IETF Logo Mail Archive

RE: Packet number encryption

Praveen Balasubramanian <pravb@microsoft.com> Wed, 07 February 2018 17:44 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319F712D833 for <quic@ietfa.amsl.com>; Wed, 7 Feb 2018 09:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jerI1nLam23 for <quic@ietfa.amsl.com>; Wed, 7 Feb 2018 09:43:58 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0122.outbound.protection.outlook.com [104.47.36.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C64D12D7E9 for <quic@ietf.org>; Wed, 7 Feb 2018 09:43:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Yjmlnmt9upmBS4cwOWx/RtA9PtLWLFxwT54G1TR+FLQ=; b=Yk1nzDM6U8bLuXiRseew0kwpzEqenkoZcrmkdUX+/4fe/uJIFBeAGCkJ8U1OIqJxtF3grvdYpkRTY5CZvH6r9TzhibuyuY7/GlPUHY10e9a8nm7sd/yfj8rQy2+dyex2AANG4Tb8BGtWdi/Np5uPYymfMLyQhj3ebw3M8yr2gI4=
Received: from CY4PR21MB0133.namprd21.prod.outlook.com (10.173.189.15) by CY4PR21MB0630.namprd21.prod.outlook.com (10.175.115.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.3; Wed, 7 Feb 2018 17:43:56 +0000
Received: from CY4PR21MB0133.namprd21.prod.outlook.com ([10.173.189.15]) by CY4PR21MB0133.namprd21.prod.outlook.com ([10.173.189.15]) with mapi id 15.20.0485.000; Wed, 7 Feb 2018 17:43:56 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Marten Seemann <martenseemann@gmail.com>, huitema <huitema@huitema.net>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: RE: Packet number encryption
Thread-Topic: Packet number encryption
Thread-Index: AQHTmW31V+0GAWpR/E2VqOCVLx9SYqOMgUQAgABeoYCAAAgUAIAAd3KAgAA8YgCAACPEAIAAAiYAgAOBloCAALfdgIAACBkAgAEGGACAANx9AIAAn5KAgAB7w4CAADUigIAADBeAgADUsaCAAGk3gIAAEEgAgACizACAADhiAIAAHkiAgAADUYCAACdFAIAAVRYAgAAUZQCAAA5oAIAAD4fQgABGjACAAAGHQIAACNQAgAAAqaCAAAeBgIAAC4qAgACi02A=
Date: Wed, 07 Feb 2018 17:43:56 +0000
Message-ID: <CY4PR21MB0133A1117B2733BBCF049C5FB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <2102BDC2-62C0-4A76-8ADE-8167437E2D07@trammell.ch> <CAN1APde6o6=aCXuWajPFSU=jXv-ERdVHk=uyjM71uQ_uU-oMTg@mail.gmail.com> <8e833029-68b5-2787-3897-a0f7818a259f@tik.ee.ethz.ch> <1de39727-eeec-0e7a-1e8b-5ed50433c5bd@cs.tcd.ie> <MWHPR08MB2432D0216BC8FE1B0D9E3690DAFD0@MWHPR08MB2432.namprd08.prod.outlook.com> <CAGD1bZauKbucs_5n7RQbK8H2HiyfiqpGVEcKreGA6umhMBSFgg@mail.gmail.com> <CABcZeBPNrc-9vANSH02r++p53s6gN4pVB8DMd80nUxOhKTp3dA@mail.gmail.com> <CAKcm_gMvHSBhpUvsQCCkV2_o+d_wchF3R3L6H8mp6nKNaaRmSw@mail.gmail.com> <CY4PR21MB0133CCAA6807469BA983D00BB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <CABkgnnW4xr_YzpsvCxaJJgcQdBTuX=Yv735_sdd4VoMfji8mbA@mail.gmail.com> <CY4PR21MB0133C759D4A08A4988B641B2B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <bdf88936-8edc-d56e-ee59-c9d597058edd@huitema.net> <CY4PR21MB01337C8A700E58B49D90B712B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <119b3276-5799-1cc3-8982-7479171bbf27@huitema.net> <CAOYVs2pi8-NVuS+crNMfjsP-n5upK3=5tPeQ8OSGpOvL6RTrjA@mail.gmail.com>
In-Reply-To: <CAOYVs2pi8-NVuS+crNMfjsP-n5upK3=5tPeQ8OSGpOvL6RTrjA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:5::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0630; 7:9XZ23WsIj3D9zuLeHR5nRKIwq0KnmGEr+SQETRD0XhBiheVD1TPcI9jte2beOabbQXRFEQ60Df5MeftXN7lR1/QvzZqZH0xycP0S/bdS8uUB3h8Rw//b80rKzMLtrIg4hvoxDwsOnPVC3Qmuu9BKysG/9ZEd1CMoFJELPlzmLcSRGSaNfP+2j4Zrg03opvbOlaEQLn6hp/xDu6F6kIA5QCb9O09zZdjtDJQFQ6fHjcHi3GLxqbkGx/XsZlpgeZXd
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f23f79e6-1006-4c91-56c2-08d56e525cdd
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:CY4PR21MB0630;
x-ms-traffictypediagnostic: CY4PR21MB0630:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <CY4PR21MB0630A347B3154BF17C9F49E5B6FC0@CY4PR21MB0630.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(85827821059158)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231101)(2400082)(944501161)(3002001)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR21MB0630; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0630;
x-forefront-prvs: 0576145E86
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39380400002)(366004)(39860400002)(396003)(189003)(199004)(77096007)(6246003)(53936002)(99286004)(186003)(6346003)(790700001)(6116002)(39060400002)(7116003)(76176011)(59450400001)(229853002)(7696005)(10290500003)(5660300001)(8676002)(236005)(86362001)(8936002)(81156014)(81166006)(9686003)(3480700004)(86612001)(74316002)(8990500004)(316002)(110136005)(106356001)(10090500001)(478600001)(4326008)(2906002)(6436002)(7736002)(54896002)(6306002)(3660700001)(25786009)(3280700002)(55016002)(97736004)(68736007)(561944003)(53546011)(6506007)(22452003)(102836004)(33656002)(105586002)(93886005)(2900100001)(2950100002)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0630; H:CY4PR21MB0133.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-message-info: /8Aj629W9eqLsZFcdz0mUgz/gzBq8358LB8quEzM5MuTCvvVYY1DNTLipb+K+zo3zr4ysrw9En20SaF8WRz8zQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0133A1117B2733BBCF049C5FB6FC0CY4PR21MB0133namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f23f79e6-1006-4c91-56c2-08d56e525cdd
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2018 17:43:56.6075 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0630
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/gOpXrmzhMXW5YH0sxx9n7UQYw3k>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 17:44:01 -0000

