Re: a proposed way forward was Re: Spin bit decision
Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Wed, 03 October 2018 08:18 UTC
Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E5E1311FF for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 01:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izDpY1mTE7V2 for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 01:18:33 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF5D0131090 for <quic@ietf.org>; Wed, 3 Oct 2018 01:18:33 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id h26-v6so4688281otl.9 for <quic@ietf.org>; Wed, 03 Oct 2018 01:18:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=VK58pB6+/qWOkL9DRsIM72+ZMSdTbcFljWPOY9ELVMc=; b=pSZiqn1btfhR/rMni2nhN7WV+aUIUjYJZ480IEsWzAZzgqBkZHj3DWHYhnvcKSf/CU wFXFuum3AQSoOrJ0O19e3cLc+Nb6E0bb6Pw2BsXjIgjlG8nvZNfm8shsOstsllan8cgk 2gLTXPv1J5jkrSo9MUZszSbqdWvCjT8OtLBzgUrdczFY8rHpEDFP8bic4pLLolGG4X/L Ph0dwMUnI59fmGx7rmiR7gE/HuGc1oo+NOc3/Gbpjyjo67d3NfX7niqJdN2gWMetUAlR /OErjQBvkTPQClueJk4F2Bu46kTHBxMC9zjEaYHjMtMEr1F+7dlwpf5O5JsyzHMalXRp Fq3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=VK58pB6+/qWOkL9DRsIM72+ZMSdTbcFljWPOY9ELVMc=; b=L25oY1ZHWsXqJAFcDyxo6KYEkEutCmWbqZwYZe0sxuDgruZduQSpD3ILPcjYId3fVS ighSI1aLrnWJUs3G9CFG83RmWysYUSVOobr2Xx+znbYfFTZU7XfYPWwirxbkQH4uyGcn PGJxKvSBIHlZw2LdVYh65okB6qJvQDGJwiKKsZJ6+GZ8OJ5O2kcUm599dwzVLAJroud4 GdUmj+k6ffa8+ogH2lZt8ZBpi8QqIVw1fPljquV9iWboTvfI4PuX03iMhMGkVOy+oLQ3 FSOYIX3vo3WaSSJx/cpSIMLq4egwykuAPWNyDMIgGsRILa7U3Xkyvws/6TFFpPkFuIDe r6TQ==
X-Gm-Message-State: ABuFfojJM8QPl6gjhMPzOo3r7PY/KV96ooV+xh5DsujPN2jO4osMYulL Mi5w0ccVp//Uv8zwUX+xOZZXmDcGU5JWBZsP40g=
X-Google-Smtp-Source: ACcGV63cxYIB0XOls18Rkbe/2rPH2bc6R/6ol20k7csCZXAV0rFWU+fR9gxgejx7hWeyPOSZhwVdrFMSColmITAo5O0=
X-Received: by 2002:a9d:429a:: with SMTP id r26mr188961ote.337.1538554713094; Wed, 03 Oct 2018 01:18:33 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 3 Oct 2018 01:18:32 -0700
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <055E2627-9D6C-45E8-8130-069B4891D24C@trammell.ch>
References: <14531_1538460420_5BB30B04_14531_237_4_c0f3a391-9897-80b0-575b-aa73edad0d52@orange.com> <9A63F295-5DC5-4992-9A9C-A98F72C8430D@eggert.org> <22440_1538469028_5BB32CA4_22440_292_2_8e00a462-2bbf-acf0-1195-74269a0c2fbd@orange.com> <3E3DBC15-FE42-47CF-AF7A-1F2597ED2390@eggert.org> <24019_1538484216_5BB367F8_24019_26_1_8e6b0d8e-78f0-56c7-e731-da2ff22cb194@orange.com> <08A9C80F-59E6-46EE-A4D4-1F78F5085CF7@eggert.org> <9737_1538485723_5BB36DDB_9737_147_1_82e0e028-b0e8-5e09-7bd5-e66db97c556a@orange.com> <E7479831-9594-444E-9545-A162E8D9B154@eggert.org> <32072_1538492813_5BB3898D_32072_266_1_8380ff40-29fe-269b-8ed7-4331c9e53f4d@orange.com> <MWHPR22MB0991D93D706031603B077BFCDAE80@MWHPR22MB0991.namprd22.prod.outlook.com> <CAKcm_gM+zAEwfimHsorsWprJgS7O++85EOjpQoNY0LviaQ+KNQ@mail.gmail.com> <45751C2A-9F6C-4447-8D70-11ABE8C07F8D@trammell.ch> <CANatvzzCvmbu=bN1C-UCzNaT6EUPVCMPwY53wyFNkKa4HQT00g@mail.gmail.com> <7221_1538551972_5BB470A4_7221_106_1_4a70bd20-3b2e-d4a6-4832-23024e1119f0@orange.com> <CAN1APddaqCxYr5rZVfd5K_LWMDigcRdhj4CihdCVo3F=NH0idg@mail.gmail.com> <055E2627-9D6C-45E8-8130-069B4891D24C@trammell.ch>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Wed, 03 Oct 2018 01:18:32 -0700
Message-ID: <CAN1APdfY_7gxYmMnG-RX4TMeCMeepxJwJGfu-9xVt1drjQzHSA@mail.gmail.com>
Subject: Re: a proposed way forward was Re: Spin bit decision
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, Lars Eggert <lars@eggert.org>, Mike Bishop <mbishop@evequefou.be>, IETF QUIC WG <quic@ietf.org>, alexandre.ferrieux@orange.com, Kazuho Oku <kazuhooku@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000243d7105774eafe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/oqoM7QueKtMKLCkVxmRENIcAeic>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 08:18:37 -0000
