Re: [TLS] Connection ID Draft
Martin Thomson <martin.thomson@gmail.com> Mon, 16 October 2017 23:42 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6A61321D8 for <tls@ietfa.amsl.com>; Mon, 16 Oct 2017 16:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_bP9Hfe7h_y for <tls@ietfa.amsl.com>; Mon, 16 Oct 2017 16:42:26 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57046132397 for <tls@ietf.org>; Mon, 16 Oct 2017 16:42:26 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id j126so28197298oib.8 for <tls@ietf.org>; Mon, 16 Oct 2017 16:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6dj53Ax+i516RFxfPNJe2KQDY+TQI/T56sp8b2EXzYQ=; b=nviT6NIDhkKReJ0FZFlm2dkAgtqIL7HfAYkh3Wh30ZjL7TTbHosjBUT+90cczfUKox SI2CppKk9jxB0pDBy/W575R9Dz2obCJKzjLrKyaYaCWhW0qDaZgHDiMar4cS3W4E/7Kx SdsH2yrx++DfFqR7i/rJ0DbCV/MeguDFAHbzsd5Srxk+35P5zY+lF+cdsNhi7HniqBTv 0kAvo8EKag5NBOnsysU45AF2TFMFF2k/eg51LS8c2tXT1/rVt2peV42yqDdbmlOgW+iz OGk74iSgw89xVQ9IO/Vt1/M2tqLu/RAcdpRIFUeY0FKEgGl03EpRv7f2s6QhsPZwtCI4 +0bA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6dj53Ax+i516RFxfPNJe2KQDY+TQI/T56sp8b2EXzYQ=; b=SsJvV0ggbBdzP8E0povZJJjfYG9ub858P6w5B+JszPGztPJ1UGUt0cLOLQA/2EIRYs NbGV+d1DlBbn5NqgAMmEb1qHDNgTW0NCz3u4Jltjyo/sTETtzAqfVG6jlWkfBujcNyO4 TxnqytR/nYV9DLf4rdtgASGBx04b0+cnFPRlyqkufRYU4xHYDdoS9v/MX+GpUoAMvqYP 9V+M9zArr4H2j0crJl0xQQhUvQjRe9S0LbIqfl9x1QAyHGLkhkz1Dw0ZZSdGjglc5PDn 3quBp6c+yJlnoVEScfdAGpf8yt5rRNOcrD49bfgp4EG+570cgHaAU21np9arJd1XYsCL TpVw==
X-Gm-Message-State: AMCzsaX6HZ+J/v1R5/FQMyKoNRHXLeFML/nWFP5J4B+N8mkEcIhARwZ7 qeoHKs02BFcjVP1b48Vhm9j1EC/23KxXh0ZSjZc=
X-Google-Smtp-Source: ABhQp+S1ofJ7E+SdpuZ4E5Y5JwseNSzbijl7Yhfk2S7Ub8I0/BKgxRLEtd8PxMjMnjhl1QmZ/Gtp8Xq2zCoTaXdd/ls=
X-Received: by 10.157.87.75 with SMTP id x11mr1362853oti.112.1508197345507; Mon, 16 Oct 2017 16:42:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Mon, 16 Oct 2017 16:42:24 -0700 (PDT)
In-Reply-To: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 17 Oct 2017 10:42:24 +1100
Message-ID: <CABkgnnXT7nv9aNQh12deeitF1CurENpxgUicn9GHjMbojcEvJg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>, "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hO-sCRazz6lJjx7YB4deXdwPmXs>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 23:42:29 -0000
Going back to the start, it seems like there is an implied problem with the draft in that connections with the identifier are hard to distinguish from connections without. Is that the main problem? I can't see how an explicit marking helps. If we admit the possibility that some connections will not support this new feature, then the recipient of packets is forced to identify those connections by 5-tuple. That's invariant. Mixed deployments have some challenges, but it's not completely unworkable. My conclusion is that peers without connection ID support monopolize the 5-tuple that they use, so that other connections can't migrate to that 5-tuple. They also cannot migrate to another 5-tuple. Otherwise, things work out. To reach that point, you have to realize that a mixed deployment has to use 5-tuple as a primary key. Packets that come in on a new 5-tuple are matched to connections opportunistically on what might or might not be a connection ID. If it is, then great (better make sure you ask for the same length ID from all peers, or match on prefixes...). If it isn't, then the ciphertext will be read as a connection ID, but even if it does identify a connection it will fail to decrypt. Thomas mentioned a heuristic, but I don't think that we need that. The only case that is difficult, and it's one that you might not care about, is one where a connection migrates to the same 5-tuple as an another connection. There, you will match to an existing connection and find that the packet doesn't decrypt. If the connection that you have associated with the 5-tuple supports and uses a connection ID, you can recover without trial decryption. Otherwise, you just have to drop the packet when it doesn't decrypt. (You could look up all the connections without connection IDs and use trial decryption, but why bother spending the effort and undermine the strength of your ciphers in that way.) You can only truly dispense with the 5-tuple mapping if you can guarantee that all of your clients support connection ID; at which point you can drop that table and route on connection ID alone. Packet inspection boxes will have maintain state, I don't see a way around that. The point here being that you need state to know how long the connection ID is, as well as how long it is. The middlebox issue is somewhat more interesting. If it is *your* middlebox, then there might be a case for routing connections with a connection ID differently. Based on the above, I would have said that it might be better to only deploy that sort of configuration when you can insist on receiving a connection ID. An explicit marking helps, but the cost is pretty high if we care about saving bits. My suggestion for the middlebox is to use a longer connection ID and include a MAC inside the connection ID. It ends up being a longer connection ID than the one QUIC uses, but it would allow the stateless routing middlebox to identify packets with and without a connection ID without any explicit marking. That doesn't require any change to the design. On Fri, Oct 13, 2017 at 10:13 AM, Eric Rescorla <ekr@rtfm.com> wrote: > Hi folks, > > I have just posted a first cut at a connection ID draft. > https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00 > > Comments welcome. > > -Ekr > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Hannes Tschofenig
- Re: [TLS] Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: 答复: Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Christian Huitema
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Simon Bernard
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Simon Bernard