comments on the spin bit, in lieu of the mic line

"Brian Trammell (IETF)" <ietf@trammell.ch> Tue, 06 November 2018 16:02 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4381C12426A for <quic@ietfa.amsl.com>; Tue, 6 Nov 2018 08:02:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umCgtHn5HM1J for <quic@ietfa.amsl.com>; Tue, 6 Nov 2018 08:02:42 -0800 (PST)
Received: from gozo.iway.ch (gozo.iway.ch [IPv6:2001:8e0:40:325::36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A68D1200D7 for <quic@ietf.org>; Tue, 6 Nov 2018 08:02:42 -0800 (PST)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 3AA333433FC for <quic@ietf.org>; Tue, 6 Nov 2018 17:02:40 +0100 (CET)
X-Iway-Path: 0
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/20439.21733); Tue, 6 Nov 2018 17:02:40 +0100 (CET)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS for <quic@ietf.org>; Tue, 6 Nov 2018 17:02:39 +0100 (CET)
Received: from [145.14.214.39] (account ietf@trammell.ch HELO [10.11.33.83]) by switchplus-mail.ch (CommuniGate Pro SMTP 6.2.9) with ESMTPSA id 72896796 for quic@ietf.org; Tue, 06 Nov 2018 17:02:39 +0100
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: comments on the spin bit, in lieu of the mic line
Message-Id: <31F20CF7-3B82-4856-B8AF-485117A10B7B@trammell.ch>
Date: Tue, 6 Nov 2018 17:02:39 +0100
To: IETF QUIC WG <quic@ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/jMPNSzy1cjWIzWFeyuu6oe1Cs1g>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 16:02:50 -0000

Greetings, all,

As I might not make it to tomorrow's discussion remotely, I wanted to go ahead and say a few things that I would say in the mic line. To the questions posed in the agenda:


- Yes, we should consider only the 1-bit variant. The VEC protects the fidelity of the signal very well (indeed, well beyond the bounds of network conditions the transport will tolerate), but (1) Marcus' work in particular has shown that even in challenging network conditions, relatively simple heuristics at the observers can compensate for not having it, so (2) at the cost of two extra bits the marginal value is low.

- Yes, the spin bit is clearly fit for purpose. I'll note we've done more research on this question than for any other single feature under consideration for inclusion in QUIC.

- I am not at this time responsible for any sizeable deployment, so I can't speak directly to the third question. While I hope we'll hear from more implementers during the discussion tomorrow that they intend to implement, IMO even just a deployment from Microsoft would be sufficient to generate enough spinning flows to make deployment of observers useful. 

- The spin bit should be included in the specification. It provides the continued ability to measure RTT passively in a future world where TCP traffic is increasingly replaced by QUIC traffic, at negligible complexity cost, essentially zero runtime overhead, with negligible privacy impact, and what negligible impact it may have on privacy in certain corner cases can be easily mitigated.

- As to requirement levels, I'd stick with my own recommendation from the earlier thread: client and server SHOULD implement, though server SHOULD is IMO marginally more important than client SHOULD.


Now some details (presuming, of course, that the discussion gets that far):

- In any case, both server and client SHOULD independently randomly disable spinning on some proportion of connections (1/8 to 1/16) to target a given proportion (1/4 to 1/8) of connections spinning, as in [section 4 of the author's copy of spin-exp](https://quicwg.org/base-drafts/draft-ietf-quic-spin-exp.html#rfc.section.4). This is to ensure that those endpoints that wish to opt out have a large anonymity set to hide in.

- If we want to maintain the principle of linkability reduction across CIDs, then this non-spinning-state should be independent for each CID. In contrast to what's in section 4 of spin-exp, non-spinning spin bits shouldn't be set to zero, rather to a random value on a per-CID basis. This is easily recognizable by an observer in all cases (client/server participate/nonparticipate-1/nonparticipate-0), and reduces the risk of ossification around nonparticipant action. (This risk is small, to be sure, but we should not clamp a bit to a constant value, if only because we want the protocol's design to consistent.)

- As to whether non-spinning should be negotiated (see [the appendix in the author's copy](https://quicwg.org/base-drafts/draft-ietf-quic-spin-exp.html#rfc.appendix.A)) versus "discretionary", I was originally a fan of negotiation (as it provides a better-than-greasing way to exercise the version negotiation mechanism), but the rules for maintaining the principle of linkability reduction across CIDs become more complicated for negotiated spin, and the benefits for observers (i.e., that an observer can classify flows by version) become far less clear in the face of that linkability reduction. So I would lean toward the discretionary approach for the sake of simplicity -- we'll just have to exercise version negotiation by shipping version 2 soon after version 1. ;)


If I can't join, have fun tomorrow. Cheers,

Brian