You are right that there are other obstacles to prevent detection that just RTT. You can imagine an alternative DNS service and router system that send traffic in one direction and then forwards traffic into the general backbone. So you have a person in Asia connect to a US university that has router that forwards packets out into the general internet without terminating anything as a sort of extended NAT box. I might be missing something here, but that is my train of thoughts. The latency is not hiding the distance between the two continents but it can reveal detectable anomalies in traffic. More generally, you could apply machine learning to RTT - or to any other observable parameter. I’m not really against the spin bit and I agree that there are often better ways to achieve such attacks, but dropping the spin bit is a really easy first line of defence. Hence, for the cases I listed you cannot expect cooperation on the spin bit even if the attack is unlikely. On 3 October 2018 at 09.58.12, Brian Trammell (IETF) (ietf@trammell.ch) wrote: hi Mikkel, I think we're having trouble with the many meanings of the word "proxy" here. It can mean at least three things in this context, each of which has different implications for RTT measurement: (1) Web proxying. The web proxy terminates transport connections, and as such the spin bit would only expose the RTT on the segment between the proxy and its Internet-side peer. Since the whole point of the proxy from a privacy standpoint is to make traffic look like it's coming from the proxy, exposing this RTT is not an issue. (2) Transport-terminating proxying. Here the proxying happens at the stream, as opposed to the request level. For spin bit measurement, this is equivalent to (1) above. (Note that this is widely deployed for TCP in the form of transparent back-to-back proxies, which won't work in QUIC since the security association protecting the transport is end-to-end.) (3) Proxy-via-NAT. Here the proxy simply rewrites UDP addresses; in this case, since the transport association is not terminated, the spin bit will expose full end-to-end RTT. Indeed, in this case, endpoints may want to disable RTT measurement. > On 3 Oct 2018, at 09:45, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote: > >> >> At last a concrete argument, thanks ;) >> But why would exposing the RTT be harmful in a NAT/UDP-proxy scenario ? > Great firewall censorship. Say more here? I don't see the relevance. > VPN proxy to bypass streaming restrictions by country. AFAIK most/all of these are of type (1) and (2), so not relevant to the discussion. > Hackers that proxy traffic via a legitimate cooperation. For web traffic, at least, this would probably be of type (1). > Internet access providers prioritising local traffic. This can and always will be done via other identifiers, so even if RTT is exposed here, it is of limited utility/threat (depending on which team you're rooting for). > High latency onion routing traffic. Necessarily always terminates transport. However, the fundamental design properties of circuit-based anonymity systems do mean that if you're doing something like running a VPN tunnel over ToR (for.. some reason?), then you should turn off the spin bit for traffic within that tunnel. Client opt-outs seem to be mostly sufficient for this, though. Cheers, Brian > >> >> >> >> _________________________________________________________________________________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. >> Thank you.
