IETF Logo Mail Archive

Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))

"Brian Trammell (IETF)" <ietf@trammell.ch> Fri, 06 April 2018 12:40 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AECD126CC7 for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 05:40:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qkx__cktK1eS for <quic@ietfa.amsl.com>; Fri, 6 Apr 2018 05:40:06 -0700 (PDT)
Received: from gozo.iway.ch (gozo.iway.ch [212.25.24.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7CD81201FA for <quic@ietf.org>; Fri, 6 Apr 2018 05:40:04 -0700 (PDT)
Received: from gozo.iway.ch (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 5D080341015; Fri, 6 Apr 2018 14:40:02 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by localhost (ACF/6597.4073); Fri, 6 Apr 2018 14:40:00 +0200 (CEST)
Received: from switchplus-mail.ch (switchplus-mail.ch [212.25.8.236]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gozo.iway.ch (Postfix) with ESMTPS; Fri, 6 Apr 2018 14:40:00 +0200 (CEST)
Received: from [145.14.214.39] (account ietf@trammell.ch HELO [10.11.33.5]) by switchplus-mail.ch (CommuniGate Pro SMTP 6.1.18) with ESMTPSA id 50862650; Fri, 06 Apr 2018 14:40:00 +0200
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
Message-Id: <8AAF21B8-5008-46EE-ACE1-FA2588DE9D20@trammell.ch>
Content-Type: multipart/signed; boundary="Apple-Mail=_6791374E-CE7B-4240-AD54-D5FCEE983C1A"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: Grips in the Wire Image for In-Network State (was Re: Privacy holes (was Re: Getting to consensus on packet number encryption))
Date: Fri, 06 Apr 2018 14:39:58 +0200
In-Reply-To: <CANatvzx7GbtRo1W8mPQEt9kzcq2qYxBOJEyrhe+HYUG_xUEa2A@mail.gmail.com>
Cc: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Christian Huitema <huitema@huitema.net>, QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Frederick Kautz <fkautz@alumni.cmu.edu>
To: Kazuho Oku <kazuhooku@gmail.com>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net> <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com> <CAKcm_gNffwpraF-H2LQBF33vUhYFx0bi_UXJ3N14k4Xj4NmWUw@mail.gmail.com> <40C1F6FE-2B2C-469F-8F98-66329703ED50@mnot.net> <21C36B57-6AE2-40EF-9549-7196D7FA9B45@tik.ee.ethz.ch> <B176FC07-887D-4135-B01E-FE8B4986A5EE@mnot.net> <CAKcm_gOCeocLyrYpOS7Ud332xdz3xHSH0psPN8T6BGRjoL9ptQ@mail.gmail.com> <CY4PR21MB0630FA0EDD343396AD414641B6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <CAN1APde13JTzCvKFFvMd183Fka6QGD1kGBjsa9fcoLrYeA2hsA@mail.gmail.com> <CY4PR21MB0630C0FD4FBECBFEC3C863BBB6A40@CY4PR21MB0630.namprd21.prod.outlook.com> <759C5BE4-DE4C-4A82-929C-B03234B88A37@huitema.net> <CAJGwveB=qs+J2iBQRs3d5jdGuP9yBWoAgv0t3mwD=Wrf6Q5g8g@mail.gmail.com> <F395D018-FFCA-405F-BBD5-1313C6F6DAF9@huitema.net> <CABkgnnWAgGJaKs8teKTURiNDRA61fRhN6pxYQuD1MbkPDqasKQ@mail.gmail.com> <2F06334E-C3DF-4034-A6A4-AF383505D930@trammell.ch> <CABkgnnX1=h4qx+3YjXj=ZME5ihZbJ2rqE8zeT4j84dJj0ZfZGg@mail.gmail.com> <29F2FB1B-3A82-4E60-A4A5-70AC36CEEC54@trammell.ch> <CANatvzzoAK0SRrLOfz6HecbsE3oevWWkzJcfhceuqECF0VL=MA@mail.gmail.com> <FFEC6258-4B0F-473F-BAF6-28C655EE6DAF@trammell.ch> <CANatvzx7GbtRo1W8mPQEt9kzcq2qYxBOJEyrhe+HYUG_xUEa2A@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/zlwWcxFdKxHC_BGUHhYag9-S40E>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 12:40:09 -0000

hi Kazuho,

Thanks for your message, comments inline, omitting some history for clarity...

