Re: Authentication in draft-kuhn-quic-bdpframe-extension
Kazuho Oku <kazuhooku@gmail.com> Sun, 05 November 2023 15:50 UTC
Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0CBBC18E1BA for <quic@ietfa.amsl.com>; Sun, 5 Nov 2023 07:50:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUn9fN0yDiu6 for <quic@ietfa.amsl.com>; Sun, 5 Nov 2023 07:50:00 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A837C1705E7 for <quic@ietf.org>; Sun, 5 Nov 2023 07:50:00 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-5409bc907edso5978254a12.0 for <quic@ietf.org>; Sun, 05 Nov 2023 07:50:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699199399; x=1699804199; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rdCWqCQSX0SQivuiNfINm4Z+YOv5fBoZS0y3N687VG4=; b=ad1o9wC6kSy5LBlJYVYnoxBlR1wHjP8KbgQ22MdC4h/hCsPq6U/Oa4s4+ClGpJwlYg 9RrIuJV4qnBEi9acjN5ysTnx7Mq0w/uvUJZoLWfzRJxwFPDM+MRVfJpLLY1W3+zTObIm 4noxM4z8oNMjmai6wy0mm92TPuWb29LvbwqzzYGwvxDNhftnm6fpP3XqFSU+9sk7iaZ0 xtxq9l18NmEogy1tQgqQJ/yckZuJRGw+keTq0gfiA7JgOpAsrI0bBnf38jeHyddb8gJn 9zq5OBkIxQY+EsgA0eAuw0FjoVf+epxzF2TH65FurWldOYipzrqTFrLIZLc6AdF9FkCc 5VdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699199399; x=1699804199; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rdCWqCQSX0SQivuiNfINm4Z+YOv5fBoZS0y3N687VG4=; b=TCXk5rQlFk1mNgtPl9RIs+HwzEKk5RqpLZgR7ah5I7l5S+ycShaostFssUVAMh3jGf bUvCRGTqJ3QLpgmqXP7ngdFFQmHiz27f9v3gpneWUFYlwSYoPyUn/2f+1hf9XWd5w0RL tiFa5lL/gPALG6PAn0ZJ2ox3lt/1l0BA83X/nVZqVQkUH8oDohEBgujrTFFnCZsXUzSv FhrKM7/mQcSGgsBOemLls3hOb2vWQ1I28ydA4D80p2ZYTryR6bdFz/4wku+zydDaaItP TjYBrOGJzFPYlaSYKBH3JuPNkYgYcbpOI+qpMUq2skYnnMKnEXexXZUh+Av8jcJQP6os 4JgA==
X-Gm-Message-State: AOJu0YyZ7pvxWWdK0svSDoJE9MoHB60WZLv5en9w549PtocM2YJK58nD XpJ2XKS9qz3P4D40UJ/RLpF+GlR9yZCTuTS/hjQ=
X-Google-Smtp-Source: AGHT+IH+xxn1QZOCTv9cWsIkOROa9pfrrk6SRADHMTGD7BIE1Kq3FWM2rdDMR4AM2soud+A5raVEc/Zoqsg9zKOw5n8=
X-Received: by 2002:aa7:c494:0:b0:53d:e5d7:4148 with SMTP id m20-20020aa7c494000000b0053de5d74148mr24753230edq.1.1699199398541; Sun, 05 Nov 2023 07:49:58 -0800 (PST)
MIME-Version: 1.0
References: <CAMEWqGsGCEhC97Yt-r9YBwGCPxH6+OGj7GfTmomMDJBD6S_ZBQ@mail.gmail.com> <a7d79746-59b3-4dd5-ad74-2810ac685ec5@erg.abdn.ac.uk> <CALGR9oZRReig2_dEsbtx+ODKoaZTkKp6C5gcQZVPd_gnnWbX1Q@mail.gmail.com> <edb12370-dcba-49d7-9b2a-72660e059513@gmail.com> <18cef84568cc444f95bd8c2bc13e81b1@orange.com> <1ed18563-6de2-4d62-b6f7-b525ef6c1360@erg.abdn.ac.uk> <4f02fdee6cbf4c7aae472f2f0c177cc0@orange.com> <CANatvzzU_8OZuG7MS8dQAcyv0DSj9YegOsG3a6LifjqRncdHbQ@mail.gmail.com> <CAOYVs2o6emJ2FwtsDd83oi2L3T5rK2nB=3MUe82sFPOrtkcE_Q@mail.gmail.com> <b9229510-6c05-4f21-8b07-ea9036dea30a@erg.abdn.ac.uk> <CAOYVs2os7=AVXwp2X2dW43zJzMh8JZ9Wy6WHZWBFi3uUFEZF6g@mail.gmail.com>
In-Reply-To: <CAOYVs2os7=AVXwp2X2dW43zJzMh8JZ9Wy6WHZWBFi3uUFEZF6g@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Sun, 05 Nov 2023 16:49:46 +0100
Message-ID: <CANatvzyVhMO3Zn9pt5sWGOFBbevRSSp1+8QiK+Uvs061trbuaw@mail.gmail.com>
Subject: Re: Authentication in draft-kuhn-quic-bdpframe-extension
To: Marten Seemann <martenseemann@gmail.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, emile.stephan@orange.com, Nicolas Kuhn <nicolas.kuhn.ietf@gmail.com>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008d7e46060969b04d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/vdyzifk0OPSsanEAlREwu2s2zKI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 15:50:05 -0000
2023年11月5日(日) 16:41 Marten Seemann <martenseemann@gmail.com>: > > On different CC's: the set of parameters exchanged are fairly generic, > and I think it's very likely a client will use the same CC to talk to the > same server when it next resumes a session, so I am unsure i share the > concern about different CCs. > > Gorry, I might be misreading the draft, but in my understanding the > BDP_FRAME frame is used by servers to offload state to the client, not the > other way around, so your argument should be that the server will use the > same CC on the original and the resumed connection. The client might also > remember CC parameters, but they wouldn't be sent on the wire. > My argument here is twofold: If this frame is supposed to be read and > acted upon by the client, you now have to deal with the situation where > client and server