Re: Proposal: Increase QUIC Amplification Limit to 5x
Martin Thomson <mt@lowentropy.net> Thu, 01 August 2024 01:31 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61320C15199D for <quic@ietfa.amsl.com>; Wed, 31 Jul 2024 18:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="EKj9hf0T"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="YJjUoDv6"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHyQ4ZcT0_vy for <quic@ietfa.amsl.com>; Wed, 31 Jul 2024 18:31:15 -0700 (PDT)
Received: from fhigh4-smtp.messagingengine.com (fhigh4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E46B1C151545 for <quic@ietf.org>; Wed, 31 Jul 2024 18:31:14 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 18A58114011F; Wed, 31 Jul 2024 21:31:14 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Wed, 31 Jul 2024 21:31:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1722475874; x=1722562274; bh=lrjFBh8eyjfzUyMzdUP9wb7XKHFBgXoa TQrf3XLEtjw=; b=EKj9hf0TkXZah7G+oGTcPavHok6wQTofYvq9t9cRhxITYFiA 1YSOCDEreEXK3dyTAS5aCkNK31mJyoi2gY4SLi/QehQJfLfgEbKMrf0rJ+yS5d9B OFOO6OWYL64wykctGK+MCjmffm7QeU910YTBgLOMYHqpn5epZbUKgRt7bEEnbJ/Z vPkeqBoJTrYIf5OHUMk/W2Wdg0YZaoBSCjsBJUFzNr4ewYGJm/wm3aadjQVWKbqE 8kAfDbeZJmG7h/0qZD29/2tiLG6pwJ2ADGC0UdV46JbJyvXtJgIT2xTg1lNq3Mtp dRg7KcATxaMZ68qXR7Ybi88HG5Qvt5gsFiQumw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722475874; x= 1722562274; bh=lrjFBh8eyjfzUyMzdUP9wb7XKHFBgXoaTQrf3XLEtjw=; b=Y JjUoDv6M3IwJX6nsI1v1e45GQAVxlda+yQdmxQ2a4mR53dP1gyOICiHcUzENTIM4 S0ZsehhiPRMS7H8RtpDBAybFzh6MpeopDXHE4zKJsMmQDLpTAmKEc9+YbWi5U1om kYtha7IfCMV004jkvTqqDQHXrxz60Sbz8/Dr6llAa+KcXGv+8iFI/Ts/AD5wVtdi dkUao61eKQKB2WxjuMr4gp5FcDVqAIpTg1FjOXZF7Jb/kKtVA8RNv7u7TR96bTKN 6KlC97KjDi6WT4DFGFf5zH98P2+5HGELPqQKrsBfkG7QX5p/bxLBr6VUcBbNJUhb Bf4TOgyNmJOXdiZn8LhEw==
X-ME-Sender: <xms:YeWqZhWsy5Sd4R3HgN-t3x5LKLPIi_OezvZol1XDhf5DMtjVwkWEpA> <xme:YeWqZhk_pXgTn7mN_LNNFMgvNZLu9ADiqDNUPGIS3M6MnmBxpNjtbE3bFSW4aI3W4 YwifPGIC-PunqTIjDQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeejgdegkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfg hrlhcuvffnffculddqgedmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertder tdejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnh htrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeehteegtdfggfetheffffduleet teelvdeiieeuleejgfetvdfhhfelhedvieejteenucffohhmrghinhepihgvthhfrdhorh hgpdhgihhthhhusgdrtghomhdprghkrgdrmhhspdgtihhsrgdrghhovhenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrh hophihrdhnvghtpdhnsggprhgtphhtthhopedt
X-ME-Proxy: <xmx:YeWqZtareKUlw5YLBKlXD43HF2dtuohg647vVxlVnwPnPQYHmFRvoA> <xmx:YeWqZkXa7iAMugCZK_Ko3jGd7S6pZWWeStnHPqaxSQeChXZ0W842yA> <xmx:YeWqZrmxrOdMpdfhlVh1Iqr8PLfADaX4vgCA3nRY5e57lLr3ifBSwg> <xmx:YeWqZhd-ppHPj2y1BR_Cc_O9DobbN5NoeCQnd52l8PB9Y8TgaplDBQ> <xmx:YuWqZkAzifZMYA0S8AiLITGrDZo3ywhSWNwH4M3Sg_3-4lnMN9BF2COJ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A078A2340081; Wed, 31 Jul 2024 21:31:13 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 01 Aug 2024 11:30:53 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Nick Banks <nibanks=40microsoft.com@dmarc.ietf.org>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>, Christian Huitema <huitema@huitema.net>
Message-Id: <1375bdba-8671-4b4d-af86-8f7e6132db6c@betaapp.fastmail.com>
In-Reply-To: <DM4PR21MB3130A7C56A8D0D5C41FA9F59B3B12@DM4PR21MB3130.namprd21.prod.outlook.com>
References: <BL1PR21MB31152570F4497EBE91B3AF9FB3B02@BL1PR21MB3115.namprd21.prod.outlook.com> <4aac2fae-ddc6-453c-b974-751a7a37967c@redbarn.org> <ac725575-da13-4365-90ce-8ea55bc46e72@huitema.net> <CAKcm_gOCJha0ey38+L3MUEmCxdid4NoJQUVXzp=qaVM0Sh-QCg@mail.gmail.com> <DM4PR21MB3130A7C56A8D0D5C41FA9F59B3B12@DM4PR21MB3130.namprd21.prod.outlook.com>
Subject: Re: Proposal: Increase QUIC Amplification Limit to 5x
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: LGMEFK6EYEVZXLTC4CGLJEUBEFGYSF6V
X-Message-ID-Hash: LGMEFK6EYEVZXLTC4CGLJEUBEFGYSF6V
