IETF Logo Mail Archive

Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt

"Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com> Sun, 22 May 2016 17:31 UTC

Return-Path: <michael.scharf@nokia.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4381A12D12F for <spud@ietfa.amsl.com>; Sun, 22 May 2016 10:31:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.92
X-Spam-Level:
X-Spam-Status: No, score=-6.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tposWmTaY9Wk for <spud@ietfa.amsl.com>; Sun, 22 May 2016 10:31:08 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F2FC12D0AB for <spud@ietf.org>; Sun, 22 May 2016 10:31:08 -0700 (PDT)
Received: from fr712umx4.dmz.alcatel-lucent.com (unknown [135.245.210.45]) by Websense Email Security Gateway with ESMTPS id 2E0E8C4E13FB0; Sun, 22 May 2016 17:31:03 +0000 (GMT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (fr712usmtp2.zeu.alcatel-lucent.com [135.239.2.42]) by fr712umx4.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u4MHV4kt010596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 22 May 2016 17:31:04 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id u4MHTvfh028979 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 22 May 2016 19:31:03 +0200
Received: from FR712WXCHMBA15.zeu.alcatel-lucent.com ([169.254.7.44]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Sun, 22 May 2016 19:30:08 +0200
From: "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com>
To: Jana Iyengar <jri@google.com>, Tom Herbert <tom@herbertland.com>
Thread-Topic: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt
Thread-Index: AQHRsfsP/nejVyQy8k+Tx9VhJVm8r5/Ae7eAgAALB4CAACDLgIAACaIAgAAC3gCAAB9RgIAADsGAgAAFH4CAAQuOAIAAEIWAgAADJACAACP3sIAAMW2AgAEQeQCAALs5AIAA+SkQ
Date: Sun, 22 May 2016 17:30:07 +0000
Message-ID: <655C07320163294895BBADA28372AF5D48861FF5@FR712WXCHMBA15.zeu.alcatel-lucent.com>
References: <CALx6S377qRfq7ufRVUx6Yn7ec4=EmK_=FL14PWT_qf4g840mbQ@mail.gmail.com> <20160519185943.GM12994@cisco.com> <CALx6S37qPpKpCT6ZpVQwRWf1XFKESYasOBcz26To9zw0GRyz5Q@mail.gmail.com> <573E31E1.807@isi.edu> <20160519221102.GS12994@cisco.com> <573E3C5E.2090300@isi.edu> <20160520001323.GC2511@cisco.com> <573E6303.8030701@isi.edu> <20160520012431.GF2511@cisco.com> <573F47C0.3010501@isi.edu> <20160520182115.GO2511@cisco.com> <CALx6S378X7bk5q-u7Kxu+s3w1ZZ5kZcyhCVEUyPG_=hVzNH2tA@mail.gmail.com> <655C07320163294895BBADA28372AF5D48860CBE@FR712WXCHMBA15.zeu.alcatel-lucent.com> <DM2PR0301MB06553A6249DB5BAD06D2A96BA84B0@DM2PR0301MB0655.namprd03.prod.outlook.com> <CALx6S35m9xCvzLqXyLgARdoep_WfZBoLsGFNUVUx8GfxXfiYNg@mail.gmail.com> <CAGD1bZZFkWNQ6dnETVoA0oat2h03JscCD6OcZPasFdKTYnkMQQ@mail.gmail.com>
In-Reply-To: <CAGD1bZZFkWNQ6dnETVoA0oat2h03JscCD6OcZPasFdKTYnkMQQ@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.40]
Content-Type: multipart/alternative; boundary="_000_655C07320163294895BBADA28372AF5D48861FF5FR712WXCHMBA15z_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/1Z1v6XlbWdCCov7Kqo6sOc9nwxs>
Cc: Christian Huitema <huitema@microsoft.com>, "Toerless Eckert (eckert)" <eckert@cisco.com>, Joe Touch <touch@isi.edu>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2016 17:31:11 -0000

Regarding the statement that my comment is incorrect:


·         I did not want to imply that the QUIC connection ID *is* unique per subscriber in the current prototype. I haven’t checked the code but for sure I assume that it is not implemented this way. My concern is about a protocol that by design *does not prevent* that and leaves the decision e.g. up to an application developer decision.

·         The root cause of the problem may be that draft-tsvwg-quic-protocol-02 lacks a security consideration section. The privacy implications of the connection ID require IMHO significant attention there. But, indeed, this discussion does not belong on this list.

·         I disagree that any connection ID that is meant to be location-independent (i.e., independent of the 5-tuple) exactly exposes the same information as the 5 tuple. A trivial counter-example is a connection ID that is build from the MAC address concatenated by some random bits. For instance, this would be an easy way to construct a unique 64bit identifier that would survive NAT rebinding, but, well, this would have some privacy impact, no? Specifically, since it may show up in every packet at a constant offset, one could use this ID for “interesting” purposes, or do I miss something? What prevents a user-space transport protocol implementation from picking the MAC address? Some MUST in some I-D?

Furthermore, I believe that this discussions matters for PLUS/SPUD, since:


·         If two different, worked-out candidate users of the common substrate seem to have similar requirements for signaling information in clear-text, this could be some lessons learnt for what may be required in the common substrate.

