RE: Hardware acceleration and packet number encryption

Praveen Balasubramanian <pravb@microsoft.com> Mon, 02 April 2018 16:17 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 49F8B12D77C for <quic@ietfa.amsl.com>; Mon, 2 Apr 2018 09:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1522685860; bh=udWQnZ1ngHLn7EvfCygQ+ZYvaFCG5aiVdW04XAUPzu4=; h=From:CC:Subject:Date:References:In-Reply-To:To:To; b=I2fLngViLFyvK3VFc5XtpCpeHjGyiDGfuMblQwTtJfhSe6yaufIwI33sWLnlI+H1H u5ctCwt1qJXy2We0TiOfTsBVogn3CHcP1B/pZyDBAp19YvkMVWntNidh62oOWjoYeI G9Kep4S3kSPS23zGXbZM2+RyOmOectphkDC8DSL0=
X-Mailbox-Line: From pravb@microsoft.com Mon Apr 2 09:17:40 2018
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C82412D77B for <quic@ietf.org>; Mon, 2 Apr 2018 09:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1522685860; bh=udWQnZ1ngHLn7EvfCygQ+ZYvaFCG5aiVdW04XAUPzu4=; h=From:CC:Subject:Date:References:In-Reply-To:To:To; b=I2fLngViLFyvK3VFc5XtpCpeHjGyiDGfuMblQwTtJfhSe6yaufIwI33sWLnlI+H1H u5ctCwt1qJXy2We0TiOfTsBVogn3CHcP1B/pZyDBAp19YvkMVWntNidh62oOWjoYeI G9Kep4S3kSPS23zGXbZM2+RyOmOectphkDC8DSL0=
X-Original-To: dmarc-reverse@ietfa.amsl.com
Delivered-To: dmarc-reverse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3DEF12D77C for <dmarc-reverse@ietfa.amsl.com>; Mon, 2 Apr 2018 09:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69u3aCVT2w2U for <dmarc-reverse@ietfa.amsl.com>; Mon, 2 Apr 2018 09:17:37 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on071c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe41::71c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66DC712D77B for <pravb=40microsoft.com@dmarc.ietf.org>; Mon, 2 Apr 2018 09:17:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uisAc3vwqZeRsE0Q7qHG97EI2PMs89KPmuFt0D0PpFg=; b=M+2JUMIWbzaLhnbjGuiSD3wj2DxWpADHoDCN9U40GbuRgsx8klZaHqqR2f87JXrOlqS/z02WXgxcGArSOZjnr5SB788VU2wf5qImrGMgVDw2mWNoDkQpAbCKVSIlwt5ZvnfQsK5TWMnuXWhIWvB4BFDj24eRtwPxLbfgLBuZp98=
Received: from CY4PR21MB0630.namprd21.prod.outlook.com (10.175.115.20) by CY4PR21MB0631.namprd21.prod.outlook.com (10.175.115.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.653.1; Mon, 2 Apr 2018 16:17:35 +0000
Received: from CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::de:ba33:4748:51da]) by CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::de:ba33:4748:51da%6]) with mapi id 15.20.0675.000; Mon, 2 Apr 2018 16:17:35 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
CC: IETF QUIC WG <quic@ietf.org>
Subject: RE: Hardware acceleration and packet number encryption
Thread-Topic: Hardware acceleration and packet number encryption
Thread-Index: AQHTw2pWXYDTIV9KLUGmQTRvaS20baPfab+AgAAo/YCAAFZ6AIAADAQAgAAvsICAAAzVgIAB2cSAgABzBgCAAAxXAIAADMAAgAANjwCAABZegIADoGkAgAAJ9QCAABTugIAADYsQgAQGnWCAAB1gAIAAAbwAgAJe34CAAKUXAA==
Date: Mon, 02 Apr 2018 16:17:34 +0000
Message-ID: <CY4PR21MB0630A987A60A87396C38773BB6A60@CY4PR21MB0630.namprd21.prod.outlook.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <CACsn0ckbthsn6V+0ccqZG=PF6BY74rAg-+Wwa7h=4tavOzCs+A@mail.gmail.com> <CY4PR21MB063062DBFA99CA14C6A995F6B6A20@CY4PR21MB0630.namprd21.prod.outlook.com> <CY4PR21MB0630E45900B1465B86314330B6A00@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APddpR_TmV=eiGkbmhmerKjo5KtPnbcqyVKoVNLs3kt1JNA@mail.gmail.com> <DM5PR21MB06364C709443F32193A6E196B6A00@DM5PR21MB0636.namprd21.prod.outlook.com> <27F88FC9-D6EA-485B-8D0C-0A735CAC342C@mnot.net>
In-Reply-To: <27F88FC9-D6EA-485B-8D0C-0A735CAC342C@mnot.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:7::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0631; 7:+6OG0fgw9FtXQPsHZcWymQhnk6VyqlMVtBPzUGXqxbEanDoerQbKmrsWUUOKoYX7+IUVeSSUcJvqduGfeLZ6YipindEzTHt53TLGx7l7TY2MthzHRvH+nqTbRBhAdyVmWz2JgOxJjGObfLTb+QC63BUMmCUw31Y5tiKwjYDMIrtQ8c3iiClwGQMDR2s0N0Y/LQyelvqIWwtymjTtfCkjucuf+upqRXywJ1Uo8ERjIvVSIPIEz2BMguCMDwR78w9C; 20:1mjKr0Z6Y/+POOXehA5pLM9s2iw+FK8336bpoGZ4O/J/yMskToLDkXREaWwP+6xSQQObaF9mKNYT/JF6M33zK0eWYORxQxC1eArgI+KmUnwxZkSBq3heQC2BYdSMunX3ysXMBcyM4RgRoS0bh6d97b025TbTVMDl8y/xpzuzM8Y=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 80e89cd7-b7bd-420d-40b7-08d598b53eae
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:CY4PR21MB0631;
x-ms-traffictypediagnostic: CY4PR21MB0631:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB0631CC73C0CBC481B7E784DCB6A60@CY4PR21MB0631.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231221)(944501327)(52105095)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:CY4PR21MB0631; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0631;
x-forefront-prvs: 0630013541
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39380400002)(39860400002)(366004)(376002)(13464003)(199004)(189003)(76176011)(478600001)(68736007)(316002)(2900100001)(93886005)(105586002)(7696005)(33656002)(97736004)(229853002)(11346002)(8936002)(74316002)(7736002)(8990500004)(3660700001)(305945005)(99286004)(5250100002)(22452003)(4326008)(2906002)(6246003)(10090500001)(81156014)(81166006)(486005)(476003)(3280700002)(486005)(186003)(110136005)(53546011)(102836004)(6506007)(25786009)(966005)(46003)(5660300001)(14454004)(446003)(86362001)(6436002)(53936002)(9686003)(86612001)(6306002)(10290500003)(8676002)(55016002)(6116002)(106356001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0631; H:CY4PR21MB0630.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: W3YrLomXNvf6yA16b5RLBENmnZPTDP8TncQUvMY59y+AVl4WjRzlB1fueZYlNTuWW8Ij6y8/H7pAZjJwn4p6YPIyEZsMTpl9yrdvfvBM1JmDCdnu/SiBEQPSgEDSsgNeilvYHDjKzi38IsnkyBuJZNJFmIUsVf259kGvJXdvlDkPoVLABaGJ+B1wQyWiUrZOr16BSY9TG11EixmvVpWzzXxh8A3ur1hYpE1VSdFE/488KO5Jg4ksTO+5z2S0zq3bP/IJu+a8VhbYmMh7MBMlWUynLdTlNORNogA/s9AdJ1gLEJWunw+c5YQbNiz7L/Vtg0v/kyncXzbojVYNddOV4Fg/VZXLaweRtrpuIy3+G5oBWQbmz9xSETba8RjP4DGGEY2QYlYn3PBgbDyqKiTXE9kR6qlG5ezi0/JFnLvIBJ0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 80e89cd7-b7bd-420d-40b7-08d598b53eae
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2018 16:17:34.9041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0631
To: Mark Nottingham <mnot@mnot.net>
To: Praveen Balasubramanian <pravb@microsoft.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/scaCUeEK82teBDgqLox5zAGullc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 16:17:40 -0000

