Re: A question about user tracking with QUIC

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Mon, 07 June 2021 13:36 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE8A3A1686 for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 06:36:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CEjqXhnzo_A for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 06:36:35 -0700 (PDT)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 812413A167A for <quic@ietf.org>; Mon, 7 Jun 2021 06:36:35 -0700 (PDT)
Received: by mail-wm1-x333.google.com with SMTP id k5-20020a05600c1c85b02901affeec3ef8so2375908wms.0 for <quic@ietf.org>; Mon, 07 Jun 2021 06:36:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4EJytF6ADOLviqiOm6RSiCkuXf5zPkHocVJ8RYUlho=; b=aHZbvMSD6ZodDt8/apLuZmFKl7nOpLp6z50m6x8vTzHigwyEDuPvKzIC/IdlQaby0Y /TIPFEKr54pVFzpdKM5zqOPT7hjouxyzhvTUtZ4ZAoVNQaLBhe+5IQ8ZM8vHGYOGHO9q hrSvHEE9+OlVfAgtYEcdsmfb/hMSv3xSxzt93nddFeU6AJg8Hg4NppVFoEdmKYVRNT3l 0O6vzh3CguLTKiBYh/0kFFNlEeZjuUCy5/DSTcsAa/cjJma61vbp4MiaE7ytZ4rn06mL oKQechfqkn5l1gwhUs5f5LKUPakxt6PleVFJHulc6s9+qSnhSiGcmRxdqPAqUNxs6k7q a7VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=s4EJytF6ADOLviqiOm6RSiCkuXf5zPkHocVJ8RYUlho=; b=VqitAsq1+UzBPuxdSCxgT3CxVJqFyljPNbZgRgN91hsrbAzMg+mlQu55Ns66MIKGxn rZ3hqxzFByVe4bcUg7tNRyejzcwpsVHbKzq+6PkjEre8h0M1YYpcjYzqBMeb/+/nDN7J SYfTe7/tQBhRgzfhkw9p77n++oE26Wv3xoGG0xba4fLXMuMITNJSTPYsrSfaaPIx1zzk yQweyCdd3b/yvHF7unos0BIRJ5gnEhZ2J6qyDR4+zBf3srhBDpOygQJyWt/AnV1/26jg 5+ANx2AXYtOOXvl5GBXejGKQ0p40y7A+iogoETfpaBO956AIsymYDCRooBIGcIa7zFV6 Jajw==
X-Gm-Message-State: AOAM531+slY28jI+dKwLWVqRdTt6BfGUot4hZQVx2X//DhUVKkA5O8mo mivXyieX7JdwTI+ZyHLxDDM=
X-Google-Smtp-Source: ABdhPJwnI0ZLCwrQALRyYIMTvZvCEh2u4zZiHVPl9+Qro6ZOZ9qOjqKZGdusu42+Pb5UaXOjParXHA==
X-Received: by 2002:a1c:5f09:: with SMTP id t9mr17274110wmb.42.1623072993265; Mon, 07 Jun 2021 06:36:33 -0700 (PDT)
Received: from [192.168.1.3] ([87.72.40.193]) by smtp.gmail.com with ESMTPSA id r4sm16092086wre.84.2021.06.07.06.36.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jun 2021 06:36:32 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: A question about user tracking with QUIC
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <20210607130422.GA27971@sources.org>
Date: Mon, 07 Jun 2021 15:36:31 +0200
Cc: Lucas Pardue <lucaspardue.24.7@gmail.com>, IETF QUIC WG <quic@ietf.org>, Robin MARX <robin.marx=40uhasselt.be@dmarc.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EE723B6D-7B6B-4B68-A4A1-F1809CF68F1B@gmail.com>
References: <20210607123854.GA16312@nic.fr> <CAC7UV9bkqOeCgDsCH+Hdq0v=zmRKNNDtpfiq6Ap_vzm5zUzGVg@mail.gmail.com> <CALGR9oZiUe5TyY3Tv432__GH=v+Lpv2EZah0G4ZD+g3E2FkaMg@mail.gmail.com> <20210607130422.GA27971@sources.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/dBkGtgeqS-xAfcS6uTqIk1qJ6U4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 13:36:41 -0000

User tracking has been discussed a lot during the development of the QUIC protocol. That is not say the discussion is no longer relevant, but it has not been ignored.

For servers, it is necessary to track users across migrations, because you need to maintain connection state and to maintain the IP address of where to send data. One could add meta-criteria outside the protocol such as the QUIC application must not extract IP data or other user identifiable data from the stack, but that is not enforceable within the protocol, and it is also not always desirable. For example when having to whitelist users.

On the other hand it is important to not allow servers to track users across different connections. This is complicated because of 0-RTT state being maintained. I think perhaps more work could be done in this area for future versions. On the other hand there is wording in the protocol to prevent external observers from linking different connections to the same user, although it may still be possible through traffic analysis which is also mentioned as a limitation, if I remember correctly.

Mikkel


> On 7 Jun 2021, at 15.04, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> 
> On Mon, Jun 07, 2021 at 01:52:19PM +0100,
> Lucas Pardue <lucaspardue.24.7@gmail.com> wrote 
> a message of 43 lines which said:
> 
>> As Robin says, to survive such client IP changes would require QUIC
>> connection migration. RFC 9000 Section 9.5 [1] deals with the privacy
>> implications of migration.
> 
> This section is completely silent about tracking BY THE SERVER. It
> only considers a passive observer, which is not the only threat.
>