IETF Logo Mail Archive

Re: Getting to consensus on packet number encryption

Christian Huitema <huitema@huitema.net> Thu, 05 April 2018 00:44 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDCB1241F3 for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 17:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGTJXDnmN8cx for <quic@ietfa.amsl.com>; Wed, 4 Apr 2018 17:44:37 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CA131201F2 for <quic@ietf.org>; Wed, 4 Apr 2018 17:44:36 -0700 (PDT)
Received: from xsmtp12.mail2web.com ([168.144.250.177]) by mx61.antispamcloud.com with esmtps (TLSv1.2:AES128-SHA:128) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1f3t10-0002zT-Gk for quic@ietf.org; Thu, 05 Apr 2018 02:44:35 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <huitema@huitema.net>) id 1f3t0x-0002o4-W4 for quic@ietf.org; Wed, 04 Apr 2018 20:44:32 -0400
Received: (qmail 25598 invoked from network); 5 Apr 2018 00:44:28 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.61]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 5 Apr 2018 00:44:28 -0000
To: quic@ietf.org
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Message-ID: <047d2ff0-ff8b-64c9-8983-0ecabeb9fea5@huitema.net>
Date: Wed, 04 Apr 2018 17:44:26 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------60E5D3046C8B501C3D9E6328"
Content-Language: en-US
Subject: Re: Getting to consensus on packet number encryption
X-Originating-IP: 168.144.250.177
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.21)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5uGfiTwkXa4orbxipGVkwn9602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiViwi0e2F4hhkxRCMAyBDRWts7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBo86SAdJ6bLtg5NStMc8F1x/TBCf6oYXAWGet lavcAjD9ytQxIHf9lN5jjLJaPK8lRJSPf/SXbEnDSsal/zZzc4n9VZdr7RAFD5mRwooUYhwMPaBP aKeQW+/QlaOdv8isl/qMm08Zpim2AHUKEWvQ6G/bWfgucjnNmABpGhD9TTttrFCuZ0NkwnSz2Luu o1u9uevuNfM1HjkNEFwape+IgNezYqxGMqsKjARq8PBC4qjpVMhqNcdjhoIlgrKzBvjTmdySlZou 9qHIGOZDEEo7Oyc1nq0gsY582CWqKjiRB3ukywmZtiDkyd4mEBjJGGEJgawbllbHk+xyUKopM6rc KCaQX/lIXcRWtobViGg9fpUMghVcCxYGhncxAP/ZLBkEYa+a8mnXc/MAfIKlnj6Ntq8Av81//VeS B2jeNYjPTHuU2yw6z85L3UyCdO+oQ3S7VPd90DA1c/ZLOZZo7XGPVfWv8HL1YL3Zn8TE/e4IMjT6 4dZYZAAUgQSn0n4YsmwRv0RwnfgFPg0ja1g9il7QHeggKW28pboyZCmKkHUYXak3tdFgdrO8406e 9bSAHUYdj1WvR1o7bHgReqnxkLzf+HtB4/4Pbrz2QtFuyl+Sh6fpQ3qZejKJfUGfjTTOjHFDfqb5 R4VemuUI6bcEARsm0FlT7Jswx8bNhhAZMlhFDwKNZy58uobCIkCdwVDO83SGTnM2K/9iKCD9v589 nVS3hWSdEOMftBjsWb6BDQzjSsHUIomTnJwT4ky6b7E7Hukt2Ge4B8NG0VKlrY+34Zmj+F/tjlrZ UvGhhjiSam0tWhQxL7hrJSk60SF3F6RYOYr2
X-Report-Abuse-To: spam@quarantine6.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/hMkgHEGiI4mE4vjH2lc5qtjA1ds>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 00:44:40 -0000

If we are in the business of repeating our positions, so be it. I am
pretty much on the same line as Patrick and others:

1) Privacy is not optional. And yes, removing "linkability through PN"
is important, because when the connection ID and the source address also
change, the only other cue for linkability is timing. Timing can be
addressed by having overlapping connections.

2) Packet number encryption is the simplest of the many options
presented so far. It is in particular much simpler to implement than the
"predictable offset" scheme presented in previous drafts.

3) I am happy to discuss alternatives that appear simpler to implement
in hardware, but so far the only plausible alternative is to insert an
extra nonce in the packet header. Given birthday paradoxes and all that,
this probably requires 8 extra bytes of overhead per packet, which is
not very attractive.

-- Christian Huitema


On 4/4/2018 4:42 PM, Praveen Balasubramanian wrote:
>
> What is the privacy issue if you are not doing migration? Migration +
> PNE (or multiple PN spaces) should go hand in hand.
>
>  
>
> *From:* QUIC [mailto:quic-bounces@ietf.org] *On Behalf Of *Mikkel
> Fahnøe Jørgensen
> *Sent:* Wednesday, April 4, 2018 4:40 PM
> *To:* Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>;
> Ian Swett <ianswett=40google.com@dmarc.ietf.org>; Mark Nottingham
> <mnot@mnot.net>
> *Cc:* Lars Eggert <lars@eggert.org>; IETF QUIC WG <quic@ietf.org>;
> Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
> *Subject:* RE: Getting to consensus on packet number encryption
>
>  
>
> Without pro / con anything:
>
>  
>
> Optional privacy does not work. In part it cannot be retrofitted when
> the need arise, in part it can be incriminating to enable.
>
>  
>
> On 5 April 2018 at 01.22.38, Praveen Balasubramanian
> (pravb=40microsoft.com@dmarc.ietf.org
> <mailto:pravb=40microsoft.com@dmarc.ietf.org>) wrote:
>
>     Make PNE (and hence connection migration) an optional negotiated
>     extension in V1 
>

v2.23.0 | Report a Bug | By Email