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-quic.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Paul Vixie <paul@redbarn.org>, IETF QUIC WG <quic@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/oOR0V89bJYhed-pR3aVNzxwR8Ks>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Owner: <mailto:quic-owner@ietf.org>
List-Post: <mailto:quic@ietf.org>
List-Subscribe: <mailto:quic-join@ietf.org>
List-Unsubscribe: <mailto:quic-leave@ietf.org>
I'm looking forward to https://datatracker.ietf.org/doc/html/draft-ietf-tls-cert-abridge-01 Certificate compression is probably enough to cut the costs down by 20% or so. The numbers for that draft [1] suggest that we can get to around 50% the size of an already-compressed certificate chain. I'm not in favour of lifting the amplification limit until we have exhausted those options. PQ certificates might change that, but that comes later. In the meantime, PQ key exchange is more urgent and that will *increase* the space we have available for certificates. [1] Estimated: https://github.com/tlswg/draft-ietf-tls-cert-abridge/tree/main/benchmarks On Thu, Aug 1, 2024, at 02:41, Nick Banks wrote: > Unfortunately, we don’t support certificate compression yet. I’d also > be interested in seeing the data with that enabled. I need to go see > if/how I can use that with OpenSSL. > > - Nick > > Sent from Outlook <http://aka.ms/weboutlook> > *From:* Ian Swett <ianswett=40google.com@dmarc.ietf.org> > *Sent:* Wednesday, July 31, 2024 12:07 PM > *To:* Christian Huitema <huitema@huitema.net> > *Cc:* Paul Vixie <paul@redbarn.org>; IETF QUIC WG <quic@ietf.org>; Nick > Banks <nibanks@microsoft.com> > *Subject:* Re: Proposal: Increase QUIC Amplification Limit to 5x > > We found that once we deployed certificate compression, we could > typically keep the cert under 3 packets, but without it, we typically > went over. I believe one reason the QUIC WG chose 3 is because we had > data to show that most certificates were small enough once compressed > to enable a 1 RTT handshake. > > I'd be curious what your results are with and without certificate > compression in your client? > > On Wed, Jul 31, 2024 at 11:15 AM Christian Huitema <huitema@huitema.net> wrote: >> >> >> On 7/30/2024 5:52 PM, Paul Vixie wrote: >> > Do we know a reason why the system's behavior won't move beyond the new >> > limit the same way it moved beyond the old one? If it's some bizarre >> > kind of leaky bucket let's have the showdown now rather than later when >> > everything is larger and ossification has begun. >> >> The concern is that the wily hackers will send a single UDP "initial" >> packet to a server, and the the server will reply with a complete flight >> of packets including key exchanges, parameters and certificates. Send >> 1.2KB to the server, see the server send back 5, 6 or maybe 10 packets >> to the source IP of the UDP packet. With that the DDOS attack has been >> "amplified" 5, 6 or maybe 10 times. >> >> The amplification limit is there to limit the usefulness of QUIC servers >> for these DDOS attackers. The value 3 was chosen because with >> "reasonable" configurations the server's first flight fits in 2 or 3 >> packets, and that there are many UDP services that provide more than 3x >> amplification (see >> https://www.cisa.gov/news-events/alerts/2014/01/17/udp-based-amplification-attacks) >> >> But if we loosen the QUIC amplification limit while other services are >> tightening, that situation will change. >> >> -- Christian Huitema
- Proposal: Increase QUIC Amplification Limit to 5x Nick Banks
- RE: Proposal: Increase QUIC Amplification Limit t… Nick Banks
- Re: Proposal: Increase QUIC Amplification Limit t… Matthias Waehlisch
- Re: Proposal: Increase QUIC Amplification Limit t… Paul Vixie
- Re: Proposal: Increase QUIC Amplification Limit t… Christian Huitema
- Re: Proposal: Increase QUIC Amplification Limit t… Ian Swett
- RE: Proposal: Increase QUIC Amplification Limit t… Nick Banks
- Re: Proposal: Increase QUIC Amplification Limit t… Martin Thomson
- Re: Proposal: Increase QUIC Amplification Limit t… Roberto Peon