Return-Path: X-Original-To: scone@mail2.ietf.org Delivered-To: scone@mail2.ietf.org Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B4E98E1E02F4 for ; Thu, 23 Apr 2026 10:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776966514; bh=+CwVtCHcob68fhTauwqVb0GyKLOmgfhRuHhEWLfHT3w=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=HPh3ZEzNhqBHti8T7ZUXmJJ6gdYHkt7/6rBgKoJz4gAi65MH7lBEAvhIYLBBC74sb aNWhS0/ArZMw35gpvggPiDWwsTZ5tpDesqhyiNvbVfFfyRm8NHR9wcXgElIvOl52fQ xXr6abprtyXKUnbvjL/aG/TnFY8wjTCf2/XHn8Kw= X-Virus-Scanned: amavisd-new at ietf.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LkJqnCTQ5r_E for ; Thu, 23 Apr 2026 10:48:33 -0700 (PDT) Received: from mail-dl1-x1231.google.com (mail-dl1-x1231.google.com [IPv6:2607:f8b0:4864:20::1231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3677BE1E02D9 for ; Thu, 23 Apr 2026 10:48:33 -0700 (PDT) Received: by mail-dl1-x1231.google.com with SMTP id a92af1059eb24-12713e56abdso4970496c88.1 for ; Thu, 23 Apr 2026 10:48:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776966512; cv=none; d=google.com; s=arc-20240605; b=bwbUNbcq/NSXeCo0jgODWaFQq7Rvi2soTWSww/+6rpSv7pD1Sd0yDV6AumcY8lNq5p 16KWLAQkwisZeFdhKbCeYFwR1to6bmHuX4qHA8TnnypD7v0eCaHDMEYksJ6CdW11oCqM 7WyZzK4pwy2dkPvN67KxhuwIeHXK2SD739o1+jO7DVdFkbhBjL8nTmJLvvlN0v5txk8u bCD3IqrDKrXnR+IWispZsxQ9/ebjabkZDK9KID2A0fZTGEZTzCKGkH+ui4OTjwTbbBON NLfbOeZmJ2MZcUYlyCRAcAojsHnmfOFcJJ4dBeJs2qogXdpUgkcyXnOGg+x/h8crexN4 0iPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; fh=FOBzdGYMwuXyqdACcr8Nj/fYLqM5WDpElwkNGrhzxlg=; b=BcsCRO9dVed4BIYO6dQIVth7kagN/MdFxLxGDX893q1XrCm6oZCJ+Vd6tTi13h2ywM lBG2FwKvRhICF27pOJDOC19wXwiqL6th8igjls1yWz/EkoXjl+HxsuGP68ssCHixwMxv qZHRa3ptsBf6zrUhj04nTcI+dOGczYc80YvJRaWBlP2qepXCbOQtvcnptqMToRcaTj/N DvgcoNDo6nG40NHnPV4nS4yGb3iarlecUdKgRXcWgX+LM1xvGZX7thZ9MIQFu7zDTUSi focVJCtu70rKG455cIYuI8Gkz2mqfh1+fGXZsCypUm6F0Yn4icJBm+2MgGrjNPzrFoV3 lzww==; darn=ietf.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776966512; x=1777571312; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; b=ZkhKw+P74x1EBXUlBEjpvYBJwh+dczyhtjn89RBoOhfJpXtKU4bwJeMwOS/KXmyNql wce+CosPK1xD7DY+OGj0J8KGU/8azH7YIh8K5zubCjF8yuYkyzWxS1P9toiA/FiqnvYQ 1aEk77PYjrC6JDw0EYXULYvKl8BzrikfN6DroS3EUGVPi+U5FuJK418hpEMVGSf8zjiw KFoxR0WnKcV1OMF+iWVimO8uOAIPwSjEjmE7Kuezamh6QsJxCcFjbC6y+NFplcW6h3Gi q08EcoVNDB/76YK9BHqYzgT2OY6sNdEaCs4YxQ8EVNgxoeA9442tWR78czoAHAfJsqeg uVEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776966512; x=1777571312; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=KCmigynGp0xbq13obhmbpVt0Rhq7RPymbjWZJviMZ+8=; b=BAs7q/i0ORuUvblmadslGbkJiqpWQnA4PgWEP0JBK8ZJ/yeyanOSRl2i+6LMopeS6g KoLo9/bOqpotY/GAC/4s6/2pWno1yv4z7tekODQtt2qWR6tlHRoNHBYN18NQ0w0V5a5B gi2fAzVOLUnCPbeb3DGIZ/r0LIB5qSnKtr0fa7x2fh7W0OdKC94IoSj9jaElZJLCjQ3W i52blMYcDMuJsDqHKKHLnG18OtsEFlpPGn5mK7jvIfSrEXC7JcK68OvqQORhVnZZxByf BucpFq8tkuot0C08W4hSZUSBesv4ntbgybPaAnAvdWtY7qv/xSxr9MWu62eOvszozXP+ f3uw== X-Forwarded-Encrypted: i=1; AFNElJ/TapED44HUR3Lr/bSsuhEr/GpNVoiEw3qp3J3RKAOcJOG4UIl7uYVcO9Fle0NpbSg6RVAqYA==@ietf.org X-Gm-Message-State: AOJu0Yx2KvPhgyGCAhW769WrzLnb25j8K/6q7hfcRhTAXE/ZcJ4oAn4J 8VzwlXe4Y32wWP7It/rw985b4qlsgd/R3Ipv51tJOrYxZOV8xstQDTPSqCflqJ97/NQyh4aZXUH gdQTlag8YERZH38jnPRjbYIlbQ1h+ugg= X-Gm-Gg: AeBDieswpqZhTpUZTqGN+tSgff/MJqgJEF4ioS3G+XstX9x8eNdDBBvj8rTkwAkXx7d TBBQ8u81HJ0Qg+GIG/EE1vfEn2MppUEzOAE3w11lG92szp0tERtZmesWe3W464IPEuZSG6S9ppo pA/RhBz+DXAWYgmxgGkiR/QAp0J4b3CM0JhB07q/HbOygf21bQUkawgJKIeH8QIF9F80QbgxZvM JWyxD5w8DVIVtU0jB82TBMmeSOJsT8eIscAOI62zWwIumoWcF8SQO1iuVuTSVrWltGsDOF3pLA/ e/QF3AtP+LEWB2uQe9DnTBHpOmk0VWD9X2ORqbX10vU00oUV0C4j7bhqcCZzAmNvlUIjRJDbCcE gF+t1 X-Received: by 2002:a05:7022:eacf:b0:12a:6d05:3941 with SMTP id a92af1059eb24-12c73ae94cdmr12532149c88.2.1776966511954; Thu, 23 Apr 2026 10:48:31 -0700 (PDT) MIME-Version: 1.0 References: <4853845b-f41f-4737-9420-ddbcf6643144@huitema.net> In-Reply-To: <4853845b-f41f-4737-9420-ddbcf6643144@huitema.net> From: Martin Duke Date: Thu, 23 Apr 2026 10:48:18 -0700 X-Gm-Features: AQROBzCqZgm9qugU7zHqKhSS_kgel0AEMj5GxZMdmmGMzvaO5PLV1K9yXIv__5M Message-ID: To: Christian Huitema Content-Type: multipart/alternative; boundary="000000000000b90ff40650244133" Message-ID-Hash: U4YS7BZX2LBJYSHC4OVCCOV3HYKZ33X6 X-Message-ID-Hash: U4YS7BZX2LBJYSHC4OVCCOV3HYKZ33X6 X-MailFrom: martin.h.duke@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Lucas Pardue , "Sri Gundavelli (sgundave)" , "scone@ietf.org" , Ian Swett , "pawelj@google.com" , "mjbshaw@google.com" X-Mailman-Version: 3.3.9rc6 Precedence: list Subject: =?utf-8?q?