IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-kazuho-quic-address-bound-token-00.txt

Christian Huitema <huitema@huitema.net> Thu, 04 April 2019 06:47 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 764EC1203A5 for <quic@ietfa.amsl.com>; Wed, 3 Apr 2019 23:47:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3555xkQzvDLN for <quic@ietfa.amsl.com>; Wed, 3 Apr 2019 23:47:51 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 237B4120350 for <quic@ietf.org>; Wed, 3 Apr 2019 23:47:51 -0700 (PDT)
Received: from xsmtp03.mail2web.com ([168.144.250.223]) by mx120.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1hBwA3-000Awx-I5 for quic@ietf.org; Thu, 04 Apr 2019 08:47:47 +0200
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1hBw9w-0001sA-G9 for quic@ietf.org; Thu, 04 Apr 2019 02:47:40 -0400
Received: (qmail 20404 invoked from network); 4 Apr 2019 06:47:35 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.204]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 4 Apr 2019 06:47:35 -0000
To: quic@ietf.org
References: <155435502215.22668.17009854749523198767.idtracker@ietfa.amsl.com> <CANatvzz+AUc=j+36yNq78Eu6vTjs1_OThCY2O=ivJLyZRe+3Og@mail.gmail.com> <CAN1APdf-vH2B-1OSX-ndrK=JM3vQet0Sf2tqeMMyrDKxtZyofg@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <7a20865a-b368-80eb-378d-1744c9577117@huitema.net>
Date: Wed, 03 Apr 2019 23:47:34 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAN1APdf-vH2B-1OSX-ndrK=JM3vQet0Sf2tqeMMyrDKxtZyofg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------942329243C51A49BA1114D80"
Content-Language: en-US
Subject: Re: Fwd: New Version Notification for draft-kazuho-quic-address-bound-token-00.txt
X-Originating-IP: 168.144.250.223
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5ivNkfDBxHaPUY6T83xL7gV602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiVir61OAGdjmkrJVl9R6767mc7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pB1RPScEHpAUegZl9l9jeRl05EpHPznVavQp4h 1cyzxbQFXqQgkkYk8mNUb0+uxPxhwZ+JqwRq4dm7gx9VmMD3oQl+86MkQJ6nrl0gGH3bP6cMPaBP aKeQW+/QlaOdv8isl/qMm08Zpim2AHUKEWvQ6G/bWfgucjnNmABpGhD9TTttrFCuZ0NkwnSz2Luu o1u9uevuNfM1HjkNEFwape+IgNezYqxGMqsKjARq8PBC4qjMauXIUif1JzGdiG0o4ggCmdySlZou 9qHIGOZDEEo7Oyc1nq0gsY582CWqKjiRB3ukywmZtiDkyd4mEBjJGGEJE2d52fY0d/1mkgffWkdO 4QEiRQv+PVjjwa+Z5RFCOMT7wWCQ1bNVxVHMt1HKpEkC019jkkBafIM3k/pS+1FRKk6yZ5OEY7+D 4D8iYBKTDOhk354Leo8WHhg9Xcph2esmZk4AVtnYApSiFQp1w3dnUjMTi5Xt/sRoctxyu5EZ7wRl sQ6lNTZIrBtlLeoEHaVN0z6bhalFEM/pjPCQA+BAliU20wPuSTm+IJBmdo0FC1ZZYSpQQtCkh8qZ SV0LCxteVx8FVyk8wh2eovY663+x6ciV/i+cUz5az04Uqf+1ai4hu1/rdU1t/SWu+yxj6TsAzBpI RKEYj3P5LT70ZY4uKxlHEurUN5OnjeiFCqHX+Ta9UshveVgoiypAicYsWUtd8y9Ga5iCmdJFIvDE Jb+pKY4cvttr0tmBjeIn/Z/emtVQvYq5Gwe6V5p1dZXUJLl9UHdlPJIlgYKUOVb4Kg3Ivfi62j4u w/K+m8SGihSRsuS3byv3CjhKpQiDxiH2EAzS5xSvMev/h5X3p2+rThvFRg==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/foGUOXulR8mDYqoLz_yXg1ZU_cY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 06:47:55 -0000

I am reading the draft, and I think that the discussion of congestion
control should be removed. Senders have all latitude to coordinate
transmission control across multiple connections, including using some
form of multi-connection congestion control. I think the draft would be
easier to read if it concentrated on just one purpose, the linkage of
new tokens to server addresses instead of service identities.

