IETF Logo Mail Archive

[Scone] Re: New draft: scone-echo

Martin Duke <martin.h.duke@gmail.com> Thu, 23 April 2026 17:48 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: scone@mail2.ietf.org
Delivered-To: scone@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B4E98E1E02F4 for <scone@mail2.ietf.org>; Thu, 23 Apr 2026 10:48:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776966514; bh=+CwVtCHcob68fhTauwqVb0GyKLOmgfhRuHhEWLfHT3w=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=HPh3ZEzNhqBHti8T7ZUXmJJ6gdYHkt7/6rBgKoJz4gAi65MH7lBEAvhIYLBBC74sb aNWhS0/ArZMw35gpvggPiDWwsTZ5tpDesqhyiNvbVfFfyRm8NHR9wcXgElIvOl52fQ xXr6abprtyXKUnbvjL/aG/TnFY8wjTCf2/XHn8Kw=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LkJqnCTQ5r_E for <scone@mail2.ietf.org>; Thu, 23 Apr 2026 10:48:33 -0700 (PDT)
Received: from mail-dl1-x1231.google.com (mail-dl1-x1231.google.com [IPv6:2607:f8b0:4864:20::1231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3677BE1E02D9 for <scone@ietf.org>; Thu, 23 Apr 2026 10:48:33 -0700 (PDT)
Received: by mail-dl1-x1231.google.com with SMTP id a92af1059eb24-12713e56abdso4970496c88.1 for <scone@ietf.org>; Thu, 23 Apr 2026 10:48:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776966512; cv=none; d=google.com; s=arc-20240605; b=bwbUNbcq/NSXeCo0jgODWaFQq7Rvi2soTWSww/+6rpSv7pD1Sd0yDV6AumcY8lNq5p 16KWLAQkwisZeFdhKbCeYFwR1to6bmHuX4qHA8TnnypD7v0eCaHDMEYksJ6CdW11oCqM 7WyZzK4pwy2dkPvN67KxhuwIeHXK2SD739o1+jO7DVdFkbhBjL8nTmJLvvlN0v5txk8u bCD3IqrDKrXnR+IWispZsxQ9/ebjabkZDK9KID2A0fZTGEZTzCKGkH+ui4OTjwTbbBON NLfbOeZmJ2MZcUYlyCRAcAojsHnmfOFcJJ4dBeJs2qogXdpUgkcyXnOGg+x/h8crexN4 0iPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; fh=FOBzdGYMwuXyqdACcr8Nj/fYLqM5WDpElwkNGrhzxlg=; b=BcsCRO9dVed4BIYO6dQIVth7kagN/MdFxLxGDX893q1XrCm6oZCJ+Vd6tTi13h2ywM lBG2FwKvRhICF27pOJDOC19wXwiqL6th8igjls1yWz/EkoXjl+HxsuGP68ssCHixwMxv qZHRa3ptsBf6zrUhj04nTcI+dOGczYc80YvJRaWBlP2qepXCbOQtvcnptqMToRcaTj/N DvgcoNDo6nG40NHnPV4nS4yGb3iarlecUdKgRXcWgX+LM1xvGZX7thZ9MIQFu7zDTUSi focVJCtu70rKG455cIYuI8Gkz2mqfh1+fGXZsCypUm6F0Yn4icJBm+2MgGrjNPzrFoV3 lzww==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776966512; x=1777571312; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; b=ZkhKw+P74x1EBXUlBEjpvYBJwh+dczyhtjn89RBoOhfJpXtKU4bwJeMwOS/KXmyNql wce+CosPK1xD7DY+OGj0J8KGU/8azH7YIh8K5zubCjF8yuYkyzWxS1P9toiA/FiqnvYQ 1aEk77PYjrC6JDw0EYXULYvKl8BzrikfN6DroS3EUGVPi+U5FuJK418hpEMVGSf8zjiw KFoxR0WnKcV1OMF+iWVimO8uOAIPwSjEjmE7Kuezamh6QsJxCcFjbC6y+NFplcW6h3Gi q08EcoVNDB/76YK9BHqYzgT2OY6sNdEaCs4YxQ8EVNgxoeA9442tWR78czoAHAfJsqeg uVEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776966512; x=1777571312; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; b=BAs7q/i0ORuUvblmadslGbkJiqpWQnA4PgWEP0JBK8ZJ/yeyanOSRl2i+6LMopeS6g KoLo9/bOqpotY/GAC/4s6/2pWno1yv4z7tekODQtt2qWR6tlHRoNHBYN18NQ0w0V5a5B gi2fAzVOLUnCPbeb3DGIZ/r0LIB5qSnKtr0fa7x2fh7W0OdKC94IoSj9jaElZJLCjQ3W i52blMYcDMuJsDqHKKHLnG18OtsEFlpPGn5mK7jvIfSrEXC7JcK68OvqQORhVnZZxByf BucpFq8tkuot0C08W4hSZUSBesv4ntbgybPaAnAvdWtY7qv/xSxr9MWu62eOvszozXP+ f3uw==