use different CCs, which will lead to problems if server > and client don't use the same CC. On the other hand, if the frame is not > supposed to be acted upon by the client, there's no reason to use a frame > in the first place, as servers can just unilaterally decide to put the > information into the token. > FWIW, in case of quicly I'm not sure we'd want to use CWND and current RTT to calculate the jump CWND. That is because quicly has a delivery rate estimate based on ACK clock that gives us a better estimation of the available bandwidth; we'd prefer using that and the min RTT. As such, I'm not sure if having a standard definition of a BDP frame would help server implementers. To paraphrase, I think the question is if there is an appetite for the WG to define a frame solely for communicating the estimate of the unvalidated phase *to the client,* and if sending that at the end of the previous connection is the best way to do so. > > On Sun, 5 Nov 2023 at 15:32, Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote: > >> On 05/11/2023 10:04, Marten Seemann wrote: >> >> In the design of RFC 9000, frames are used to communicate information >> between two endpoints. This is not what the BDP_FRAME frame does: It's only >> saved by the client and echoed back to the server on a later connection. It >> is questionable to me if the client’s ability to inspect (but not modify) >> the contents of the frame provides a lot of value: Congestion controllers >> are inherently endpoint-specific, and (for example) reusing the parameters >> of an L4S CC with a Cubic CC, and vice versa, doesn't sound like a good >> idea. >> >> That's not what the ID says. >> >> On different CC's: the set of parameters exchanged are fairly generic, >> and I think it's very likely a client will use the same CC to talk to the >> same server when it next resumes a session, so I am unsure i share the >> concern about different CCs. >> >> Section 1.2 of the ID speaks about the possibility to share the >> infromation with the application... which might be important to tuning the >> use of the token (choosing which connection ought to use the >> Careful-Resume), and ensuring appropriate polices are used for flow-credit, >> choosing content encoding appropriate to rate, etc. >> >> >> As Kazuho pointed out, RFC 9000 already contains the concept of a >> resumption token. >> >> I'd like to understand more what that is. >> >> Tokens are opaque, so servers can encode whatever information they want >> into the token. Resumption tokens are used to validate the client’s IP >> address, so they’re inherently bound to the path. This is pretty much >> exactly the property that you’d want for resuming CC parameters. Apart from >> that, using tokens has multiple other advantages as well: >> 1. We don’t need interoperability between implementations here. The >> client is resuming the connection with the same server (or a different >> server in the same deployment), so it doesn’t matter how the information is >> encoded. >> >> I like that. >> >> 2. Depending on their CC, servers might want to encode a different set of >> parameters. This is possible when using a token, whereas the BDP_FRAME >> frame limits us to the few fields defined in the draft. >> >> Good - but I do expect that a BDP_FRAME could be made extensible. >> >> 3. The BDP_FRAME frame can only be sent in 0-RTT packets (if I understand >> correctly, I'm very confused by the phrasing of section 4), so it can’t be >> used for non-0-RTT session resumption. >> >> I think that depends a little on how we decide to finally transport the >> parms - we're open to changing this. >> >> 4. Obviously, using the token doesn’t require clients to be aware that >> this is going on, so it will work with every QUIC stack without any >> modification. >> >> Yes, that's nice also. >> >> Best wishes, >> >> Gorry >> >> >> >> On Sun, 5 Nov 2023 at 11:14, Kazuho Oku <kazuhooku@gmail.com> wrote: >> >>> >>> >>> 2023年11月4日(土) 15:44 <emile.stephan@orange.com>: >>> >>>> BDP frame is about QUIC transport (RFC9000) resumption. IMO, it does >>>> not have dependencies on RFC9001. >>>> >>> >>> I think I tend to agree with Lucas modulo the point that it would make >>> more sense to store BDP information