We probably need a slightly larger security analysis. What if a service
part of a farm issued such a token without coordinating with the other
services that use the same address? Could that be a form of DOS?

-- Christian Huitema

On 4/3/2019 11:15 PM, Mikkel Fahnøe Jørgensen wrote:
> Nice work.
>
> Just a minor thing on priority in the appendix: what about IPv6
> priorities? That, and flow labels - are we starting to bypass much of
> the IPv6 design because it is not (yet?) sufficiently widely deployed?
> Or are there security implications, and if so, should QUIC consider
> authenticating parts of the IPv6 header?
>
> Also, on name based alternative:
> I’m wondering which non-HTTP/3 connections would really benefit as new
> designs can build in multi-purpose into the protocol whereas HTTP/3
> must follow HTTP semantics. You could argue about WebRTC/3 - but then
> - what should it co-locate with which has sufficient intelligence to
> share the congestion controller? You could argue share with HTTP/3,
> but that would probably not rule out a name based solution either.
> I’m not saying name based CG sharing is necessarily better, I’m just
> wondering.
>
> OTOH if name based sharing is used that could place some assumptions
> on a given load balancers tuple stickiness, if I understand correctly.
> That could be unfortunate. Or, if name sharing is only to target
> address validation of the client perhaps different server hosts could
> share that information successfully with a random or round robin load
> balancer?
>
> Mikkel
>
> On 4 April 2019 at 07.22.32, Kazuho Oku (kazuhooku@gmail.com
> <mailto:kazuhooku@gmail.com>) wrote:
>
>> Hi,
>>
>> I have (finally) submitted "Address-bound Token for QUIC" I-D, that
>> proposes a QUIC extension allowing tokens to be shared between
>> connections that go to the same server address, even when the value of
>> SNI is different. Having such tokens would maximize our chance of
>> skipping address validation and slow-start phase.
>>
>> The I-D and the repo can be found at the links below:
>>
>> I-D:
>> https://datatracker.ietf.org/doc/draft-kazuho-quic-address-bound-token/
>> Github repo:
>> https://github.com/kazuho/draft-kazuho-quic-address-bound-token
>>
>> Please let us know what you think.
>>
>> Rationale behind the proposal:
>>
>> The startup phase (a.k.a. slow-start) is one of the things that has
>> negative impact on user experience. QUIC, in addition to reducing the
>> connection establishment latency from TCP, provides the possibility of
>> a server skipping the startup phase when a client provides a valid
>> token.
>>
>> However, the probability of a server being able to skip the startup
>> phase relies on how frequent a user revisits a particular server,
>> identified by the value of the TLS SNI extension. To put another way,
>> there is a missed opportunity if a client is visiting a server
>> instance that it has previously visited with a different server name.
>>
>> Our proposal addresses exactly that. The proposed extension allows a
>> client to use a token for a different server name, if the server
>> address is the same. This maximizes the chance of the server skipping
>> address validation and the startup phase.
>>
>>
>> ---------- Forwarded message ---------
>> From: <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
>> Date: 2019年4月4日(木) 14:17
>> Subject: New Version Notification for
>> draft-kazuho-quic-address-bound-token-00.txt
>> To: Kazuho Oku <kazuhooku@gmail.com <mailto:kazuhooku@gmail.com>>
>>
>>
>>
>> A new version of I-D, draft-kazuho-quic-address-bound-token-00.txt
>> has been successfully submitted by Kazuho Oku and posted to the
>> IETF repository.
>>
>> Name: draft-kazuho-quic-address-bound-token
>> Revision: 00
>> Title: Address-bound Token for QUIC
>> Document date: 2019-04-04
>> Group: Individual Submission
>> Pages: 6
>> URL:
>> https://www.ietf.org/internet-drafts/draft-kazuho-quic-address-bound-token-00.txt
>>
>> Status:
>> https://datatracker.ietf.org/doc/draft-kazuho-quic-address-bound-token/
>> Htmlized:
>> https://tools.ietf.org/html/draft-kazuho-quic-address-bound-token-00
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-kazuho-quic-address-bound-token
>>
>>
>>
>> Abstract:
>> This document describes a QUIC extension for an address-bound token.
>> This token can be used for sharing address validation and congestion
>> controller state between the same two endpoints across multiple
>> connections and origins.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org
>> <http://tools.ietf.org>.
>>
>> The IETF Secretariat
>>
>>
>>
>> -- 
>> Kazuho Oku
>>

v2.23.0 | Report a Bug | By Email