·         Even if this is not the case, the current excessive use of the term “encryption” in the PLUS/SPUD charter IMHO has to be reviewed, since at least two potential candidate protocols actually seems to use information in clear text. Example: “The primary goal of PLUS is to enable the deployment of arbitrary, fully encrypted transport protocols”. Well, at least I learn now that not everything is “fully” encrypted…

·         Finally, from the current charter I don’t understand whether PLUS/SPUD would consider the requirements of middleboxes designed to provide user anonymity (e.g., TOR-like). I’d personally be fine with flagging their specific requirements as out-of-scope. But for sure there is a user community of that sort of infrastructure and it may make sense to discuss early how to deal with that.

Michael

From: Jana Iyengar [mailto:jri@google.com]
Sent: Sunday, May 22, 2016 5:03 AM
To: Tom Herbert
Cc: Toerless Eckert (eckert); spud@ietf.org; Christian Huitema; Joe Touch; Scharf, Michael (Nokia - DE)
Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt


Possibly unsurprisingly, I like this draft. I'd like to argue some of the choices made in the draft but I'll do that separately. For now, I just wanted to articulate a few thoughts as I caught up on this thread:

- The ship has sailed on new native-IP transports. I worked on SCTP for 6 years and tried and watched it get nowhere in terms of deployment over native-IP. It wasn't because it was in the kernel, it was primarily because of NATs and various middleboxes. Yes this is definitely my opinion, but arguing this point is silly. No new native IP transport has seen significant deployment over the internet over the past 20 years, and it's not for lack of trying.

- People reasonably consider timescales of a few years when thinking about building and deploying a new transport. QUIC took a few years to build and deploy over UDP, and the Adobe folks did RTMFP over UDP as well (a while ago) in a reasonable time frame.

- Encryption is the *only* way to attempt avoiding ossification. Its certainly reasonable to consider that it may not do the job, but without an alternative, I'm afraid it will have to do for now.

- Michael raised a point about QUIC connection ID, which is incorrect: The QUIC connection ID is NOT unique per user. It's a connection ID, and on a single-path connection, it exposes exactly as much as TCP, DCCP, or SCTP do (unique per 4-tuple). On a multipath connection, it exposes exactly as much as MPTCP does. We can perhaps do better than MPTCP for multipath in terms of privacy, I don't want to engage on this point on this thread since it's not relevant to this thread.

- jana
On May 21, 2016 8:53 AM, "Tom Herbert" <tom@herbertland.com<mailto:tom@herbertland.com>> wrote:
On Fri, May 20, 2016 at 4:38 PM, Christian Huitema
<huitema@microsoft.com<mailto:huitema@microsoft.com>> wrote:
> On Friday, May 20, 2016 9:14 AM, Michael Scharf wrote:
>> To: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Toerless Eckert
>> <eckert@cisco.com<mailto:eckert@cisco.com>>
>> Cc: Joe Touch <touch@isi.edu<mailto:touch@isi.edu>>; spud <spud@ietf.org<mailto:spud@ietf.org>>
>> Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-
>> transports-over-udp-00.txt
>>
>> > NAT makes life complicated, especially if we want to have connections
>> survive across UDP NAT address/port remapping. Most of the draft is about
>> dealing with this. One nice feature (that I borrowed from > QUIC) is to
>> negotiate a shared session identifier for the connection that is unique to both
>> sides. With this a connection is identified (at the end
>> > nodes) without using the addresses or UDP port numbers. So connection
>> identification becomes location independent which solves the NAP
>> remapping problem and also allows for mobility.
>>
>> Ahhh, Section 3.2 is really cool...
>>
>> I can clearly see the tremendous improvement for user privacy if the highly
>> privacy-sensitive TCP header fields finally get all encrypted, including things
>> like flags, sequence numbers etc., if there is now a new clear text identifier
>> that just happens to be unique per subscriber. What a great improvement for
>> privacy in the Internet! And even better that it seems compatible with QUIC...
>>
>> Sorry, I really could not resist.
>
> Actually, using a 64 bit QUIC-like identifier to support mobility or multi path is a terrible idea. The best way to describe it is, "clear text super cookie." It allows adversaries to link connections originating from different IP addresses. Providing such linkability is a boon for traffic analysis and user tracking, and of course a big loss for privacy. And yes, MP-TCP is doing something similar, but at least they acknowledge the problem and want to find a solution. If we want privacy, the identifiers used to link several connections together have to be placed inside the crypto envelope, not in a clear text header.
>
We assume that strong security must be applied, so unlike MP-TCP the
transport headers are encrypted and the only information sent in plain
text is the session identifier (serving as an SPI) and DTLS headers.
In the case of a connection surviving across NAT remapping an attacker
could observe that the connection has been remapped, but that reveals
no new information about the connection than it had previously except
that the it was remapped by an intermediate device. That does
potentially reveal information about the NAT device, for instance it
could probably ascertain the timeout, but I don't know how useful that
would be in and it could probably be determined by other means.

But even given that, yes, I would prefer that anything that identifies
flows on the network (UDP tuples, session identifiers, flow labels) is
periodically rotated to reduce the ability of intermediate nodes to
track my flows over long periods of time. The protocol to negotiate a
new session identifier can be implemented in the encrypted portion of
the packet. To change the UDP tuple a client can pick a different
ephemeral source port (in userspace sockets implementation this would
close one socket and create a new and do a connect without explicit
bind).

Tom






> -- Christian Huitema
>
>

_______________________________________________
Spud mailing list
Spud@ietf.org<mailto:Spud@ietf.org>
https://www.ietf.org/mailman/listinfo/spud

v2.23.0 | Report a Bug | By Email