IETF Logo Mail Archive

Re: QUIC Address Discovery

Kazuho Oku <kazuhooku@gmail.com> Wed, 25 October 2023 02:52 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D314DC1519A7 for <quic@ietfa.amsl.com>; Tue, 24 Oct 2023 19:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PkrrQkmcLnk for <quic@ietfa.amsl.com>; Tue, 24 Oct 2023 19:52:21 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F71CC151992 for <quic@ietf.org>; Tue, 24 Oct 2023 19:52:21 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-507a29c7eefso7710611e87.1 for <quic@ietf.org>; Tue, 24 Oct 2023 19:52:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698202339; x=1698807139; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CO1hvSSiPo7uNursX7VP6pZHRgQ/dIWhmfBnUsC85Ww=; b=J6i0T1I4dUCfUu4NVa3ayGrXOyrgYHlHZUym18IIkpVsmUBHIcQp1YZDHdcqG50psW tWRmNifgcDOjKXtc0gyr32NtBIixi9ujkTb5IXfVj0AYYY53m4X4wLk6LqCRQDa1kTxl td8l5dYZJxPp/h6j937JTlUALMI7g7Bg2jaKrlwbwARo5zVr69IdoKZDbjnwo+opw/j3 0MTR5Q3bdjWZq22bhzDYbCrXObc3GME80Ev4a3E3p+4D720O7SzQuBimAOm2VDLQq5Hz d9pWWspM0Qk+NMgA4dD+NIRwDSUEN7UXXmpRKRswLIS05Kv++ouu8ynAhxkyHyHmrOpd ELsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698202339; x=1698807139; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CO1hvSSiPo7uNursX7VP6pZHRgQ/dIWhmfBnUsC85Ww=; b=E+gNsRHr+FJabs0Xvz4a8Qp5M/v2o0EVGxM6HMYZeSJronsKH9CRnWl4HguEkr+aCI I4nm7ERGLyLQoAmNkHM5z7oa5FksYldViskmcB35sHVkKnwanYi/mLGS7hpMpFO4hxDH fte2Se3+1IfTsOMdWhHwzN0TK88GiAIGHDJYPhNoCvmdYfGQQ8zs1g9GyvGQt1CN+IFg l3w/kEl6GOBhx6iTpEjqiKkteJdNhBZ8aJtDuA2NQF1SP1Yf2reo8w/5n/+93b61mQLq 8lGOq8XQIzTFUcQYdNqutnXaPhpSqXV7bHA0JYoEgiZFTz1+tgdeMPpb09Lihvi9k0M5 IUlQ==
X-Gm-Message-State: AOJu0YxoBFLHoC857hr6dpS4ylxTaZlRh9GeFSTTDGKwYgmkYlBLTS3T zwKtai6FE50JUXLZnI7bvpZ1cl3ICFWoiFGRSjw=
X-Google-Smtp-Source: AGHT+IEqVmQ1e2BOBFrgBYQOoVegMn21xpW+h8SwuIj/0+9waIcThG3GzUGM3OyEczushrrMmAnrHHp8TbScw0hMYu8=
X-Received: by 2002:a19:5051:0:b0:507:b084:d6bb with SMTP id z17-20020a195051000000b00507b084d6bbmr9120631lfj.43.1698202338999; Tue, 24 Oct 2023 19:52:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAOYVs2os+0EVc-ptpFU8tbHO-4-JcPwpQ6kbbQh9n4UHC5j8rg@mail.gmail.com> <CANatvzxMFWyn6GXXB+OZAOBGNqpvAS6N565PaTvgPmqrPtN2Qg@mail.gmail.com> <CANatvzz3D-iH_-VbwVW=uJGHn_ingd7z3kB2z==eu-_JGYbtLQ@mail.gmail.com> <CAPDSy+5LeizGhCdo+4PSe297O8_+T_i=FF4pN1v=W-d2JeNfBg@mail.gmail.com> <4B3E92AC-099E-41A6-A267-C8FA099C4DF0@apple.com> <CAKcm_gOOtJh8jB=krGa6KgggXch6DRnxC6FijRJKg8vtFt+-bg@mail.gmail.com>
In-Reply-To: <CAKcm_gOOtJh8jB=krGa6KgggXch6DRnxC6FijRJKg8vtFt+-bg@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 25 Oct 2023 11:52:07 +0900
Message-ID: <CANatvzxmJvu8sjn8CgJsmhH3fS4EdTfs+tPXZ_6BwkKMOo7KFg@mail.gmail.com>
Subject: Re: QUIC Address Discovery
To: Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, David Schinazi <dschinazi.ietf@gmail.com>, Marten Seemann <martenseemann@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002c43860608818b71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/vK3pYxo830NMvKCEBJUEifgvYwo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2023 02:52:25 -0000