in tokens issued by the QUIC servers[1] >>> than the TLS session ticket. >>> >>> Tokens are defined in RFC 9000. The only use case being mandated at the >>> moment is address validation but it is designed so that it can hold >>> arbitrary data. Tokens can hold BDP information as well. >>> >>> 1: https://datatracker.ietf.org/doc/html/rfc9000#frame-new-token >>> >>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Orange Restricted >>>> >>>> *De :* Gorry Fairhurst <gorry@erg.abdn.ac.uk> >>>> *Envoyé :* samedi 4 novembre 2023 14:45 >>>> *À :* STEPHAN Emile INNOV/NET <emile.stephan@orange.com>; Nicolas Kuhn >>>> <nicolas.kuhn.ietf@gmail.com>; quic@ietf.org >>>> *Objet :* Re: Authentication in draft-kuhn-quic-bdpframe-extension >>>> >>>> >>>> >>>> On 04/11/2023 13:28, emile.stephan@orange.com wrote: >>>> >>>> Hi >>>> >>>> >>>> >>>> IMO, we are speaking of QUIC resumption not TLS. >>>> >>>> >>>> >>>> Regards >>>> >>>> Emile >>>> >>>> >>>> >>>> I think QUIC CC resumption could be a part of TLS resumption. Are there >>>> also cases where these could be different things? >>>> >>>> Gorry >>>> >>>> >>>> >>>> >>>> >>>> *De :* QUIC <quic-bounces@ietf.org> <quic-bounces@ietf.org> *De la >>>> part de* Nicolas Kuhn >>>> *Envoyé :* samedi 4 novembre 2023 12:43 >>>> *À :* quic@ietf.org >>>> *Objet :* Re: Authentication in draft-kuhn-quic-bdpframe-extension >>>> >>>> >>>> >>>> Dear all, >>>> >>>> Thank you for your interest in this work ! >>>> >>>> I would tend to agree with Lucas and think we should consider scenarios >>>> where BDP frames would be used with TLS resumption and I do not see the >>>> need for proposing another trust mechanism; But there may be scenarios I do >>>> not see ? >>>> >>>> More comments inline. >>>> >>>> Kind regards, >>>> >>>> Nico >>>> >>>> On 11/3/23 16:44, Lucas Pardue wrote: >>>> >>>> Hi folks, >>>> >>>> >>>> >>>> I'm still trying to come up to speed on this spec. But when I've >>>> thought about it a little, its seemed very natural to associate the BDP >>>> frame (contents) with the TLS session. We already have a lot of text about >>>> TLS session resumption in QUIC. It feels like there is already a template >>>> design with HTTP/3 - a server sends SETTINGS to tell a client something >>>> unique about the active QUIC connection. RFC 9114 section 7.2.4.2 [1]states >>>> >>>> >>>> >>>> > When a 0-RTT QUIC connection is being used, the initial value of >>>> each server setting is the value used in the previous session. Clients >>>> *SHOULD* store the settings the server provided in the HTTP/3 >>>> connection where resumption information was provided, but they *MAY* opt >>>> not to store settings in certain cases (e.g., if the session ticket is >>>> received before the SETTINGS frame). A client *MUST* comply with >>>> stored settings -- or default values if no values are stored -- when >>>> attempting 0-RTT. Once a server has provided new settings, clients >>>> *MUST* comply with those values.¶ >>>> <https://www.rfc-editor.org/rfc/rfc9114.html#section-7.2.4.2-6> >>>> >>>> So with a bit of massaging, if we can link BDP frame to session >>>> resumption. we know that it is based on a previous trust relationship. >>>> >>>> Is there any scenario where BDP frame would want to be used without TLS >>>> resumption? >>>> >>>> [NK] I agree. >>>> >>>> >>>> >>>> Cheers >>>> >>>> Lucas >>>> >>>> >>>> [1] - https://www.rfc-editor.org/rfc/rfc9114.html#section-7.2.4.2-6 >>>> >>>> >>>> >>>> On Thu, Nov 2, 2023 at 6:17 PM Gorry Fairhurst <gorry@erg.abdn.ac.uk> >>>> wrote: >>>> >>>> On 02/11/2023 16:43, Q Misell wrote: >>>> >>>> Hi all, >>>> >>>> >>>> >>>> I've been working with Gorry (and others) on actually implementing the >>>> BDP frame extension, and further refining the draft based on experience >>>> from implementation. >>>> >>>> Q, I think I can help a little, see below, but I think there are good >>>> questions here. >>>> >>>> [NK] If the draft is not clear enough on these relevant questions, we >>>> ought to make things clearer. >>>> >>>> >>>> >>>> One thing that came up that I'd like to ask the WG's opinion on is that >>>> of authentication of the BDP frame, and when it should be sent in the >>>> exchange. I've had a few thoughts on this, it'd be great to hear what >>>> others think of them, or what other suggestions people might have. >>>> >>>> >>>> >>>> First, my thoughts on authentication. Do the CC parameters need to be >>>> authenticated at all? I would say "yes" as a client sending some >>>> unauthenticated CC parameters could cause a DoS of the server (or any other >>>> node along the path) by trying to send far too much data at once. >>>> >>>> The reason for the secure hash around the contents of the BDP Frame is >>>> to allow a server to know the CC params had not been modified. Of course >>>> you caould ask what sort of information contributes to that hash, to make >>>> the server confident that it can accept CC params from the client and >>>> believe that these have not been modifed? That could be important? >>>> >>>> [NK] The client should not be able to transmit unauthenticated CC >>>> parameters that are not checked / known by the server. In the current spec, >>>> the client can only send data previously received by the server. Malicious >>>> clients could try to cause a DoS on the server but that would not be >>>> specific to BDP Frame but to 0-RTT in general. >>>> >>>> Should the CC parameters be encrypted? Probably not, as a client which >>>> is aware of a major decrease in available capacity could compare the new >>>> link capacity to its stored CC parameters and decide not to send them. If >>>> they're encrypted the client can't inspect what CC parameters the server >>>> thinks the link will have. >>>> >>>> Perhaps the ID ought to be clearer. The QUIC Session is of course >>>> encrypted and authenticated, so, in this respect, the BDP Frame is >>>> protected in transit along the path using TLS. >>>> >>>> The current proposal is not to additionally encrypt the CC params >>>> *within* the BDP, so that a client could read these and utlise as it sees >>>> fit. This still needs to authenticate the entire set of params, so that the >>>> server could trust them. >>>> >>>> The params include an endpoint token used by a server to represent the >>>> remote endpoint - we could have used the client IP source address for this >>>> if the client had an invariant public IP source address. That's not so >>>> common with IPv6 or the use of IPv4 NAPT - so the server has to find a way >>>> to represent it's view of the client as the endpoint token. There could be >>>> possibilities to do this quite differently. >>>> >>>> >>>> >>>> How should they be authenticated? There are a few options I can see >>>> here, and I'm unsure which is best: >>>> >>>> (1) Authenticated with the TLS certificate >>>> >>>> (2) Authenticated with some other asymmetric key >>>> >>>> (3) Authenticated using some symmetric key known only to the server >>>> >>>> (4) Same as 3 but with a key identifier >>>> >>>> >>>> >>>> Options 1 and 2 allow the client to verify the authentication over the >>>> CC parameters, but this doesn't seem to be of much use to me. Option 1 >>>> additionally sets a time limit on use of stored CC parameters, as the TLS >>>> certificate will eventually expire. This doesn't seem to me to be much of >>>> an issue. A new connection far into the future (say 1-2 months) would >>>> almost certainly have different CC parameters anyway. >>>> >>>> >>>> >>>> Option 3 seems the best to me. It would allow one key to be shared >>>> across an array of anycast servers, without sharing other keying material >>>> that might be used to protect more sensitive parts of the connection. >>>> Option 4 additionally expands on this by allowing key rotation without >>>> immediately invalidating all current stored CC parameters. >>>> >>>> So, if this is about how to construct the secure hash, irt seems like >>>> an interesting topic to find out more, I'd agree. >>>> >>>> [NK] We may not specify how to compute the secure hash but that could >>>> be interesting discussions if you think the draft needs to be more specific >>>> on this. IMHO the client does not need to know how the secure hash is >>>> compute and thus not sure we need interoperability. >>>> >>>> >>>> >>>> When should the BDP frame be sent? There are two places I can see BDP >>>> frames being useful to send: >>>> >>>> (1) After initial frames but before crypto frames >>>> >>>> (2) After crypto frames and