IETF Logo Mail Archive

Re: Getting to consensus on packet number encryption

Roberto Peon <fenix@fb.com> Mon, 16 April 2018 19:57 UTC

Return-Path: <prvs=7644963e2e=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3717512D883 for <quic@ietfa.amsl.com>; Mon, 16 Apr 2018 12:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=oJgQPKlX; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=OEuXVD46
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1h36lyqFdDl for <quic@ietfa.amsl.com>; Mon, 16 Apr 2018 12:57:10 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F8A1241F3 for <quic@ietf.org>; Mon, 16 Apr 2018 12:57:07 -0700 (PDT)
Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3GJsmJi008826; Mon, 16 Apr 2018 12:56:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=D7v90Ezkh/xKBWJ5VWNzxHKpIIEPqa6tkkq92b1vt18=; b=oJgQPKlXyL9YplR3oqCLlkOv+2CgxfjsPginTF7BSHAMIzqDmIVMrIb/n+Xl6hTUbUon w6BHHVPD2MtqZVhIQu9SwhgT6pYotRIqawYCLJRWnhYr2rkvZ2yng76SwNg8+1pdVI6q Er88c983AWcCYRQtu/emzwZ5sfDS831PgQ0=
Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2hd1vhg2vx-20 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 16 Apr 2018 12:56:39 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 16 Apr 2018 15:56:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=D7v90Ezkh/xKBWJ5VWNzxHKpIIEPqa6tkkq92b1vt18=; b=OEuXVD46DP3geD1SJXuAvdHWK+jBtInaKejfI8sDw+gk9O/6VJTzIXEh3CoUSeq0vPSyrlawCCX1wdLpQ/q+egDqgvbackhKkMU9AZyb2r4078LyA/YjR4gjTV2rFf5UulU9tEO0ETz6oxROFxpvI53hIJsPZJbhm3m3tjuC1eU=
Received: from BY2PR15MB0775.namprd15.prod.outlook.com (10.164.171.11) by BY2PR15MB0359.namprd15.prod.outlook.com (10.163.109.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.675.10; Mon, 16 Apr 2018 19:56:19 +0000
Received: from BY2PR15MB0775.namprd15.prod.outlook.com ([fe80::6c4c:bbf3:ec3b:d45e]) by BY2PR15MB0775.namprd15.prod.outlook.com ([fe80::6c4c:bbf3:ec3b:d45e%14]) with mapi id 15.20.0675.015; Mon, 16 Apr 2018 19:56:19 +0000
From: Roberto Peon <fenix@fb.com>
To: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
CC: "quic@ietf.org" <quic@ietf.org>, Christian Huitema <huitema@huitema.net>
Subject: Re: Getting to consensus on packet number encryption
Thread-Topic: Getting to consensus on packet number encryption
Thread-Index: AQHTy9GjyGQaKf4GI0anNhXTngANsKPwZ0sAgAC4ugCAAARcAIAAG5CAgAAFCACAAACJgIAAEVkAgACR+ICAAVFHAIALXUEAgAVKTpU=
Date: Mon, 16 Apr 2018 19:56:19 +0000
Message-ID: <BY2PR15MB0775B4ACF7DB9124E89016F0CDB00@BY2PR15MB0775.namprd15.prod.outlook.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <047d2ff0-ff8b-64c9-8983-0ecabeb9fea5@huitema.net> <B0F49097-F77A-4831-B68B-4266AA880A86@tik.ee.ethz.ch> <74E2F5C2-66AD-4902-8A4A-E481CC0A015C@fb.com>, <75050158-3812-44F1-A01E-D70EED7FDFD6@tik.ee.ethz.ch>
In-Reply-To: <75050158-3812-44F1-A01E-D70EED7FDFD6@tik.ee.ethz.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:10d:c090:200::4:b3ef]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR15MB0359; 7:xJrcMIgtSE2h9i8RwI7TqProOGTPDS5CUx+fbw+ja3z8e5npyrUgCZiJmsqqdvYAWjfB8sk59j7bkYDfdd3v9nANs16limAESQvSpI0Intpy9PFkbn0xVfDJLhh8XvlDJh6XNItP2uUpBj6npJla+oAqOGL4zdyfR4R4OK6izizC8c+L64hTG5ydhxOq2jX+a4WIoBFWwwDCHr1rsaUEmKUB54T33FHeYC3rvkGP4uA+SvH7gWTD9xiRxFI1oqSx; 20:q2C7YbilmuDMQL0Y18NLQacqcqbW84JyBKivs9owVGdIxS+JXWtZXFn50c6T9K1MEUFlGnPofjFPOGVBwlwnsAYuJUiE/1Tt1klnKUWA6oZlo3YiD7lrt4lO4lqGS2FCk/bQCU5kmLflmrRlDiwZ4LDsfyNIYkdeqK3Y3LFDpnw=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR15MB0359;
x-ms-traffictypediagnostic: BY2PR15MB0359:
x-microsoft-antispam-prvs: <BY2PR15MB0359DA837B5E1859AF30192CCDB00@BY2PR15MB0359.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(67672495146484)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231232)(11241501184)(944501327)(52105095)(93006095)(93001095)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BY2PR15MB0359; BCL:0; PCL:0; RULEID:; SRVR:BY2PR15MB0359;
x-forefront-prvs: 0644578634
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(39380400002)(396003)(54014002)(199004)(189003)(14454004)(19627405001)(6116002)(446003)(476003)(68736007)(46003)(11346002)(81166006)(81156014)(8676002)(486006)(186003)(53936002)(102836004)(53546011)(5250100002)(99286004)(59450400001)(6506007)(7696005)(74316002)(9686003)(54896002)(316002)(7736002)(93886005)(54906003)(5660300001)(106356001)(6606003)(105586002)(86362001)(6916009)(2900100001)(229853002)(97736004)(6246003)(33656002)(76176011)(4326008)(25786009)(3280700002)(2906002)(55016002)(6436002)(8936002)(478600001)(3660700001)(427584002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR15MB0359; H:BY2PR15MB0775.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: QJO4Arp6xcQs09f6mtnM62WD0+/+MeDOBLbgRBsFMrDMoP8UT9SGZflGyRrdEm5L0+0MUBBRslIU1ORolS7lpVomfyUCQVQ82w9JFr0Ua2fiwrIWUp3ICkwGi6n+QrTb79MqBknbckT96nZMC3lyR2lVkXr4CLA8+6WeM106JBHRcNvpcK8kAOUdpbDN3WrF
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR15MB0775B4ACF7DB9124E89016F0CDB00BY2PR15MB0775namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 8d5d9f0e-4a95-47ac-cc8a-08d5a3d41f5e
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d5d9f0e-4a95-47ac-cc8a-08d5a3d41f5e
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2018 19:56:19.6556 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR15MB0359
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-16_10:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/xIJmFGdE-OjFs0jRTwQ9NBLsebw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 19:57:14 -0000

