Re: Quic: the Elephant in the Room
David Schinazi <dschinazi.ietf@gmail.com> Tue, 20 April 2021 17:20 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCB73A0BDE for <quic@ietfa.amsl.com>; Tue, 20 Apr 2021 10:20:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id euhQPIoyM1vX for <quic@ietfa.amsl.com>; Tue, 20 Apr 2021 10:20:35 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F3EF3A0BED for <quic@ietf.org>; Tue, 20 Apr 2021 10:20:34 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id v13so6444870ple.9 for <quic@ietf.org>; Tue, 20 Apr 2021 10:20:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kkv9QUmmCIreaTApeRoQoyfUT6AkCQmNe63jAMHNZHg=; b=ZxQ9kn3JENGvderRpxj4j8i1z9jZv4h9rjQ5tjjE1aO62Uyk6bbbuXVtdUpbpDgPg5 IQgGxeubWnVhjYjKGQvzR0buGQi9ixpuUCUOAPS794SEihT3KTRQQQHd9ghxbwvrPikL wnxqTd9vhyoekl1jsoNlPWAVC10ISqm/PiIOxa120VrLpegfLodfjT0L1VIXkV56VvPC +ihGITx7KWE+GzE036JuAeLoR87cbKuZBwoJ2r7hUys9zROuwtSmhYcBhGJXzfnqGoxl aJ9WtPANNzLB6s0z/J5r+EXJT+Bnn7lzc8E8QmZWpAtoJukl6Sp6FMl+VbxoHINpS5qG TKmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kkv9QUmmCIreaTApeRoQoyfUT6AkCQmNe63jAMHNZHg=; b=T7a9hu3qS5HAqEhhubwjh+/CUqVPmoSG7/Dly+waepqYi7sls7AiTxiRj7ZOxMb5FE P/G7Q6NDrdGTn0b97NoRpJDAoXhUtUwKStT0hfm8BgZrSEyXhwRghOXW8hcmWpuVuNEv QFsvsHIxAkvr759rCwBRxmzx/rqWmruPRganAXFZm563Y8lcTYEIjTC9FkGoutFh/vq+ CZ8Nf1Jc6eKVzHnkBQVwic8MgkAI0dtdkWgqYA+gKdURgkDfkTJAH2pm3VBR1MijynoN 7O+wTFpHmKXOv9RAUoETU2gRgS+YyJpNbpdC4HNjlN8hzZBwG0uvA6n2D2EbDc492PGj dvEQ==
X-Gm-Message-State: AOAM531nuco+rfJzszuO2fh94xV9i9PAn5h0natTM/Vif3uokM4dOj9q C10pxFtXXRmEvoZm8tKWh3VoQpkXSH3E9xCn01Y=
X-Google-Smtp-Source: ABdhPJzBWBPRY/q7OaYu/roTE6pM1McEUtPPqzfLytXziNK8HqPdoeeQ7uFU4VaK84vjooAinxPpKYRLwFzk/Xm4VmE=
X-Received: by 2002:a17:90b:390f:: with SMTP id ob15mr6072524pjb.100.1618939233545; Tue, 20 Apr 2021 10:20:33 -0700 (PDT)
MIME-Version: 1.0
References: <311e3e67-2e87-1650-22b3-614378fbf88f@mtcc.com> <CADdTf+jRMfNo1EiFBj-fOeZJkKM2TCvN9yJFEmJEVcZj5JMD_Q@mail.gmail.com> <e5856173-5c7a-1f2b-3be0-b2a155786ff8@mtcc.com> <CALGR9oY0-aVT+Hv0gj45pxwH7zxTw=TVpQGqCVC2NFCa+y16JA@mail.gmail.com> <4191ed66-11e4-7ac6-bd0d-d4713dd0873b@mtcc.com> <CAPDSy+6rWkgB49RKThFCsBLdMjquBBX9=h-Mz9AMAknu=2KhEA@mail.gmail.com> <2c400bd6-30cf-c46f-6e87-9ca62ef25ed2@mtcc.com>
In-Reply-To: <2c400bd6-30cf-c46f-6e87-9ca62ef25ed2@mtcc.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 20 Apr 2021 10:20:22 -0700
Message-ID: <CAPDSy+55oPNi8DBkQO+XGyrBMMB4kMLtVnDVU75Myh116jnwbw@mail.gmail.com>
Subject: Re: Quic: the Elephant in the Room
To: Michael Thomas <mike@mtcc.com>
Cc: Lucas Pardue <lucaspardue.24.7@gmail.com>, IETF QUIC WG <quic@ietf.org>, Matt Joras <matt.joras@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000edb08f05c06aa9bc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/cMstcQlJf6-itGqzarIIJlDKpGw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 17:20:40 -0000
Cutting down the number of packets was never a goal for QUIC. The goal was to save round trips in connection establishment, as that significantly impacts user-visible latency. The number of packets only slightly increases the probability of loss during the handshake which can be correlated to user-visible latency, but much less. I'm not saying that a 3-packet handshake would be bad, I'm saying that it's not worth boiling the ocean to remove 2 packets. I'll also note that your proposal doesn't fully reduce the number of packets because you still need a DNS TLSA