IETF Logo Mail Archive

Re: Spin bit discussion - where we're at

"Eggert, Lars" <lars@netapp.com> Wed, 29 November 2017 07:09 UTC

Return-Path: <lars@netapp.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45367124C27; Tue, 28 Nov 2017 23:09:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p3gFini_j66F; Tue, 28 Nov 2017 23:09:09 -0800 (PST)
Received: from mx142.netapp.com (mx142.netapp.com [IPv6:2620:10a:4005:8000:2306::b]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A364F124BAC; Tue, 28 Nov 2017 23:09:09 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.44,471,1505804400"; d="asc'?scan'208";a="225118421"
Received: from vmwexchts04-prd.hq.netapp.com ([10.122.105.32]) by mx142-out.netapp.com with ESMTP; 28 Nov 2017 23:09:08 -0800
Received: from VMWEXCCAS05-PRD.hq.netapp.com (10.122.105.21) by VMWEXCHTS04-PRD.hq.netapp.com (10.122.105.32) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 28 Nov 2017 23:09:09 -0800
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.120.60.153) by VMWEXCCAS05-PRD.hq.netapp.com (10.122.105.21) with Microsoft SMTP Server (TLS) id 15.0.1320.4 via Frontend Transport; Tue, 28 Nov 2017 23:09:08 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9uw2E8SuM/7uen/f82zbL1YNl2gky+MDmEesKmvFKyE=; b=h/b8ke18wjC/btzLGplXbKKzMIhV6dge1btLfU8s8LsrL8hRH2xmCZVcYtwHNWhfU12DXGM+xzfu8etXTkb8MivifQKxY4dtbtBuybIlzW6cGdbkBGPRobs1VLFodzAi9V/LSqqgBuCff+fkHXCPMbphjG8hYrpz+PGrxD1+aVE=
Received: from BLUPR06MB1764.namprd06.prod.outlook.com (10.162.224.150) by BLUPR06MB1763.namprd06.prod.outlook.com (10.162.224.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.4; Wed, 29 Nov 2017 07:09:06 +0000
Received: from BLUPR06MB1764.namprd06.prod.outlook.com ([10.162.224.150]) by BLUPR06MB1764.namprd06.prod.outlook.com ([10.162.224.150]) with mapi id 15.20.0260.007; Wed, 29 Nov 2017 07:09:06 +0000
From: "Eggert, Lars" <lars@netapp.com>
To: Brian Trammell <ietf@trammell.ch>
CC: "Black, David" <David.Black@dell.com>, "tsv-area@ietf.org" <tsv-area@ietf.org>, QUIC WG <quic@ietf.org>, Al Morton <acmorton@att.com>
Subject: Re: Spin bit discussion - where we're at
Thread-Topic: Spin bit discussion - where we're at
Thread-Index: AQHTY2jqp1VdukIM2U+G9HAjuBI8daMgHeUAgAANHICAAAmEgIAABm6AgAbXQwCAANXCAIACjivQgAAUcYCAAHB8gA==
Date: Wed, 29 Nov 2017 07:09:06 +0000
Message-ID: <ACD69529-69AD-4334-9195-BF17CF5EBB9A@netapp.com>
References: <AFEE7BBA-E5DC-4064-AA19-33921EAF4C01@mnot.net> <21B07D8C-C4A1-4321-9E43-61C9DB9DC4CA@trammell.ch> <fd09b775-4c0e-9d99-e49c-421212f2e5e4@cs.tcd.ie> <F4F7A438-F30F-406B-9971-DA05DA458B44@netapp.com> <C8DDB9E3-C8F9-49CB-8C6D-E381C00AC02D@trammell.ch> <4D7F4AD313D3FC43A053B309F97543CF4904F2FD@njmtexg5.research.att.com> <791D0F33-4CB7-4049-AF29-174E41C1FD2E@netapp.com> <CE03DB3D7B45C245BCA0D243277949362FD920D9@MX307CL04.corp.emc.com> <E67F3C59-19E5-4B8C-8B63-422A80F27D99@trammell.ch>
In-Reply-To: <E67F3C59-19E5-4B8C-8B63-422A80F27D99@trammell.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.4.7)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=lars@netapp.com;
x-originating-ip: [109.43.1.141]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BLUPR06MB1763; 6:qupB32bMn4CtHD+CY69E7Dn+zLFuCm6CAqDfcETKz/DT5arU6DUWLyASMg1kZt1ViXZJmm5y/yYmDCsVMa9ncRG60WaMmYkFdXkb5JuaPyt5DOSoCNg3mg8TFbKRFNEQs1C6dA/xFSZbcEVQkmQevQYp2UTKmHZjJyqMVYGELhLgbNPlCxU/Q5e/UCPGYDN2i+iuUVso8yxa8R6VWnE8+Na1Vgqg26lpWnqUoKlkqPZbPaZi0qQWiDVP9aSXJb7zJhVulCCr05Ck9DVygwp5outb5tun09YrW6hsH2223xdm9OWFFHRTnZcae3g1gm9pV/+0qp2ZNy54R5UHlZmvo/rUp6ZRZOpaciGImDG3Akk=; 5:FvvB9ktyxQHtH1HoPM/4S7Dua/5Y8yv0XGU0i4HpqIC9yBvH83OrvSV0/CZTvSJmn6U7z2JVAHWJA56xVKAYlwaZR7mdPXA1fz0QXVOzq98PbNYtrjXtT0Z8XQ8ygcR/FOFwmX14EsT7QA5km4smoiEdGK8eR2sqx7Wqb4xee74=; 24:FL2iQ/WWOjbFvi4qFGIZOJ18Wv+de6undAZ/Kq0IqKUhMJOC3OfkMUasJEyIOHo55BF65WNScoXbIiYRqrP21k+6qBJhf2GUlRWr0vz4QLI=; 7:VyhiF+X7Rr/QXp7+8DjsKzRr4Hugq6lk+C2wupRRgmk6qenYBphduAS3EczWIGsyitDRhMme5L/nny4YzfFd4sH3Y/FFnnlCilUZubTcQFFif37oddIWcoHZgHxPsB835WjwXXZHSyLQ5Qx+8SZkObAARJNigN1egLjDntuMOfEhFdY1bj7AfXzqMwjjmImKUXOgkaWydGUwcpOMxMh75HSek037eCRnAwVnKgm0915kUl69hSZnR3bEslnRNTea
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e7b39c40-34ba-48c6-61d8-08d536f8146f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199)(49563074); SRVR:BLUPR06MB1763;
x-ms-traffictypediagnostic: BLUPR06MB1763:
x-microsoft-antispam-prvs: <BLUPR06MB17630DFD44B7788F68BB3140A73B0@BLUPR06MB1763.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(10201501046)(6055026)(6041248)(20161123558100)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(6072148)(201708071742011); SRVR:BLUPR06MB1763; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BLUPR06MB1763;
x-forefront-prvs: 05066DEDBB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(346002)(376002)(24454002)(199003)(377424004)(189002)(86362001)(575784001)(99286004)(6246003)(8666007)(8936002)(99936001)(6512007)(68736007)(57306001)(14454004)(50226002)(54906003)(53936002)(6116002)(3280700002)(3846002)(229853002)(50986999)(4001150100001)(76176999)(4326008)(6506006)(102836003)(101416001)(478600001)(3660700001)(77096006)(6486002)(6436002)(97736004)(25786009)(2906002)(33656002)(106356001)(105586002)(189998001)(93886005)(305945005)(8676002)(7736002)(2900100001)(2950100002)(66066001)(83716003)(53546010)(316002)(36756003)(6916009)(5660300001)(81156014)(81166006)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB1763; H:BLUPR06MB1764.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_B91C8370-C8A8-4F99-BE9F-A1C45F966D52"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e7b39c40-34ba-48c6-61d8-08d536f8146f
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2017 07:09:06.4332 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR06MB1763
X-OriginatorOrg: netapp.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/wekoYWDKevgidtZoFXNwCNbmupM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 07:09:11 -0000

