IETF Logo Mail Archive

Re: Structuring the BKK spin bit discussion

Roland Zink <roland@zinks.de> Thu, 01 November 2018 10:39 UTC

Return-Path: <roland@zinks.de>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCCB124C04 for <quic@ietfa.amsl.com>; Thu, 1 Nov 2018 03:39:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zinks.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKc2YRfz_pTN for <quic@ietfa.amsl.com>; Thu, 1 Nov 2018 03:39:44 -0700 (PDT)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EF25127B92 for <quic@ietf.org>; Thu, 1 Nov 2018 03:39:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1541068782; s=strato-dkim-0002; d=zinks.de; h=In-Reply-To:Date:Message-ID:From:References:To:Subject: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=jcXDPyTJV/ha2Pe6G9MCQ78IF69JD8s8vP/IOU1vKgo=; b=SSGq/s29n6Ddn/Es8+ybPriEjuxQwQLsSqMhtPotqqYZw0NUOChwL19Zb2FiqbY0RK AmESZKFp071jyVZ3XwuvQ+ewMdoGtsrYOgdJTSpc0WyXKtKs7Zn5d3q4o5a8XGCUiGSB 2IQ7S4erANdQGxT+DWuq1m1eASY+EdEsRNejQs7xElyGCWOOqys9+GKsgvJlnKtsuph1 xrzlJxnnf+c4V6vCWgEBe4ku/BCNJsfxYqNR5hPqSBvGKz2Ae+rZRSj+W+7i3/CaSXyV nHT1GtSVX5NgrPrjgRCfmpKuYdNpeNEw1cxILy4ejXYlOozkxuC4JV9S57Nvvd4GN116 uqmQ==
X-RZG-AUTH: ":PmMIdE6sW+WWP9q/oR3Lt+I+9LAZzXrcq8knhvfmBiJzkmKn1YaZ2OgvlDQJHaSxcis="
X-RZG-CLASS-ID: mo00
Received: from [10.10.10.105] by smtp.strato.de (RZmta 44.3 DYNA|AUTH) with ESMTPSA id R07dc3uA1Adg68P (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate) for <quic@ietf.org>; Thu, 1 Nov 2018 11:39:42 +0100 (CET)
Subject: Re: Structuring the BKK spin bit discussion
To: quic@ietf.org
References: <18A2F994-0E82-48E4-875D-93C674483D49@eggert.org> <20181029160802.GD7258@ubuntu-dmitri> <8268B90E-F109-424C-91A8-DB7BFE208F53@huitema.net> <CANatvzxt-QBmeJUwp+MjtbpYXstPiEigDzQe0KfWJN+q0XR4Kg@mail.gmail.com> <HE1PR0701MB23938B01BC31888DAC3629B8E2CD0@HE1PR0701MB2393.eurprd07.prod.outlook.com> <D8BB0373-FDEB-4312-94E6-BBA304D595BE@trammell.ch> <DM5PR2101MB10464C5346F73F83CAC25BD1B6CD0@DM5PR2101MB1046.namprd21.prod.outlook.com> <1F53D383-37C1-430B-8CC4-416CD5749A2D@trammell.ch> <c7c51c5a-8f4a-c802-4c73-339288a3650d@huitema.net>
From: Roland Zink <roland@zinks.de>
Message-ID: <585fb86a-ed2e-c090-4872-9fd7bbb40a78@zinks.de>
Date: Thu, 01 Nov 2018 11:39:44 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <c7c51c5a-8f4a-c802-4c73-339288a3650d@huitema.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/dLF1zLK94xW8uX5xviIJFBbS4qI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 10:39:47 -0000

Am 31.10.2018 um 19:04 schrieb Christian Huitema:
> On 10/31/2018 10:16 AM, Brian Trammell (IETF) wrote:
>
>> In the case that...
>>
>> - ...an end-to-end connection actually terminates at a location different than the apparent location in the endpoint IP address, because the endpoint IP address is a VPN tunnel endpoint
>> - ...the "hidden" endpoint is very far (> ~3000-5000km) from the apparent location
>> - ...that VPN tunnel exists solely to make the end-to-end association appear to originate from at or near the VPN tunnel endpoint (e.g., anti-geofencing)
> The actual scenario relates to UDP/QUIC proxies, and how they would
> compare to TCP/TLS proxies.
>
> Today, I can build a TCP/TLS proxy that accepts connections at port 443,
> examines the (possibly encrypted) SNI in the client Hello, establishes a
> TCP connection to the hidden destination, and relays TLS packets between
> the 2 connections. TCP is hop by hop, TLS is end to end, examining TCP
> sequence numbers and ACKs does not reveal the hidden leg of the service.
>
> Suppose that I build a QUIC proxy that accepts UDP packets at port 4433,
> and then does pretty much the same job as load balancer: look for the
> (possibly encrypted) SNI inside the client hello for initial packets;
> look for the destination connection ID in other packets; forward the UDP
> packets to the hidden server based on that, and vice versa in the other
> direction. This is sort of equivalent to the TCP/TLS proxy scenario: UDP
> is hop by hop; QUIC and TLS is end to end. The QUIC messages are
> encrypted and don't reveal much, but the spin bit will reveal the
> end-to-end RTT.

I guess this shows that some privacy is lost with the spin bit enabled. 
When writing a proxy you may put some more effort and provide a TOR like 
proxy where the outer QUIC connection is only to the proxy and a inner 
QUIC connection is end to end.

Roland

> Of course, examining the content and timing of packets might in both
> cases reveal the end-to-end RTT, but layering makes a difference. The
> application may be able to implement end-to-end measures to counter the
> analysis of end-to-end traffic, but the application cannot easily
> influence the spin bit.
>
> -- Christian Huitema
>
>
>

v2.23.0 | Report a Bug | By Email