X-Forwarded-Encrypted: i=1; AFNElJ/TapED44HUR3Lr/bSsuhEr/GpNVoiEw3qp3J3RKAOcJOG4UIl7uYVcO9Fle0NpbSg6RVAqYA==@ietf.org
X-Gm-Message-State: AOJu0Yx2KvPhgyGCAhW769WrzLnb25j8K/6q7hfcRhTAXE/ZcJ4oAn4J 8VzwlXe4Y32wWP7It/rw985b4qlsgd/R3Ipv51tJOrYxZOV8xstQDTPSqCflqJ97/NQyh4aZXUH gdQTlag8YERZH38jnPRjbYIlbQ1h+ugg=
X-Gm-Gg: AeBDieswpqZhTpUZTqGN+tSgff/MJqgJEF4ioS3G+XstX9x8eNdDBBvj8rTkwAkXx7d TBBQ8u81HJ0Qg+GIG/EE1vfEn2MppUEzOAE3w11lG92szp0tERtZmesWe3W464IPEuZSG6S9ppo pA/RhBz+DXAWYgmxgGkiR/QAp0J4b3CM0JhB07q/HbOygf21bQUkawgJKIeH8QIF9F80QbgxZvM JWyxD5w8DVIVtU0jB82TBMmeSOJsT8eIscAOI62zWwIumoWcF8SQO1iuVuTSVrWltGsDOF3pLA/ e/QF3AtP+LEWB2uQe9DnTBHpOmk0VWD9X2ORqbX10vU00oUV0C4j7bhqcCZzAmNvlUIjRJDbCcE gF+t1
X-Received: by 2002:a05:7022:eacf:b0:12a:6d05:3941 with SMTP id a92af1059eb24-12c73ae94cdmr12532149c88.2.1776966511954; Thu, 23 Apr 2026 10:48:31 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxS0Lw+qSDhLydL69_v_tBKvgKbZ2u=CjrjBc9szxgSu3g@mail.gmail.com> <A53493F2-1925-4E2B-9F29-DD7CFBEE2EE9@cisco.com> <cc2383bd-df72-4738-ae72-e1f9465891c8@app.fastmail.com> <CAM4esxTU=cuxXM0fYVfaw25+MRdvEOoqJgeb+NfjQOyjraZi6Q@mail.gmail.com> <4853845b-f41f-4737-9420-ddbcf6643144@huitema.net>
In-Reply-To: <4853845b-f41f-4737-9420-ddbcf6643144@huitema.net>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 23 Apr 2026 10:48:18 -0700
X-Gm-Features: AQROBzCqZgm9qugU7zHqKhSS_kgel0AEMj5GxZMdmmGMzvaO5PLV1K9yXIv__5M
Message-ID: <CAM4esxQp9MN0NCdKC2hVFPVtHdddM4U_UKbDU7whijLOjjxnYw@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary="000000000000b90ff40650244133"
Message-ID-Hash: U4YS7BZX2LBJYSHC4OVCCOV3HYKZ33X6
X-Message-ID-Hash: U4YS7BZX2LBJYSHC4OVCCOV3HYKZ33X6
X-MailFrom: martin.h.duke@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Lucas Pardue <lucas@lucaspardue.com>, "Sri Gundavelli (sgundave)" <sgundave=40cisco.com@dmarc.ietf.org>, "scone@ietf.org" <scone@ietf.org>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>, "pawelj@google.com" <pawelj@google.com>, "mjbshaw@google.com" <mjbshaw@google.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Scone] Re: New draft: scone-echo
List-Id: Standard Communication with Network Elements WG <scone.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scone/DeLpqb__VzKhcNkusmL8V9DPCyA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scone>
List-Help: <mailto:scone-request@ietf.org?subject=help>
List-Owner: <mailto:scone-owner@ietf.org>
List-Post: <mailto:scone@ietf.org>
List-Subscribe: <mailto:scone-join@ietf.org>
List-Unsubscribe: <mailto:scone-leave@ietf.org>

