IETF Logo Mail Archive

Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))

"Brian Trammell (IETF)" <ietf@trammell.ch> Fri, 06 April 2018 12:54 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64C7C126CC7 for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 05:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_MUTUALBENEFIT=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQo9pbWJ8jOo for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 05:54:33 -0700 (PDT)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F6EF1201FA for <quic@ietf.org>; Fri, 6 Apr 2018 05:54:33 -0700 (PDT)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 2AED734113E; Fri, 6 Apr 2018 14:54:32 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6597.6560); Fri, 6 Apr 2018 14:54:32 +0200 (CEST)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Fri, 6 Apr 2018 14:54:32 +0200 (CEST)
Received: from [145.14.214.39] (account ietf@trammell.ch HELO [10.11.33.5]) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 50864538; Fri, 06 Apr 2018 14:54:31 +0200
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Message-Id: <EA680436-F12F-45DE-BBBF-091D46DE2431@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_376CF9D4-0AA8-451E-A703-FBBBEEBB6FE0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))
Date: Fri, 06 Apr 2018 14:54:30 +0200
In-Reply-To: <CABkgnnVPUhp0f6-ZBV6CpZ8QJk_cwf7SWzOCtTD5FsNNvtnkjw@mail.gmail.com>
Cc: Christian Huitema <huitema@huitema.net>, QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Frederick Kautz <fkautz@alumni.cmu.edu>, Kazuho Oku <kazuhooku@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com> <FFEC6258-4B0F-473F-BAF6-28C655EE6DAF@trammell.ch> <CABkgnnVPUhp0f6-ZBV6CpZ8QJk_cwf7SWzOCtTD5FsNNvtnkjw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/i7yB7FRh34oV6tCK9Q512qcoh0k>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 12:54:35 -0000

hi Martin,

> On 6 Apr 2018, at 12:55, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> I don't know how to game this one out.
> 
> If we're looking for mutual benefit, the best I can come up with is
> that the middlebox knows about flow up/down, so it can extend timeouts
> for most flows and endpoints thereby enjoy better chance of flow
> liveness after longer periods of quiescence.  That would be something
> like with TCP where you can expect timeouts to be in the order of
> minutes or tens of minutes (30 minutes if you pick the right port
> number) and not merely tens of seconds.

Flow down in this case is way more useful than flow up.

> The problem here is that you need enough of the middlebox population
> to extend timeouts in the common case.  Tuning to specific networks is
> difficult and time-consuming.  So endpoints would deploy this "grip"
> without any expectation of reciprocation for potentially a very long
> time.  That's in the order of the end-of-life cycle for home routers,
> or an entire Internet era.

We, as a community, are currently managing transitions that have taken that long. Insert your favorite IPv6 joke here, of course, but ECN comes to mind as well.

> In the meantime, endpoints have to assume flow liveness based on the
> Internet of today.  30s is the benchmark now, despite the wishful
> "requirement" for 2 minutes in RFC 4787.

"Flow liveness" is a path property, not a global one, a function of the minimum timeout of all connection-breaking state along the path. I suspect that endpoint pairs in a world ruled by UDP state timeout will end up widely deploy simple probing algorithms to discover it whether or not there's a simple way to signal that state can be disposed of early.

This is really a separate issue, though -- the question about state disposal is disjoiny from how to keep flow start signaling from ossifying into an unintentional magic packet sequence you have to show the network. It makes sense to think about the "grippiness" of the protocol in terms of the eventual endpoint as well as management reqt's though.

> Thus we end up with the tension between the documented wire image that
> says that there is a "done" signal, and the actual wire image, which
> has activity every 30 seconds.  Add genuine cases of migration,
> crashes, stateless resets, and the other reasons that the "done"
> signal doesn't appear and the timer has to come down.
> 
> There might be benefits if everything comes together, but it's a long
> game to play.

I've been having some variant of this particular conversation for (checks watch) about four years now. ;)

Cheers,

Brian

v2.23.0 | Report a Bug | By Email