> On 6 Apr 2018, at 12:10, Kazuho Oku <kazuhooku@gmail.com> wrote:
> 
> Hi Brian,
> 
> My comments inline.
> 
> 2018-04-06 18:38 GMT+09:00 Brian Trammell (IETF) <ietf@trammell.ch>:
>> 
>> 
>> However, I would submit that if we think we are in a position where:
>> 
>> - there is a strong incentive for firewalls/NATs to want to see start- (and end-) of flow (which seems to me to be the threat model we're trying to mitigate with this); and
>> 
>> - we do not want arbitrary information in the QUIC wire image to be used to detect these conditions, since that might cause bits of the wire image we don't want to end up in the accidental invariants;
>> 
>> then we really should consider adding explicit advisory flow state signals, both for establishment and teardown. The theory here is that if you give in-network functions a "grip" in the wire image of the protocol they can use for state management, they won't try to grab on to the slippery bits. Together with probabilistic migration, these signals would divorce "on-path state" from "transport session state", reducing the privacy impact with respect to SYN/FIN in TCP.
> 
> I think that this is a very interesting question asking what the
> requirements of QUIC as a protocol is. Thank you for bringing the
> topic to table.
> 
> My argument against having an explicit signal for flow creation is
> that it is impossible to have such signal in a reliable way, and that
> trying to have no signal is better than having an unreliable signal.

I should say I'm not all that convinced that an advisory "flow start" signal is a good idea(*) -- I'm just saying that we seem to be trying very hard to keep a de facto advisory flow start signal from forming (which I would agree would be extremely undesirable indeed)... and we should step back and think about what properties flow start and end should have in QUIC, explicitly, as a function of requirements as opposed to philosophy.

> Let me explain why I think we cannot have a reliable signal.

<snip> All this makes very good sense and I agree with it: the signal cannot possibly be reliable in the general case.

> For flow closure, I think saving the battery by not sending a FIN
> packet after quiescence is more important than sending good signal to
> middleboxes

This is a hard problem, and it cuts both ways; if a server wants to maintain the ability to connect a client after more than the standard UDP NAT timeout (30s), it needs to send keepalives more often than once every 30s (thereby waking the client if it's on battery). Which side of this coin wastes more power is difficult to determine, since it's entirely dependent on the prevalence of each kind of activity in a given network. We can make plausible guesses both in favor of "get rid of FIN, it wastes endpoint power" or "we really need FIN to keep from wasting endpoint power".

So I'm more convinced of the value of advisory-end than advisory-start.

>> (The alternative is to make the wire image so inscrutable that on-path state tracking becomes completely futile and goes away. I'm not sure we're that good at inscrutable wire images.)
> 
> I would rather argue that the goal of the alternative approach is to
> make the intentional flow creation not easily distinguishable to the
> extent that the middlebox vendors will refer to the RFC. Then, they
> can decide either to not limit QUIC flows starting from a 1-RTT
> packet, or to drop QUIC completely. And the issue is solved.


Let me try to rephrase this in wildly different terminology: "we can't come up with a grip that we think will wotk, so we should make flow start as slippery as possible"; or rather, a middlebox that thinks it's seeing QUIC should make its drop decision based on "this is QUIC" and not anything based on the state of the connection. That definitely has desirable properties with respect to future flexibility -- the start and end signaling would end up in the invariants rather quickly whether intentional or not. And ISTM that the probabilistic migration behavior would help to achieve it.

Cheers,

Brian


(*): "Advisory flow start" is somewhat different than "path-visible proof of return routability" and "path-visible indication of consent to continue communicating". The latter, IMO, has more value as part of a design to support in-network rejection of UDP garbage. But it's a more complex signal, since it involves revealing things that are hard to fake at flow establishment time, and is of course subject to the philosophical question of whether that's a good idea.

v2.23.0 | Report a Bug | By Email