- Spin bit decision alexandre.ferrieux
- Re: Spin bit decision Lars Eggert
- Re: Spin bit decision alexandre.ferrieux
- Re: Spin bit decision Lars Eggert
- RE: Spin bit decision Marcus Ihlar
- Re: Spin bit decision Lars Eggert
- Re: Spin bit decision alexandre.ferrieux
- Re: Spin bit decision Lars Eggert
- Re: Spin bit decision Mikkel Fahnøe Jørgensen
- Re: Spin bit decision Brian Trammell (IETF)
- Re: Spin bit decision alexandre.ferrieux
- Re: Spin bit decision Lars Eggert
- RE: Spin bit decision Nick Banks
- Re: Spin bit decision alexandre.ferrieux
- Re: Spin bit decision Brian Trammell (IETF)
- RE: Spin bit decision Lucas Pardue
- Re: Spin bit decision alexandre.ferrieux
- RE: Spin bit decision Lucas Pardue
- Re: Spin bit decision Benjamin Kaduk
- Re: Spin bit decision Lars Eggert
- RE: Spin bit decision Mike Bishop
- Re: Spin bit decision Ted Hardie
- Re: Spin bit decision Ian Swett
- RE: Spin bit decision Mike Bishop
- Re: Spin bit decision Marten Seemann
- signaling that QUIC is QUIC was Re: Spin bit deci… Brian Trammell (IETF)
- a proposed way forward was Re: Spin bit decision Brian Trammell (IETF)
- Re: a proposed way forward was Re: Spin bit decis… Marten Seemann
- Re: Spin bit decision alexandre.ferrieux
- Re: a proposed way forward was Re: Spin bit decis… Kazuho Oku
- Re: Spin bit decision Kazuho Oku
- Re: a proposed way forward was Re: Spin bit decis… alexandre.ferrieux
- Re: a proposed way forward was Re: Spin bit decis… Mikkel Fahnøe Jørgensen
- Re: a proposed way forward was Re: Spin bit decis… Brian Trammell (IETF)
- Re: a proposed way forward was Re: Spin bit decis… Brian Trammell (IETF)
- Re: a proposed way forward was Re: Spin bit decis… Mikkel Fahnøe Jørgensen
- RE: a proposed way forward was Re: Spin bit decis… Lucas Pardue
- Spin bit as a negotiated option alexandre.ferrieux
- Re: a proposed way forward was Re: Spin bit decis… Kazuho Oku
- Re: a proposed way forward was Re: Spin bit decis… Kazuho Oku
- RE: Spin bit decision Mike Bishop
- Re: Spin bit as a negotiated option Kazuho Oku
- Re: Spin bit as a negotiated option alexandre.ferrieux
- Re: Spin bit as a negotiated option Kazuho Oku
- RE: Spin bit decision Gabriel Montenegro
- Re: Spin bit as a negotiated option alexandre.ferrieux
- Re: Spin bit as a negotiated option Kazuho Oku
- RE: Spin bit as a negotiated option Mike Bishop
- RE: Spin bit as a negotiated option Marcus Ihlar
- Re: Spin bit as a negotiated option Marten Seemann
- Re: Spin bit as a negotiated option alexandre.ferrieux
- RE: Spin bit as a negotiated option Marcus Ihlar
- Re: Spin bit as a negotiated option Brian Trammell (IETF)
- Re: Spin bit as a negotiated option Brian Trammell (IETF)
- Re: Spin bit as a negotiated option alexandre.ferrieux
- Re: Spin bit as a negotiated option Kazuho Oku
- Re: Spin bit as a negotiated option Kazuho Oku
- Re: Spin bit as a negotiated option Brian Trammell (IETF)
- SV: Spin bit as a negotiated option Marcus Ihlar
- Re: Spin bit as a negotiated option alexandre.ferrieux
- Re: Spin bit as a negotiated option Kazuho Oku