=5BScone=5D_Re=3A_New_draft=3A_scone-echo?= List-Id: Standard Communication with Network Elements WG Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000b90ff40650244133 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Christian, replies inline. On Tue, Apr 21, 2026 at 11:28=E2=80=AFPM Christian Huitema wrote: > > On 4/21/2026 6:59 PM, Martin Duke wrote: > > Hi Lucas, > > > > Replies inline. > > > > On Tue, Apr 21, 2026 at 2:00=E2=80=AFPM Lucas Pardue > > wrote: > > > > I'm trying to get my head around the privacy considerations on > > this. The wording seems to suggest that a client QUIC > > implementation would, for an easy time, enable the echoing if a > > server advertised it. That seems to lower the barrier > > significantly to server "scanners" building up a detailed view of > > network topology with the need to expend much effort. > > > > > > This is worth thinking about, though I don't believe the > > scone-protocol draft discusses network scanning at all. In fact Sec > > 10.1 says "QUIC implementations are therefore encouraged to make the > > feature available unconditionally. Endpoints might send SCONE packets > > whenever a peer can accept them.", which this draft would amplify. > > That another 6 bits for fingerprinting the client. So you need to say > something about how to mitigate that in the privacy considerations. > > Then there are the issues of client behind a NAT. It is a way to > distinguish end points. Or servers behind an ECH front end, because of > course clients, too, can send SCONE packets. > > I smell a spin bit. > I don't understand your point here. The SCONE_ECHO frame itself is encrypted. To observers, the only thing that changes here is that SCONE packets will be somewhat more likely than with vanilla SCONE. The server can fingerprint the client more easily, I suppose, in the way that any transport parameter does. Is that worth saying? Or is there some other delta from regular SCONE that I'm missing here? > > > Separately, its not 100% clear to me how many SCONE_ECHO frames > > are expected to be sent. Is it one per packet? If so, this risks > > being an attack vector where the remote endpoint spams small > > packets and > > refuses to acknowledge SCONE_ECHO frames, which could cause a > > backlog of retransmissions. Similar to some of the issues Martin > > Seemann disclosed a couple if years ago. > > > > > > Can you point me to that disclosure? I'm having trouble seeing > > immediately how this is worse than not acknowledging data from an HTTP > > request, etc, though I'm sure there's something I'm missing. I'm happy > > to file an issue about it and add the appropriate mitigations. > > > > But yes, once per packet. > > And that's a problematic pattern -- each packet creates state on the > client endpoint until it is acknowledged. Repeat often enough and you > get a queue of packets all different that must all be kept. But there is > an easy fix: specify that if packets are received out of order (per the > packet number bit), only the last one matter; that endpoints to not need > to repeat the frame if a frame with a higher number was acknowledged; > and that endpoints to not have to signal each advice that they receive. > Maybe say something about 57 seconds. > > -- Christian Huitema > Understood. Others have pointed this out and I will fix it in the next draft. --000000000000b90ff40650244133 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Christian, replies inline.



