message-ID: <DM5PR1501MB218377CAC296DA62336310DDCDE20@DM5PR1501MB2183.namprd15.prod.outlook.com>
References: <CABcZeBO8UcdsPPp7D-3gZW8tuDqNhP-z+O1+WH=68KjbfYMr5A@mail.gmail.com> <CAN1APdewkGQULckLb6F4rEzcPtiFJPBVBQbkcNeupK3d+r6Sow@mail.gmail.com> <CABcZeBO2iRrFXNgLD1AsxmwRJ+Pz6USadWGeU5vb12Pu9eOyog@mail.gmail.com> <da03a2b1-5b81-338d-4e7b-5fd7dd0aeab6@huitema.net>, <04b6b53ef8f7490bbbfb03c3526022f8@usma1ex-dag1mb5.msg.corp.akamai.com>
In-Reply-To: <04b6b53ef8f7490bbbfb03c3526022f8@usma1ex-dag1mb5.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [131.170.5.21]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR1501MB2182; 7:ertrt/H0o29S1QNUVqqD162+ETSVMAnJB+5PIL2TAey1ELpLEJqDuYCxeGKZ3+LszqTBtynkl1b9PCjlAMjLdT6cHe2KgJ5zxnHUaVhv4Fpxxh+4oSl03KfKbnMiIFaTB4XsTb8cduw72lDw9MRduaSeld9GYNuE8v/zIW97ZSwja9m8IfhB5ZTbGRPPpUBoJDEgjdtN1ALDbCcsn9STIxIYt9HIHoKp/2exec9u5rQleLiflYQTxhE00Wui1VFU; 20:C+fJuPU63pzwAKqQ2PmO83POX7ODRZQlHq0zPfukPtLWfU7mZxlfmN8EEDYh7BuhzhYLA3nr+DpzZWpFUb+Ks03RKAd8Z17pnefxJIGAcU4i85rgQw7vSt6jQm2vSy9+dSdRTlb45qiS0JXz+5YFhDwm1AC5aFRX/hbXuSPZs9s=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: bd52ce36-c9d2-474a-a38f-08d5638562dd
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:DM5PR1501MB2182;
x-ms-traffictypediagnostic: DM5PR1501MB2182:
x-microsoft-antispam-prvs: <DM5PR1501MB21826DDE08487A122E17051ECDE20@DM5PR1501MB2182.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231023)(11241501184)(2400081)(944501161)(3002001)(6041288)(20161123564045)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR1501MB2182; BCL:0; PCL:0; RULEID:; SRVR:DM5PR1501MB2182;
x-forefront-prvs: 056297E276
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(366004)(396003)(39380400002)(346002)(199004)(189003)(13464003)(105586002)(102836004)(8676002)(106356001)(93886005)(3280700002)(53546011)(5660300001)(7736002)(25786009)(74316002)(81166006)(6506007)(7696005)(2950100002)(81156014)(99286004)(5250100002)(39060400002)(6606003)(316002)(2900100001)(186003)(54896002)(53936002)(9686003)(236005)(76176011)(66066001)(110136005)(33656002)(6246003)(2906002)(229853002)(55016002)(19627405001)(14454004)(8936002)(4326008)(68736007)(3846002)(6116002)(6436002)(478600001)(86362001)(3660700001)(97736004)(26005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR1501MB2182; H:DM5PR1501MB2183.namprd15.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: VmYU7zDqXvd6gauuTTH6vk1L3fY9VFgR2uEZqXh1e+K6XrMac0WN8TlOqM3QdL4xn+B8T+tcDwlWnpu/SH1r0Q==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR1501MB218377CAC296DA62336310DDCDE20DM5PR1501MB2183_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: bd52ce36-c9d2-474a-a38f-08d5638562dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2018 23:51:28.1723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1501MB2182
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-24_09:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/baWuUPOywrG8yYC_YMl7spUSAzs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 23:57:06 -0000

Imagine allowing the server to send multiple CIDs, and provide the server with some revocation mechanism (TTL or explicit, or what-have-you).

A client may use any of these CIDs until they are revoked.

Thus, a server which cares to prevent ossification could provide multiple CIDs, and the client could switch between them on a per-packet basis.

-=R

________________________________
From: QUIC <quic-bounces@ietf.org> on behalf of Lubashev, Igor <ilubashe@akamai.com>
Sent: Wednesday, January 24, 2018 3:46:16 PM
To: Christian Huitema; Eric Rescorla; Mikkel Fahnøe Jørgensen
Cc: IETF QUIC WG
Subject: RE: Read-out on offline connection ID discussion

> But I am concerned that the specific length, and maybe the clear text prefixes of a CID, can be used for fingerprinting, and then provide linkability.

I would expect non-trivial things to CIDs done by servers in client-server scenarios, so you are fingerprinting the server, not the client.  Ae you concerned with a p2p case?

- Igor

-----Original Message-----
From: Christian Huitema [mailto:huitema@huitema.net]
Sent: Wednesday, January 24, 2018 6:25 PM
To: Eric Rescorla <ekr@rtfm.com>; Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
Subject: Re: Read-out on offline connection ID discussion

I get the argument for 16+n, var length, etc. But I am concerned that the specific length, and maybe the clear text prefixes of a CID, can be used for fingerprinting, and then provide linkability.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email