Hi Christian, replies inline.



On Tue, Apr 21, 2026 at 11:28 PM Christian Huitema <huitema@huitema.net>
wrote:

>
> On 4/21/2026 6:59 PM, Martin Duke wrote:
> > Hi Lucas,
> >
> > Replies inline.
> >
> > On Tue, Apr 21, 2026 at 2:00 PM Lucas Pardue <lucas@lucaspardue.com>
> > wrote:
> >
> >     I'm trying to get my head around the privacy considerations on
> >     this. The wording seems to suggest that a client QUIC
> >     implementation would, for an easy time, enable the echoing if a
> >     server advertised it. That seems to lower the barrier
> >     significantly to server "scanners" building up a detailed view of
> >     network topology with the need to expend much effort.
> >
> >
> > This is worth thinking about, though I don't believe the
> > scone-protocol draft discusses network scanning at all. In fact Sec
> > 10.1 says "QUIC implementations are therefore encouraged to make the
> > feature available unconditionally. Endpoints might send SCONE packets
> > whenever a peer can accept them.", which this draft would amplify.
>
> That another 6 bits for fingerprinting the client. So you need to say
> something about how to mitigate that in the privacy considerations.
>
> Then there are the issues of client behind a NAT. It is a way to
> distinguish end points.  Or servers behind an ECH front end, because of
> course clients, too, can send SCONE packets.
>
> I smell a spin bit.
>

I don't understand your point here. The SCONE_ECHO frame itself is
encrypted.
To observers, the only thing that changes here is that SCONE packets will
be somewhat
more likely than with vanilla SCONE.

The server can fingerprint the client more easily, I suppose, in the way
that any
transport parameter does. Is that worth saying?

Or is there some other delta from regular SCONE that I'm missing here?


>
> >     Separately, its not 100% clear to me how many SCONE_ECHO frames
> >     are expected to be sent. Is it one per packet? If so, this risks
> >     being an attack vector where the remote endpoint spams small
> >     packets and
> >     refuses to acknowledge SCONE_ECHO frames, which could cause a
> >     backlog of retransmissions. Similar to some of the issues Martin
> >     Seemann disclosed a couple if years ago.
> >
> >
> > Can you point me to that disclosure? I'm having trouble seeing
> > immediately how this is worse than not acknowledging data from an HTTP
> > request, etc, though I'm sure there's something I'm missing. I'm happy
> > to file an issue about it and add the appropriate mitigations.
> >
> > But yes, once per packet.
>
> And that's a problematic pattern -- each packet creates state on the
> client endpoint until it is acknowledged. Repeat often enough and you
> get a queue of packets all different that must all be kept. But there is
> an easy fix: specify that if packets are received out of order (per the
> packet number bit), only the last one matter; that endpoints to not need
> to repeat the frame if a frame with a higher number was acknowledged;
> and that endpoints to not have to signal each advice that they receive.
> Maybe say something about 57 seconds.
>
> -- Christian Huitema
>

Understood. Others have pointed this out and I will fix it in the next
draft.

v2.45.0 | Report a Bug | By Email | System Status