IETF Logo Mail Archive

RE: Getting to consensus on packet number encryption

Praveen Balasubramanian <pravb@microsoft.com> Thu, 05 April 2018 16:41 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 677FD12DA17 for <quic@ietfa.amsl.com>; Thu, 5 Apr 2018 09:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jnm9JJssBWF0 for <quic@ietfa.amsl.com>; Thu, 5 Apr 2018 09:41:57 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on072d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe49::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E09231271DF for <quic@ietf.org>; Thu, 5 Apr 2018 09:41:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8i2PqmldZEM1hqnZio6HOJJmpcCt/eIctOVIwLVlS3k=; b=cdXqxEL4HXLMsMNM0bn8dqSMMul3D17eB7PHbzzNWVzYjC7eVqE80udLliGISeWYIS141FvzWzfAUTHJaD8W0XOuqkhqq50vpE1jlelIixIrd0DoCWPpBFgS8DYUjrj009XmPVcshkhCfDoZBeN323p3vShWmwE+zsRu5Eww7uM=
Received: from CY4PR21MB0630.namprd21.prod.outlook.com (10.175.115.20) by CY4PR21MB0168.namprd21.prod.outlook.com (10.173.192.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.675.1; Thu, 5 Apr 2018 16:41:54 +0000
Received: from CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::de:ba33:4748:51da]) by CY4PR21MB0630.namprd21.prod.outlook.com ([fe80::de:ba33:4748:51da%6]) with mapi id 15.20.0675.003; Thu, 5 Apr 2018 16:41:54 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
CC: Lars Eggert <lars@eggert.org>, Mark Nottingham <mnot@mnot.net>, IETF QUIC WG <quic@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>
Subject: RE: Getting to consensus on packet number encryption
Thread-Topic: Getting to consensus on packet number encryption
Thread-Index: AQHTy9GYaiUVNrU6h0aiyBQtEo3l9KPwkIMAgADKCACAADzkAIAAwwog
Date: Thu, 05 Apr 2018 16:41:54 +0000
Message-ID: <CY4PR21MB0630A6AA3D38CC10DC29AB79B6BB0@CY4PR21MB0630.namprd21.prod.outlook.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <CAOdDvNo9QS=CX5YUWK8Lxs_SYX4nEM7OWv2+zB=VGhOX6J-BEw@mail.gmail.com> <CANatvzyo6xz7Kwh=EJ4GExBM35Dpw_=pLsAYiFA==vVBJwhCXw@mail.gmail.com> <CABkgnnV8ya_YdhU1VE+BuiMvuuZOO1-j-2=YHAGbmdE3OMk7Gg@mail.gmail.com>
In-Reply-To: <CABkgnnV8ya_YdhU1VE+BuiMvuuZOO1-j-2=YHAGbmdE3OMk7Gg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:a::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0168; 7:EUklKonhmZPfOcbhm5BOvBisFQljhlbHLz5SZ9hOGaWaaYA9DyOaIOYHxiXCfq1wj0leE4Ueu5HtMkspjtfz+ZLm70atEDDie2ZWK5YSw3f+yhXeQC8Q7GJXYaoQpU6GieS8JXPob59xQov4gtTLAmpKNCn3aZNrxgEnP6DswyEC5TqhKPJc9ANO+fh0IQCTx7SldqM4WZa/dR0UVldxPJIsxf+JS67T27EFyiL0OQotet5FZNXV7vUG8OdVbW1y; 20:lOlJ82TEoQ3LG6+iMPaytezC5FJCWioBILD5O7WJX1/t4FPCQUHCjpYYEjAd3N2YeX9e/oQ7ikIMrXW4QkW8b9EMPhNCrgmJ2YI71SnXlmdO6jJM5rf3lJQUGgzBqgpD8hIMLljAzxPRbHdi7MSl1jsVTkQxfj1Wx29jnWM8lJA=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: cc01c7d6-4e20-4954-0644-08d59b142401
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:CY4PR21MB0168;
x-ms-traffictypediagnostic: CY4PR21MB0168:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB0168FD8EDDF04655FA109F08B6BB0@CY4PR21MB0168.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(10201501046)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR21MB0168; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0168;
x-forefront-prvs: 06339BAE63
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(376002)(346002)(396003)(366004)(51444003)(13464003)(189003)(199004)(7736002)(25786009)(6436002)(74316002)(59450400001)(6246003)(305945005)(9686003)(478600001)(99286004)(486006)(55016002)(102836004)(68736007)(2900100001)(93886005)(5660300001)(316002)(110136005)(54906003)(229853002)(106356001)(22452003)(53936002)(53546011)(6506007)(76176011)(8990500004)(86362001)(105586002)(97736004)(39060400002)(7696005)(46003)(8936002)(81166006)(8676002)(476003)(14454004)(186003)(86612001)(446003)(2906002)(3660700001)(5250100002)(10290500003)(4326008)(81156014)(10090500001)(6116002)(11346002)(3280700002)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0168; H:CY4PR21MB0630.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 9kaRZ2OBM/gt4408swmInTI0ySQYtTVpwXNggY886M76vkcxV2Ij5/Ymr3srlUFbpzl+7dAjf1NFwQOAsnjiK7MceAQ7iWArDnH36rXtgAEEimvNd0Y19I+NPyuRbMRuGh0Neh30t8UWzQU9S2/xYFKK3c7ebZDDB1sMcogubROZSVsWwzkj5x4WE7FaahucFtM/q0Srd3yMFuYS3hdpJVAbJi9y5giNMSLLKOvdBMAMZH53KnthrfOlX7u+yzjXwFt5zPWQGV1+4qIToAc24Nizs5htcNTfV5jy+XGNvmet7ENq9wMkFptIeNYUDwMw0LWv55WrVCVRW11GYisd6W8un2mvO+q2f6J3yv2bmSfmtSO8YTap5vIjBig1LTeQKhXIp+3XXOKH4nRmdsG5CYhGOUpHYIripESykteGIgA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc01c7d6-4e20-4954-0644-08d59b142401
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2018 16:41:54.7430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0168
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/x4JoupQkynFn-vKtwkA0k2jj4RI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 16:41:59 -0000

