IETF Logo Mail Archive

Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))

Kazuho Oku <kazuhooku@gmail.com> Fri, 06 April 2018 16:11 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492AC1204DA for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 09:11:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vh3a-4lI1uP4 for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 09:11:00 -0700 (PDT)
Received: from mail-pl0-x22a.google.com (mail-pl0-x22a.google.com [IPv6:2607:f8b0:400e:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03891126BF7 for <quic@ietf.org>; Fri, 6 Apr 2018 09:11:00 -0700 (PDT)
Received: by mail-pl0-x22a.google.com with SMTP id 91-v6so911722pld.3 for <quic@ietf.org>; Fri, 06 Apr 2018 09:10:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=7ozfEsnmO0I1sHGeuruGo1Txd1paEOT7w8hLhaFevqo=; b=RPcHF3nudSQoubIB7eL39LEl3a+aqVgR/qwWugGqxP0jETFuvEbKk2RoRcVkfsGZcR PmSfqhVGH+RGSLvWzP1RQMXV16S1raolzJVmStMsJRM7C8q3iwd9YVTfHimBpk1D/KUx +KTrzB7jADudldlXIN8SQJyC+/FNnlsLiubx+MYoh3SkmcWg0YR5/4DcmBTSgGOh4IIs /CQP6KHAXeq7g26h5RD+Z8HJZZ3DMc3jKN7jA8jvjyn2XJ5MWSgpzBGlU4vsVEbwCIIf 7ewXvvkdYTjHFLxPjgCbGtLB5CZLs0rQ29wIIiC9tbDcWLRlridOZtNUA3cyxmLjeSHC 3duw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7ozfEsnmO0I1sHGeuruGo1Txd1paEOT7w8hLhaFevqo=; b=eI2leIdfQ06Tz9lLrhA4FwcpPYNOZ01rHo0Fs5gj9sCc9TeWik6mrxS5cxjRkqzFMc wM91YyOIV71JknKwnF+YZh8UDo5jEMGuMX8qC2kG3isaQtMr17U2PMQ+v2mgpMSTQHQc 7LpXi/QyefEDLH7evHQ9Po8l6hQONYvVfVxdzXxj/9Fll5fswv97vRlkK7wkp+YmOTr2 RRbHuXAcqKO/PhVXwE//jaSVszyiRSHwiyxG7B2ZhWurUx8AymCKnqXPJCmHWY1zyWT3 /dfJS6ftjy+hjJxPpX7Wj8EgJvL5wSn20led7QsG+rptkYj0AFX+Q00w0SV7UlluqxIy 22hA==
X-Gm-Message-State: AElRT7HePh+TFgOGPT9Wy1DzNKBS5kH2E074UesLHfXZqF0m9dcZvlll KfMTJhJ/GJ7TbvnYkxm9DYoCM7+lFxxpwraF3amgOUtN
X-Google-Smtp-Source: AIpwx4/EMGzLD/EqsmlW04JJAAAmyPIfZWMCy7krbQwIKAbv9cirMc5o7NHPJyltiPPOGiPec0yrrKemma0IDsPXBDs=
X-Received: by 2002:a17:902:bd91:: with SMTP id q17-v6mr26109251pls.330.1523031059230; Fri, 06 Apr 2018 09:10:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.130 with HTTP; Fri, 6 Apr 2018 09:10:58 -0700 (PDT)
In-Reply-To: <8AAF21B8-5008-46EE-ACE1-FA2588DE9D20@trammell.ch>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com> <FFEC6258-4B0F-473F-BAF6-28C655EE6DAF@trammell.ch> <CANatvzx7GbtRo1W8mPQEt9kzcq2qYxBOJEyrhe+HYUG_xUEa2A@mail.gmail.com> <8AAF21B8-5008-46EE-ACE1-FA2588DE9D20@trammell.ch>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Sat, 07 Apr 2018 01:10:58 +0900
Message-ID: <CANatvzyaVQCO44h+6nmsJN9WcHqi7MD1-wFKP=047mSpga5NJw@mail.gmail.com>
Subject: Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Christian Huitema <huitema@huitema.net>, QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Frederick Kautz <fkautz@alumni.cmu.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/huQvBvQLKY7cAZ0wdZ_haBG87uE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 16:11:02 -0000

