Giters

quicwg / load-balancers

In-progress version of draft-ietf-quic-load-balancers

Home Page:https://quicwg.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Discuss about the linkability issue when using Plaintext CID algorithm.

Lingtaonju opened this issue · comments

commented

Hello duke,
In this issue, I want to discuss whether the Plaintext CID algorithm will bring linkability problem as you described below:

QUIC-LB is intended to prevent linkability. Attacks would therefore
attempt to subvert this purpose.
Note that the Plaintext CID algorithm makes no attempt to obscure the
server mapping, and therefore does not address these concerns.

In my opinion, as the host-id is mapped to the quic server but not the quic session, so even with the same host-id in the CID will not bring linkability problem when the cid is not the same except host-id part.

As described below in rfc9000, the linkability problem may become possible, as the same CID is used to map to the same quic session, so, two client address used the same CID means that this is a quic migration, from one place to another.

Using a stable connection ID on multiple network paths would allow a passive observer to
correlate activity between those paths. An endpoint that moves between networks might not
wish to have their activity correlated by any entity other than their peer, so different connection
IDs are used when sending from different local addresses, as discussed in Section 5.1. For this to
be effective, endpoints

However, the scene described in rfc9000 is not the same with host-id in quic lb's description. Because with the same host id means two session connected to the same quic server, but not the same quic session.

For example, two quic connections use the same host-id: 1, but CID differs. And the 4 tuples are <11.0.0.1:123, 33.0.0.1:443> and <22.0.0.1:456, 33.0.0.1:443>, we can't say that <11.0.0.1:123> and <22.0.0.1:456> come from the same quic client.

In other world, when client doing migration the host-ids in CIDs are the same, but the same host-id in CIDs does not means this comes from the same client. So, correlate activity does not work with host-id when there are many clients connected to the same server. In this case, plain text algorithm maybe enough.

The above are some of my thoughts , do you have some ideas about these? Waiting for your reply.

commented

Hi Ling,

This is currently described in Section 2.2, though there's a major editorial rewrite coming that will probably move it into security considerations.

You're basically right. In the limit where there are many clients per server, and migrations happening all the time, a visible server ID is not a big deal and PCID would be fine.

In the opposite limit, where there is one client connected to the site, migration is very linkable no matter what algorithm you use.

The encrypted methods are for situations in between those two extremes. There are no true guarantees of unlinkability, which is how we justify having a plaintext method at all.