Re: Is "Version Greasing" a new benfit or a new obstacle?
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Sat, 20 April 2019 02:00 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 809EC1201B4 for <quic@ietfa.amsl.com>; Fri, 19 Apr 2019 19:00:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hDdEEsfifdO3 for <quic@ietfa.amsl.com>; Fri, 19 Apr 2019 19:00:21 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 150FC1200B4 for <quic@ietf.org>; Fri, 19 Apr 2019 19:00:20 -0700 (PDT)
Received: from Gs-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 1CDC11B00243; Sat, 20 Apr 2019 03:00:08 +0100 (BST)
Message-ID: <5CBA7D27.3050000@erg.abdn.ac.uk>
Date: Sat, 20 Apr 2019 03:00:07 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Martin Duke <martin.h.duke@gmail.com>
CC: "Salz, Rich" <rsalz@akamai.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Roberto Peon <fenix@fb.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, "quic@ietf.org" <quic@ietf.org>, "Border, John" <john.border@hughes.com>
Subject: Re: Is "Version Greasing" a new benfit or a new obstacle?
References: <5CADADDD.7010005@erg.abdn.ac.uk> <EBF1BF30-62A5-4659-8AEC-0D5B3F2D65C6@fb.com> <BL0PR11MB3394294313F8F54A3D0CF4A3902E0@BL0PR11MB3394.namprd11.prod.outlook.com> <CAN1APdcm0hnT_Mu7D7x5QM6pApOQw1RdWCBkgY16bd5YWNtFkA@mail.gmail.com> <9084B09D-5E13-49FA-BA93-0D7276CDE420@erg.abdn.ac.uk> <CAN1APdeSF0-_N=mb1xkoe_qLwoVqP+X9_Wawi=Zu__6wdHtbOQ@mail.gmail.com> <699E2135-A3CE-4D33-91F6-D3C96E66674F@ericsson.com> <CAN1APde2SO6fkNzyznbv2-xNuXkkuC=bN3p8xRgwmRAmsZxrgA@mail.gmail.com> <EC83F879-6A46-405E-B0A1-777B7A5AF55B@trammell.ch> <CAN1APdcCAK9aaGVA2aRUaOytmpzof3LB_XVVsasKmJaK5=d2hQ@mail.gmail.com> <C09D5A73-E83A-4096-864D-456A684EE1E2@trammell.ch> <CAM4esxTt5vWnp-oAca-9AcykBoJQ5UqYiXatFobKm-nmAZ0Mdw@mail.gmail.com> <2B820FED-517F-401F-B7A4-88733892DA52@akamai.com> <CAM4esxQMQxPSeWGf-Uh1UHSmbC7x7DrA=+x7ThXQVev4419b_g@mail.gmail.com>
In-Reply-To: <CAM4esxQMQxPSeWGf-Uh1UHSmbC7x7DrA=+x7ThXQVev4419b_g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/xHpmy20vWYa3Vn0Yk4Uv2LmblNo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2019 02:00:23 -0000
So... to check I understand that argument, it seems that some people expecs to see deployment of middleboxes that intercept QUIC - is that right? - if the middlebox doesn't exist, because it can't usefully add value, the version number does not need to be encrypted. - but if there are incentives to deploy middleboxes to do something (what?) then I could seee there could be a concern that these boxes could be implemented in a way that the implementers make them dependent on the version of QUIC. Gorry The first step is the part I don't understand, with TLS/TCP I understand the use-case existed. On 19/04/2019, 23:48, Martin Duke wrote: > Right. This is the exact use case that version greasing is supposed to > avoid; i.e. a nontrivial amount of QUIC traffic greases, so > middleboxes that do this kind of thing impose unacceptable performance > penalties on users and don't make their way into the network. > > On Fri, Apr 19, 2019 at 12:59 PM Salz, Rich <rsalz@akamai.com > <mailto:rsalz@akamai.com>> wrote: > > *>*Can Brian (or anyone else) comment on what the threat model was > that caused middleboxes to drop TLS 1.3 when it used the actual > version field? > > “safety” > > Less flippantly, they didn’t understand the new version so they > could not be sure it was okay to pass through, they didn’t know > how to do content inspection, TLS offload, etc. >
- Is "Version Greasing" a new benfit or a new obsta… G Fairhurst
- Re: Is "Version Greasing" a new benfit or a new o… Roberto Peon
- RE: Is "Version Greasing" a new benfit or a new o… Border, John
- RE: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- RE: Is "Version Greasing" a new benfit or a new o… Border, John
- Re: Is "Version Greasing" a new benfit or a new o… Gorry (erg)
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Martin Thomson
- Re: Is "Version Greasing" a new benfit or a new o… Mirja Kuehlewind
- Re: Is "Version Greasing" a new benfit or a new o… Mirja Kuehlewind
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- RE: Is "Version Greasing" a new benfit or a new o… Praveen Balasubramanian
- RE: Is "Version Greasing" a new benfit or a new o… Praveen Balasubramanian
- Re: Is "Version Greasing" a new benfit or a new o… Ian Swett
- RE: Is "Version Greasing" a new benfit or a new o… Praveen Balasubramanian
- Re: Is "Version Greasing" a new benfit or a new o… Christian Huitema
- Re: Is "Version Greasing" a new benfit or a new o… Roberto Peon
- RE: Is "Version Greasing" a new benfit or a new o… Praveen Balasubramanian
- RE: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Roberto Peon
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Dmitri Tikhonov
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… G Fairhurst
- Re: Is "Version Greasing" a new benfit or a new o… Brian Trammell (IETF)
- Re: Is "Version Greasing" a new benfit or a new o… Brian Trammell (IETF)
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Brian Trammell (IETF)
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Ted Hardie
- RE: Is "Version Greasing" a new benfit or a new o… Praveen Balasubramanian
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- Re: Is "Version Greasing" a new benfit or a new o… Mikkel Fahnøe Jørgensen
- RE: Is "Version Greasing" a new benfit or a new o… Deval, Manasi
- Re: Is "Version Greasing" a new benfit or a new o… Martin Duke
- Re: Is "Version Greasing" a new benfit or a new o… Salz, Rich
- Re: Is "Version Greasing" a new benfit or a new o… Martin Duke
- Re: Is "Version Greasing" a new benfit or a new o… Gorry Fairhurst
- Re: Is "Version Greasing" a new benfit or a new o… Watson Ladd