Love this idea. Expanding it a bit further I don’t think we need to make PN transform a transport parameter but rather connection migration itself. We could also simply use QUIC versioning for this. 

1. Ship QUIC v1 with no support for connection migration. Servers behind load balancers that are not QUIC aware will only advertise this version. I expect this to be a large fraction of servers especially those hosted in AWS, Azure, GCP. *This is important - I want the group to acknowledge that servers needs to be able to advertise support for connection migration*.
2. Ship QUIC v2 with support for connection migration. If a client and server use this version they MUST do PNE as per #1079. If we find a more efficient scheme before November then we use that instead. 

Eventually we will ship QUIV vN which has support for multi-path and we can revisit if PNE is needed or multiple PN spaces will work. Until then I can live with higher CPU cost for the fraction of connections that will migrate. 

Now there is the ossification problem in QUIC v1 as referred to above. We already require a random starting PN. The next problem is one that Kazuho brought up where middleboxes will start seeing strict increasing PN and try to reorder. I was thinking about short random jumps to fix this problem but the monotonic increase will remain. While I think sane middleboxes will not do any reordering, there might be a few crazy outliers like with TCP. I think we can solve this by making the in clear PN jump both forward and back within a "reordering degree". I am thinking about some ideas here and will reply back if I find a simple scheme.

>> FWIW, what I got from the info that Praveen and Ian have shared is that there are enough problems to solve with UDP that worrying about the performance hit from encryption is premature
Martin, we have plans to make UDP screaming fast in software. But the real advantage for TCP comes from the batch offloads (see email with subject " Impact of hardware offloads on network stack performance"). Batch offloads for QUIC are impossible to do without crypto offload. I would be happy to explain more on this front. I think we will exhaust software optimizations soon and then get blocked on crypto offload.


-----Original Message-----
From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Martin Thomson
Sent: Wednesday, April 4, 2018 9:36 PM
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Lars Eggert <lars@eggert.org>; Mark Nottingham <mnot@mnot.net>; IETF QUIC WG <quic@ietf.org>; Patrick McManus <pmcmanus@mozilla.com>
Subject: Re: Getting to consensus on packet number encryption

On Thu, Apr 5, 2018 at 10:57 AM, Kazuho Oku <kazuhooku@gmail.com> wrote:
> It is true that #1079 has issues with hardware crypto offload. I am 
> happy to support switching to a better encryption scheme (if we find
> one) at any moment; e.g., during the standardization of QUICv1, or as 
> an extension to v1, or part of vX.

Until this came up, I hadn't considered the use of an extension/transport parameter to negotiate a new scheme, but it's obvious.  This fits best with my view of things.

If that means that we get the DC-QUIC option that turns the packet number encryption function into identity or some cheaper function, then I think that's an OK outcome.  We should stop pretending that one size fits all is achievable; it's not been the case for years already.

FWIW, what I got from the info that Praveen and Ian have shared is that there are enough problems to solve with UDP that worrying about the performance hit from encryption is premature.

v2.23.0 | Report a Bug | By Email