2023年10月25日(水) 10:40 Ian Swett <ianswett=40google.com@dmarc.ietf.org>:

> This feels like a problem worth addressing. :)
>
> Given peer addresses can change during the connection in QUIC, I would
> lean away from a TLS extension.  Also, it's unclear to me if there's any
> value for TCP.  If not, that makes a QUIC specific solution even more
> compelling.
>

FWIW my complaint against the original approach was that it needs yet
another mechanism to limit concurrency (as without one there would be
concern of state exhaustion) and that I do not like it.

Igor's approach to let endpoints unilaterally advertise peer addresses
fixes the problem, at the same time providing the ability to announce
addresses for each path at the correct moment (than using a
request-response protocol).

My +1 goes to taking that route and I have no reason to object.


> I'll let you figure out who the authors should be, but thanks for
> initiating the work.
>
> Ian
>
> On Tue, Oct 24, 2023 at 8:16 PM Tommy Pauly <tpauly=
> 40apple.com@dmarc.ietf.org> wrote:
>
>> Indeed, very much deja-vu to see this coming up!
>>
>> I do think this is still a good idea to be handled, at some layer. The
>> older draft did use random values for the request ID, not a sequence number.
>>
>>  At the same time as that older draft, we had published a proposal to
>> handle this in TLS extensions:
>> https://datatracker.ietf.org/doc/html/draft-kinnear-tls-client-net-address-00
>>
>> Thanks,
>> Tommy
>>
>> On Oct 24, 2023, at 4:19 PM, David Schinazi <dschinazi.ietf@gmail.com>
>> wrote:
>>
>> This sounds very similar to this draft:
>> https://datatracker.ietf.org/doc/html/draft-pauly-quic-address-extension
>> Might be worth chatting with the authors to see if they're still
>> interested in this topic.
>>
>> David
>>
>> On Fri, Oct 20, 2023 at 11:29 AM Kazuho Oku <kazuhooku@gmail.com> wrote:
>>
>>>
>>>
>>> 2023年10月20日(金) 14:27 Kazuho Oku <kazuhooku@gmail.com>:
>>>
>>>> Thank you for the draft.
>>>>
>>>> I do not have enough knowledge to comment on the use-case, but I have
>>>> one concern regarding the design.
>>>>
>>>> It seems to me that the credit (i.e., permitted sequence number space)
>>>> for sending REQUEST_ADDRESS frames is not bounded.
>>>>
>>>> Doesn't that mean that an attacker can issue an arbitrary number of
>>>> REQUEST_ADDRESS requests without sending acks, thereby causing state
>>>> exhaustion at the receiver?
>>>>
>>>> That leads me to wonder if it is the best way to implement this sort of
>>>> request-response protocol directly on top of QUIC frames. What is the
>>>> rationale for defining this protocol not on top of QUIC streams, as part of
>>>> the application protocol?
>>>>
>>>> FWIW, if use of QUIC streams is undesirable, one alternative would be
>>>> to use TLS post handshake messages (i.e., the CRYPTO stream at the
>>>> application packet number space). The benefit of such a design would be
>>>> that the address discovery mechanism would then work on any protocol built
>>>> on top of TLS (e.g., TLS-over-TCP, DTLS, QUIC).
>>>>
>>>
>>> PS. Or, if we are seeing an emerging pattern of using one QUIC
>>> connection for conveying multiple application protocols (looks at
>>> WebTransport), is there a need to agree on (if not standardize) how QUIC
>>> streams are shared among the application protocols?
>>>
>>>
>>>>
>>>> 2023年10月20日(金) 3:39 Marten Seemann <martenseemann@gmail.com>:
>>>>
>>>>> I just published an I-D that defines a mechanism for QUIC endpoints to
>>>>> discover their (public) IP address and helps them determine their position
>>>>> in the network (e.g. if they're behind a NAT):
>>>>> https://datatracker.ietf.org/doc/draft-seemann-quic-address-discovery/
>>>>> This is especially helpful for QUIC nodes running in a p2p setting.
>>>>>
>>>>> A similar result could be achieved by using STUN on the same UDP
>>>>> socket, but there are several advantages of doing it inside of QUIC. See
>>>>> the draft for details.
>>>>>
>>>>>
>>>>
>>>> --
>>>> Kazuho Oku
>>>>
>>>
>>>
>>> --
>>> Kazuho Oku
>>>
>>
>>

-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email