before application data >>>> >>>> >>>> >>>> Option 1 allows for the previously calculated CC parameters to be used >>>> for the sometimes quite large TLS handshake, but also precludes options 1 >>>> and 2 for authentication. Option 2 allows for greater flexibility in >>>> authentication, and also makes the BDP frame encrypted in transit. I'm >>>> unsure what the privacy implications of an unencrypted BDP frame are, so if >>>> anyone can come up with a reason CC data shouldn't be observable to an >>>> intermediary that would be greatly appreciated. >>>> >>>> :-) >>>> >>>> [NK] Do we need to specify this in the draft or should this be let to >>>> implementers to define the most relevant approach (w.r.t. frame scheduling >>>> to format QUIC packets). >>>> >>>> >>>> >>>> Looking forward to hearing your thoughts. >>>> >>>> [NK] Thank you for your comments ! >>>> >>>> Cheers, >>>> >>>> Q Misell >>>> >>>> Gorry >>>> >>>> ------------------------------ >>>> >>>> Any statements contained in this email are personal to the author and >>>> are not necessarily the statements of the company unless specifically >>>> stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan >>>> Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >>>> registered in Wales under № 12417574 >>>> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >>>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >>>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: >>>> GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean >>>> VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at >>>> Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as >>>> Glauca Digital, is a company registered in Estonia under № 16755226. >>>> Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are >>>> registered trademarks in the UK, under № UK00003718474 and № UK00003718468, >>>> respectively. >>>> >>>> >>>> >>>> ____________________________________________________________________________________________________________ >>>> >>>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc >>>> >>>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler >>>> >>>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, >>>> >>>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >>>> >>>> >>>> >>>> This message and its attachments may contain confidential or privileged information that may be protected by law; >>>> >>>> they should not be distributed, used or copied without authorisation. >>>> >>>> If you have received this email in error, please notify the sender and delete this message and its attachments. >>>> >>>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. >>>> >>>> Thank you. >>>> >>>> >>>> >>>> ____________________________________________________________________________________________________________ >>>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc >>>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler >>>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, >>>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. >>>> >>>> This message and its attachments may contain confidential or privileged information that may be protected by law; >>>> they should not be distributed, used or copied without authorisation. >>>> If you have received this email in error, please notify the sender and delete this message and its attachments. >>>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. >>>> Thank you. >>>> >>>> >>> >>> -- >>> Kazuho Oku >>> >> >> -- Kazuho Oku
- Authentication in draft-kuhn-quic-bdpframe-extens… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- RE: Authentication in draft-kuhn-quic-bdpframe-ex… emile.stephan
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Nicolas Kuhn
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Marten Seemann
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Watson Ladd
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Christian Huitema
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Martin Thomson
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Lucas Pardue
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Kazuho Oku
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Q Misell
- Re: Authentication in draft-kuhn-quic-bdpframe-ex… Gorry Fairhurst