Since PN is the very last field before encrypted payload, it should be ok to exclude the field from invariants. Several benefits ensue - well behaved middleboxes don't even look at an end-to-end field, leaves room for future crypto that doesn't need a cleartext nonce, datacenter QUIC could subsume PN into the encrypted portion, and cleartext QUIC in a controlled environment can just skip the encryption step. However if we add any new fields to invariants some future version onwards, would they need to be placed before PN? Since implementations will do version specific parsing this shouldn't be a big problem. 

-----Original Message-----
From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Mark Nottingham
Sent: Sunday, April 1, 2018 11:15 PM
To: Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>
Cc: IETF QUIC WG <quic@ietf.org>
Subject: Re: Hardware acceleration and packet number encryption

Hi Praveen,

On 1 Apr 2018, at 4:17 am, Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org> wrote:
> 
> PN size and location needs to be part of invariants. How the field is transformed and encoded in the clear is an end-to-end function and can change between versions. 

Invariants is in WGLC now, but does not include packet numbers. If you believe it needs to be in there, please raise an issue and we can discuss it (in a separate thread).

Cheers,


--
Mark Nottingham   https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnot.net%2F&data=02%7C01%7Cpravb%40microsoft.com%7Ce135b2a8beff46bdf44208d598611381%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636582465072048656&sdata=OigvpPbNPqhLMJDYJ4xyphpFuyanfQzrY9eOwLwX2xU%3D&reserved=0