On Tue, Apr 21, 2026 at 11:28=E2=80= =AFPM Christian Huitema <huitema@= huitema.net> wrote:

On 4/21/2026 6:59 PM, Martin Duke wrote:
> Hi Lucas,
>
> Replies inline.
>
> On Tue, Apr 21, 2026 at 2:00=E2=80=AFPM Lucas Pardue <lucas@lucaspardue.com>=
> wrote:
>
>=C2=A0 =C2=A0 =C2=A0I'm trying to get my head around the privacy co= nsiderations on
>=C2=A0 =C2=A0 =C2=A0this. The wording seems to suggest that a client QU= IC
>=C2=A0 =C2=A0 =C2=A0implementation would, for an easy time, enable the = echoing if a
>=C2=A0 =C2=A0 =C2=A0server advertised it. That seems to lower the barri= er
>=C2=A0 =C2=A0 =C2=A0significantly to server "scanners" buildi= ng up a detailed view of
>=C2=A0 =C2=A0 =C2=A0network topology with the need to expend much effor= t.
>
>
> This is worth thinking about, though I don't believe=C2=A0the
> scone-protocol draft discusses network scanning at all. In fact Sec > 10.1 says "QUIC implementations are therefore encouraged to make = the
> feature available unconditionally. Endpoints might send SCONE packets =
> whenever a peer can accept them.", which this draft would amplify= .

That another 6 bits for fingerprinting the client. So you need to say
something about how to mitigate that in the privacy considerations.

Then there are the issues of client behind a NAT. It is a way to
distinguish end points.=C2=A0 Or=C2=A0servers behind an ECH front end, beca= use of
course clients, too, can send SCONE packets.

I smell a spin bit.

I don't underst= and your point here. The SCONE_ECHO frame itself is encrypted.
To= observers, the only thing that changes here is that SCONE packets will be = somewhat
more likely than with vanilla SCONE.

The server can fingerprint the client more easily, I suppose, in the = way that any
transport parameter does. Is that worth saying?
<= br>
Or is there some other delta from regular SCONE that I'm = missing here?
=C2=A0

>=C2=A0 =C2=A0 =C2=A0Separately, its not 100% clear to me how many SCONE= _ECHO frames
>=C2=A0 =C2=A0 =C2=A0are expected to be sent. Is it one per packet? If s= o, this risks
>=C2=A0 =C2=A0 =C2=A0being an attack vector where the remote endpoint sp= ams small
>=C2=A0 =C2=A0 =C2=A0packets and
>=C2=A0 =C2=A0 =C2=A0refuses to acknowledge SCONE_ECHO frames, which cou= ld cause a
>=C2=A0 =C2=A0 =C2=A0backlog of retransmissions. Similar to some of the = issues Martin
>=C2=A0 =C2=A0 =C2=A0Seemann disclosed a couple if years ago.
>
>
> Can you point me to that disclosure? I'm having trouble seeing > immediately how this is worse than not acknowledging data from an HTTP=
> request, etc, though I'm sure there's something I'm missin= g. I'm happy
> to file an issue about it and add the appropriate mitigations.
>
> But yes, once per packet.

And that's a problematic pattern -- each packet creates state on the client endpoint until it is acknowledged. Repeat often enough and you
get a queue of packets all different that must all be kept. But there is an easy fix: specify that if packets are received out of order (per the packet number bit), only the last one matter; that endpoints to not need to repeat the frame if a frame with a higher number was acknowledged;
and that endpoints to not have to signal each advice that they receive. Maybe say something about 57 seconds.

-- Christian Huitema

Understood. Others= have pointed this out and I will fix it in the next draft.=C2=A0
--000000000000b90ff40650244133--