IETF Logo Mail Archive

Re: Is "Version Greasing" a new benfit or a new obstacle?

Martin Duke <martin.h.duke@gmail.com> Fri, 19 April 2019 18:33 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12B44120320 for <quic@ietfa.amsl.com>; Fri, 19 Apr 2019 11:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id haVCysN4t8zH for <quic@ietfa.amsl.com>; Fri, 19 Apr 2019 11:33:02 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D4AF120110 for <quic@ietf.org>; Fri, 19 Apr 2019 11:33:02 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id c1so7031209wml.4 for <quic@ietf.org>; Fri, 19 Apr 2019 11:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=74eOXip1SCuM8avfSpipWpmmISUoEUadBs1OR0ABdMI=; b=hgfjjaSCRCLYFUQxFAaNDTqWa5Fin4v0yDI8cxV5S2vK1mrToBZCPQ+tw4eQFa2hDc YFzifZmNFztmJj1DDcqUoS3vfasKC75Ov0dwIgcb4tmepKv8fFd5VS38MQvCwBLD3wgl kZSbeoTaAPJ2kwMZhKJAUwRQgn8qvhzE0YKbbuPnL7VvrewyUlpqVZDNJo/Vm0Jjnvpt K4XAuZ6ZbbACL2ovtahAj+Mlg/0VIuGjLzwe5fJExXETENxsbKCMgj7PmD+IPRHFs6ES UzyVwjqoU681NsAuUpM23ohN0PUVF6hHqHp+ZBUx/JoGfpzG2GZyRCAuuxDuQgbtaqLa 2eWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=74eOXip1SCuM8avfSpipWpmmISUoEUadBs1OR0ABdMI=; b=d+2cC/E3KWlB3ZAlwN+dkYQikLV5zKjxmEiQn1rnYYpfJHFVzlbRg030ij9STrcqQF FLw8j6EzR8VvTv/eMUNL02EX1aa38uFpgGsG8Ha63LMm32XDbtH0mrnh8QQm/eLz8o/Z Dwdz8zpSd6Uz3L9V9mlY0v7EHED+ubaCpAsHGhLoUfvCu8XQ2mybj7uyJzDGAgNw/Oma TTAlun+vHwh1ZEIl3zlhebNUw8P4ccxRKmKYIGr/1q13Cgbhxqcmgmq6S/4jlEgJNPXx p6hYRfBmjcupTsYs6Boe6zotLLgEELIQ+F7shZ6TomzgEVBDhcP+8756pyOpBkEbmJe0 Mtag==
X-Gm-Message-State: APjAAAU1IDTuywKLsiVrkEGak3FGIkVD8BypAhUraHaNDTZAKCJ+B+xi VJZTJn6/zhWo8H+xfUD5ncrpzcR88hbQoJFTmi0=
X-Google-Smtp-Source: APXvYqycC2quFZpG/WoyVgjr1bf7ihaiFlZEjbnK+yHfa4DUsIL1h84uP2KBbM/69xcpQSSPFTxxIPh89VydbBxfVnA=
X-Received: by 2002:a1c:ac07:: with SMTP id v7mr3355230wme.49.1555698781033; Fri, 19 Apr 2019 11:33:01 -0700 (PDT)
MIME-Version: 1.0
References: <5CADADDD.7010005@erg.abdn.ac.uk> <EBF1BF30-62A5-4659-8AEC-0D5B3F2D65C6@fb.com> <BL0PR11MB3394294313F8F54A3D0CF4A3902E0@BL0PR11MB3394.namprd11.prod.outlook.com> <CAN1APdcm0hnT_Mu7D7x5QM6pApOQw1RdWCBkgY16bd5YWNtFkA@mail.gmail.com> <9084B09D-5E13-49FA-BA93-0D7276CDE420@erg.abdn.ac.uk> <CAN1APdeSF0-_N=mb1xkoe_qLwoVqP+X9_Wawi=Zu__6wdHtbOQ@mail.gmail.com> <699E2135-A3CE-4D33-91F6-D3C96E66674F@ericsson.com> <CAN1APde2SO6fkNzyznbv2-xNuXkkuC=bN3p8xRgwmRAmsZxrgA@mail.gmail.com> <EC83F879-6A46-405E-B0A1-777B7A5AF55B@trammell.ch> <CAN1APdcCAK9aaGVA2aRUaOytmpzof3LB_XVVsasKmJaK5=d2hQ@mail.gmail.com> <C09D5A73-E83A-4096-864D-456A684EE1E2@trammell.ch>
In-Reply-To: <C09D5A73-E83A-4096-864D-456A684EE1E2@trammell.ch>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Fri, 19 Apr 2019 11:32:48 -0700
Message-ID: <CAM4esxTt5vWnp-oAca-9AcykBoJQ5UqYiXatFobKm-nmAZ0Mdw@mail.gmail.com>
Subject: Re: Is "Version Greasing" a new benfit or a new obstacle?
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "quic@ietf.org" <quic@ietf.org>, "Border, John" <john.border@hughes.com>, Roberto Peon <fenix@fb.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000389b3e0586e65978"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/q7P3G3nRMpsHZ3uWwpYOlgCfbbk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2019 18:33:05 -0000

On Mon, Apr 15, 2019 at 4:15 AM Brian Trammell (IETF) <ietf@trammell.ch>
wrote:

>
>
> > On 15 Apr 2019, at 11:28, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
> wrote:
>
>
> > Will it help to be is opaque as possible, or not? Some of the scenarios
> I posted earlier show that no matter what you do, something will get in the
> way.
>
> This all comes down to the threat model, and the model of incentives for
> on-path devices.
>
> I personally think the correct design target is to put trivial
> QUIC-discriminability into the wire image, since there will be a lot of
> pressure to distinguish QUIC from not-QUIC traffic regardless of what we
> do, and if we don't put grippy bits in the wire image, the distinguishing
> functions will grip on to the slippy bits, with difficult to predict
> outcomes. I recognize I am in the minority (of people who speak up) on this
> issue, though.
>
> Cheers,
>
> Brian
>
>
Can Brian (or anyone else) comment on what the threat model was that caused
middleboxes to drop TLS 1.3 when it used the actual version field? It seems
especially perverse for non-surveillance devices to drop future versions
that are, almost by definition, more secure. At this moment, my strong
support for greasing is driven my fear of this behavior that seems
nonsensical to me.

v2.23.0 | Report a Bug | By Email