Couple of things to add:

1. Connection migration is an optional portion of the transport and not mandatory. It does not seem to be incrementally deployable with today's unmodified load balancers. Many devices may also be single homed and not have multiple active network interfaces. I also think the app and system settings will have to opt-in to it (to prevent aggressive usage of metered cellular data). If this is the case, cross-path linkability will be of limited concern for many QUIC connections. There is also the fact that perfect unlinkability seems to be hard against a motivated adversary.

2. If middlebox ossification is a big concern, we mainly need obfuscation and not encryption. Another option for example would be an XOR transform with some variable field in the encrypted portion of the packet (as an example sequence number of the first stream frame if it is present or some random pad bytes when its not present). I hope we can be creative here to reduce computation cost.


From: Marten Seemann [mailto:martenseemann@gmail.com]
Sent: Wednesday, February 7, 2018 12:01 AM
To: huitema <huitema@huitema.net>
Cc: Praveen Balasubramanian <pravb@microsoft.com>; quic@ietf.org
Subject: Re: Packet number encryption


On Wed, Feb 7, 2018 at 3:20 PM Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote:



On 2/6/2018 8:55 PM, Praveen Balasubramanian wrote:

First, the proposal does not obscure the position of the packet number field in the header. The field contains a number that increments with every packet, and is thus easy to identify. This means that middle-boxes will get accustomed to seeing that field and tracking its increments.

Hence, this simple obfuscation provides no protection against ossification of the packet number field.



Well it seems like it is a requirement (see bullet 3 in Jana's list) to allow middleboxes to see sequencing information. By picking the initial random value middleboxes cannot assume any particular value. If packet number location and size is not part of invariants then it cannot be ossified, middleboxes will need to be resilient.

This is why I would rather see the exposed bits copied at a fixed location, while the PN itself cannot be located. That way, the exposed bits can ossify, but the actual PN does not.

We still need to be very careful here. If we decide to expose bits, we must make sure that a middlebox can only extract coarse-grained information, if we want to prevent middleboxes from buffering and delaying packets in order to fix / reduce reordering.
At this point however, I'm not convinced that exposing any reordering information to the network should be a requirement at all. There's a real risk of misuse of this information, and of ossification of whatever bits we expose.

v2.23.0 | Report a Bug | By Email