Paraphrasing:

> PN insufficient to fix ossification, why is that difficult/expensive?

As described in the other subthread, you'd have to emulate the same ordering of the previously-ossified PN while also doing whatever newness you want with the new PN.
That sounds fabulously complex. You'd end up running two different implementations simultaneously.

> Ossification/invariant without encryption:
Encryption solves it, sounds like we agree on that 😊


-=R

________________________________
From: QUIC <quic-bounces@ietf.org> on behalf of Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Sent: Friday, April 13, 2018 4:06:40 AM
To: Roberto Peon
Cc: quic@ietf.org; Christian Huitema
Subject: Re: Getting to consensus on packet number encryption

Hi Roberto,

see below.

> Am 10.04.2018 um 03:04 schrieb Roberto Peon <fenix@fb.com>:
>
> Adding another PN would probably not be sufficient-- one would need to ensure that the ossified PN was presented with the right sequencing as well, which might be difficult, or expensive.

Yes, that is easy. Why do you think that is difficult or expensive?

> Ossification is surprisingly difficult to work around once it sets in, as even figuring out how it is impacting you can be substantial work.

That is true for a protocol like TCP very the invariant is large and non of the bits are encrypted. For QUIC we have a completely different situation.

Mirja


>
> -=R
>
> On 4/5/18, 2:27 AM, "QUIC on behalf of Mirja Kühlewind" <quic-bounces@ietf.org on behalf of mirja.kuehlewind@tik.ee.ethz.ch> wrote:
>
>    Let me repeat another position then as well:
>
>> Am 05.04.2018 um 02:44 schrieb Christian Huitema <huitema@huitema.net>:
>>
>> If we are in the business of repeating our positions, so be it. I am pretty much on the same line as Patrick and others:
>>
>> 1) Privacy is not optional. And yes, removing "linkability through PN" is important, because when the connection ID and the source address also change, the only other cue for linkability is timing. Timing can be addressed by having overlapping connections.
>>
>    Timing doesn’t help here either because you still have the same destination IP, both port numbers and the fact that a migrated connection does not have a handshake. If we want to address the linkability problem, we would need to do much more, probably baring more hits on performance.
>
>    I thought we discussed this already endlessly and concluded that PNE does not help linkability.
>
>    Then an argument for ossification was broad up. However, we really cannot compare the situation here with TCP. With TCP everything is in the clear incl. also the retransmissions. In case of MPTCP this was rather the problem the the seq# because if you’d use the same seq# number space on both connections it would like loss but without a retransmission. Further boxes that reorder, usually do that in situation where packets were transmitted for a known reason out-of order previously, e.g. when multiple paths are used in the network. The recommendation we still give in the IETF transport area is that in such a situation the scheduling should not be done on a per-packet level but per-flow. However, those scheme that do per-packet scheduling usually also apply mechanism to re-order afterwards. They can just use the TCP seq# for that but for non-TCP they would simply add their own encapsulation with a seq#…
>
>    Please keep in mind that even if an (unencrypted) PN gets ossified by the network,
>    in case of QUIC that does not mean that we can’t change the transport machinery anymore. Currently the exposed PN is also used for congestion control and retransmission, however, we can still add another PN in the encrypted part and resolved the fact that the current PN is overloaded for different functions.
>
>    Currently, I really still don’t see the benefit of PNE but only additional complexity and known performance degradation.
>
>    Mirja
>
>
>
>
>

v2.23.0 | Report a Bug | By Email