Hi,

On 2017-11-29, at 1:26, Brian Trammell (IETF) <ietf@trammell.ch> wrote:
> There are three possible states for an ECN negotiation: not attempted, failed, and succeeded. Each of these can add a fractional bit of information about the client and server TCP implementations. If a server negotiates ECN, you can be reasonably certain that it supports ECN, and can leverage the observations that sysadmins love defaults and servers are mostly Linux these days to figure out whether it's running a kernel before or after server side defaults were turned on.
> 
> Long-term observation of the ECN negotiation attempts of a client can be used to determine if the client is using probabilistic negotiation by default; i.e. is an Apple device of a certain vintage.
> 
> These are fractional bits of fingerprinting information, though, if that. I'm almost certain (but won't take the time to do the research now) that any of these observations would be useless. Anyone in a position to make them could also get much more information about the behavior of the TCP stacks at each end, such that the ECN bits add negligible information. cf. p0f, if that's still a thing.

this is certainly all true for TCP and ECN, where whether ECN is available and/or tried by default is tied to a certain kernel versions.

But for QUIC (= ECN with UDP), whether ECN is used or not is completely up to the app (= the QUIC stack), so you can't draw conclusions about whether a certain kernel or OS flavor is underneath (other than they less than about ten years old, i.e., have support for the IP_TOS/IP_RECVTOS socket options.)

So the fractional information leakage seems to be less than with TCP.

Lars

v2.23.0 | Report a Bug | By Email