2018-04-06 21:39 GMT+09:00 Brian Trammell (IETF) <ietf@trammell.ch>:
> hi Kazuho,
>
> Thanks for your message, comments inline, omitting some history for clarity...
>
>> On 6 Apr 2018, at 12:10, Kazuho Oku <kazuhooku@gmail.com> wrote:
>>
>> Hi Brian,
>>
>> My comments inline.
>>
>> 2018-04-06 18:38 GMT+09:00 Brian Trammell (IETF) <ietf@trammell.ch>:
>>>
>>>
>>> However, I would submit that if we think we are in a position where:
>>>
>>> - there is a strong incentive for firewalls/NATs to want to see start- (and end-) of flow (which seems to me to be the threat model we're trying to mitigate with this); and
>>>
>>> - we do not want arbitrary information in the QUIC wire image to be used to detect these conditions, since that might cause bits of the wire image we don't want to end up in the accidental invariants;
>>>
>>> then we really should consider adding explicit advisory flow state signals, both for establishment and teardown. The theory here is that if you give in-network functions a "grip" in the wire image of the protocol they can use for state management, they won't try to grab on to the slippery bits. Together with probabilistic migration, these signals would divorce "on-path state" from "transport session state", reducing the privacy impact with respect to SYN/FIN in TCP.
>>
>> I think that this is a very interesting question asking what the
>> requirements of QUIC as a protocol is. Thank you for bringing the
>> topic to table.
>>
>> My argument against having an explicit signal for flow creation is
>> that it is impossible to have such signal in a reliable way, and that
>> trying to have no signal is better than having an unreliable signal.
>
> I should say I'm not all that convinced that an advisory "flow start" signal is a good idea(*) -- I'm just saying that we seem to be trying very hard to keep a de facto advisory flow start signal from forming (which I would agree would be extremely undesirable indeed)... and we should step back and think about what properties flow start and end should have in QUIC, explicitly, as a function of requirements as opposed to philosophy.

Thank you for the clarification.

>> Let me explain why I think we cannot have a reliable signal.
>
> <snip> All this makes very good sense and I agree with it: the signal cannot possibly be reliable in the general case.
>
>> For flow closure, I think saving the battery by not sending a FIN
>> packet after quiescence is more important than sending good signal to
>> middleboxes
>
> This is a hard problem, and it cuts both ways; if a server wants to maintain the ability to connect a client after more than the standard UDP NAT timeout (30s), it needs to send keepalives more often than once every 30s (thereby waking the client if it's on battery). Which side of this coin wastes more power is difficult to determine, since it's entirely dependent on the prevalence of each kind of activity in a given network. We can make plausible guesses both in favor of "get rid of FIN, it wastes endpoint power" or "we really need FIN to keep from wasting endpoint power".

The case of server reviving the connection is interesting.

If we are to have some signal, I think that should be "path-visible
indication of consent to continue communicating" as you describe,
specifically, as a signal that can be set on every packet for which,
at the moment of sending, the endpoint is sure that the server will
not send any more packets unless it receives a new packet from the
client.

A NAT aware of the signal can drop an idle UDP flow on which the last
packet had that flag set, after couple of round-trips, thereby giving
other flows a longer idle timeout.

The benefit of defining the signal this way is that there would be no
need to send FIN after quiescence to shut down the hole.

That said, I would prefer not discussing this as a feature of QUICv1
for several reasons: i) this can be implemented in v2 ii) having such
signal is not going give us benefit in the short-term, so no need to
hurry iii) many of us are interested in shipping v1 as early as
possible iv) HTTP (which is the application protocol in focus for v1)
is not going to suffer a lot from the server-revives-connection
problem since HTTP is a request-response protocol.

>
> So I'm more convinced of the value of advisory-end than advisory-start.
>
>>> (The alternative is to make the wire image so inscrutable that on-path state tracking becomes completely futile and goes away. I'm not sure we're that good at inscrutable wire images.)
>>
>> I would rather argue that the goal of the alternative approach is to
>> make the intentional flow creation not easily distinguishable to the
>> extent that the middlebox vendors will refer to the RFC. Then, they
>> can decide either to not limit QUIC flows starting from a 1-RTT
>> packet, or to drop QUIC completely. And the issue is solved.
>
>
> Let me try to rephrase this in wildly different terminology: "we can't come up with a grip that we think will wotk, so we should make flow start as slippery as possible"; or rather, a middlebox that thinks it's seeing QUIC should make its drop decision based on "this is QUIC" and not anything based on the state of the connection. That definitely has desirable properties with respect to future flexibility -- the start and end signaling would end up in the invariants rather quickly whether intentional or not. And ISTM that the probabilistic migration behavior would help to achieve it.
>
> Cheers,
>
> Brian
>
>
> (*): "Advisory flow start" is somewhat different than "path-visible proof of return routability" and "path-visible indication of consent to continue communicating". The latter, IMO, has more value as part of a design to support in-network rejection of UDP garbage. But it's a more complex signal, since it involves revealing things that are hard to fake at flow establishment time, and is of course subject to the philosophical question of whether that's a good idea.
>



-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email