request and response, and loss of those is much worse as DNS retransmissions are less optimized. David On Tue, Apr 20, 2021 at 10:15 AM Michael Thomas <mike@mtcc.com> wrote: > > On 4/20/21 10:07 AM, David Schinazi wrote: > > Hi Mike, > > I read your blog post, and I failed to find what problem you're trying to > solve. > The fact that some handshakes spend a couple packets on certificates? > We can actually quantify the user-visible impact of the handshake size, and > from everything I've seen this particular topic isn't impactful enough to > solve, > apart from ensuring support for RFC 8879. It's even less realistic if the > solution involves the minor task of switching PKIs and roots of trust. > Speaking as one of the QUIC tech leads at a "Google-like company", I can > ensure you that we don't spend time on experiments that don't benefit > users. > It seems that you have a solution in search of a problem here. > > I thought the entire point of QUIC (aside from HoL blocking) was to cut > down the number of packets needed to start a connection. From what I can > tell, it takes it from an 8 packet exchange to a 5 packet exchange. If you > were to use a DANE-like solution that would be a 3 packet exchange most of > the time. Why is a 5 packet exchange good but a 3 packet exchange not? > > Mike > > > > David > > On Mon, Apr 19, 2021 at 3:39 PM Michael Thomas <mike@mtcc.com> wrote: > >> >> On 4/19/21 3:33 PM, Lucas Pardue wrote: >> > I'm struggling to see what the problem statement that is unique to the >> > QUIC protocol is. >> > >> > That certificates can be large is not new information, it was a prime >> > motivator for RFC 7924 [1] and RFC 8879 [2]. >> > >> > Operators can, of course, experiment with new optimal ways of doing >> > things. The broader IETF community is likely interested in the outcome >> > of such experiments. Since QUIC version 1 uses TLS, any changes that >> > stand to improve a QUIC handshake would likely be applicable to TLS >> > too. So the concept of replacing current TLS mechanisms with the DNS >> > doesn't seem to be something the QUIC WG should be leading. Should >> > such work identify QUIC protocol design evolution or extension, then >> > it could be suitable for WG consideration. >> > >> I'm not asking this working group to do anything. Just socializing >> something that generated a lot of discussion on the IETF list that might >> be of interest to the Quic community. >> >> Mike >> >>
- Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Matt Joras
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Paul Vixie
- Re: Quic: the Elephant in the Room Matt Joras
- Re: Quic: the Elephant in the Room Roberto Peon
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Lucas Pardue
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room David Schinazi
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room David Schinazi
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Lucas Pardue
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Eric Rescorla
- Re: Quic: the Elephant in the Room Phillip Hallam-Baker
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Eric Rescorla
- Re: Quic: the Elephant in the Room Lucas Pardue
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Lars Eggert
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Lars Eggert
- Re: Quic: the Elephant in the Room Michael Thomas
- Re: Quic: the Elephant in the Room Phillip Hallam-Baker