IETF Logo Mail Archive

Re: Hardware acceleration and packet number encryption

Ian Swett <ianswett@google.com> Mon, 26 March 2018 14:32 UTC

Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2047C1273E2 for <quic@ietfa.amsl.com>; Mon, 26 Mar 2018 07:32:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIBk-h7JJ0t6 for <quic@ietfa.amsl.com>; Mon, 26 Mar 2018 07:32:24 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B4021250B8 for <quic@ietf.org>; Mon, 26 Mar 2018 07:32:24 -0700 (PDT)
Received: by mail-io0-x22c.google.com with SMTP id y128so23525918iod.4 for <quic@ietf.org>; Mon, 26 Mar 2018 07:32:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OVVlOAeLKrIlHxwaDy36QAjVOHkSIXGWZJvK5Td69FQ=; b=LZkFaA6RI1mglbQaiEYBpnRtMOD5atLt+pQxQ29J9WdM6sCcMwe2ym8S8TAqr2eS+S Un/vyNEbH3APRW2HW5xwSF36Q8WTQQADpDJKt2J0lBq9bAs+EluEli+IdB9Ed4YDtZsf /SXcAfO6i2QyNDCqD8W3wCmmX+6SLW3JF7SZInG/9+aHV4e/y4hCQwqvqnxmbDLf3Sf+ AfbCFDIK6+EsDAr2jS7bPzSOhTUe02Yum8DSppZNyI8nhxiUwKycY6MjbFBYXdRzQyny JXHYhnHEzoyMl4oemku5qMEixHbo7c51oKyA3qvPGHCQC0NnUdTOhHzI7BOwDx1fwL/m yVOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OVVlOAeLKrIlHxwaDy36QAjVOHkSIXGWZJvK5Td69FQ=; b=mr5U2v8xaP4nkt4fIA3x6p7XWlpQXc3sf7mAhD44bSYrswbZCMUBLdwouuihhYLNdP Rf4CBBneV4jYlMyrf5GhjJx1xWmIftippimnLE2XhG59PGk+485h0MTJVfYqOh3jLgor 5ESGAeuR0iFmmemQ+LcZoukKjx+uMRtCgH0zIfeQ8OOaoQV12MSyBmUcexNKOs9xpLTQ ObHarw6em2j4RUsG6cRDxDcFqTaN/8A9AzDZZaEfvhz+6rnlgRpBMjjyCHqBniAWO8k9 9kg+BtvZQBpUjOvka9YjWVUELj7LDyRqrsjMJ/xwVqr4UiYuHwpNYx1CGBAA1ooEssWS 6K1Q==
X-Gm-Message-State: AElRT7HqBmtIeD+D/q++R3pnbrdScKmPe5ZvuV7k7juWt09WpFDP+T5b MVQSnzrQmvDI8PzU9VcSSYcNiBcQwQhETUJBEkb/ew==
X-Google-Smtp-Source: AIpwx48lWW9uAA5qoqaru2pzsWzZ+9e0OLSQy+UasGraep5X9PBB+o3HfqytjgmaJ3pratCkD/7NnCn/rqxW/HTJesw=
X-Received: by 10.107.12.202 with SMTP id 71mr6412330iom.63.1522074743235; Mon, 26 Mar 2018 07:32:23 -0700 (PDT)
MIME-Version: 1.0
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com>
In-Reply-To: <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com>
From: Ian Swett <ianswett@google.com>
Date: Mon, 26 Mar 2018 14:32:12 +0000
Message-ID: <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com>
Subject: Re: Hardware acceleration and packet number encryption
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "Deval, Manasi" <manasi.deval@intel.com>, Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>, Christian Huitema <huitema@huitema.net>, Kazuho Oku <kazuhooku@gmail.com>
Content-Type: multipart/alternative; boundary="001a113fc42c650bdf056851a4d8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/o82RQoUPt2PO157s74rsxFuvV4M>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 14:32:27 -0000

Good question Rich.

I'd estimate almost no clients would have this, unless a client is actually
another machine in a datacenter.

I can imagine 50% of servers may have this, but that's certainly an
estimate.  Today, based on talking to many organizations who operate
servers, I think this number is <10% on the public internet.  Datacenters
may be higher, I'm not sure.

I would much rather do #1079 than add extra bytes in the header to make
crypto offload easier.

Because the current PR uses the front of the encrypted payload as input to
the PN encryption, one could encrypt the front of the packet(ie: 2 AES-GCM
operations), then encrypt the packet number, then discard the front of the
payload and do everything with bulk offload or start encrypting after the
beginning of the packet.  This may cause an implementation to put padding
into the beginning of the packet if they want offload and have nothing
useful to send, but that seems better than forcing everyone to waste bytes
and add more unencrypted bytes to the header.



On Mon, Mar 26, 2018 at 9:46 AM Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
wrote:

> I added some comments to PR related to my previously suggested changes to
> the encryption scheme
> https://github.com/quicwg/base-drafts/pull/1079
>
>
> Mikkel
>
> On 26 March 2018 at 15.02.30, Salz, Rich (rsalz@akamai.com) wrote:
>
> What percentage of QUIC clients and servers are likely to have this
> hardware offload, and under what timetable?  And are those claims true for *
> *all** hardware acceleration?
>
>
>
> I appreciate that this is really asking to guess and predict the future, *
> *But** a hardware vendor is making the team inclined to give up privacy
> for a performance gain. That’s not the right trade-off for us to be making
> at this point in time.
>
>
>
> -1
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email