Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Christian Huitema
On 2/13/2023 7:57 PM, Viktor Dukhovni wrote: On Tue, Feb 14, 2023 at 04:22:48PM +1300, Marten Seemann wrote: It hides certain bits of the header, as well as the packet number, from an on-path observer. This is crucial to prevent middleboxes from being "helpful" and acting upon (observed) gap

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Viktor Dukhovni
On Tue, Feb 14, 2023 at 04:22:48PM +1300, Marten Seemann wrote: > It hides certain bits of the header, as well as the packet number, > from an on-path observer. This is crucial to prevent middleboxes from > being "helpful" and acting upon (observed) gaps in packet numbers. As > such, it's hard to

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Marten Seemann
I've never viewed PNE as a security measure, but instead as an anti-ossification and a privacy measure. It hides certain bits of the header, as well as the packet number, from an on-path observer. This is crucial to prevent middleboxes from being "helpful" and acting upon (observed) gaps in packet

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Viktor Dukhovni
On Mon, Feb 13, 2023 at 06:13:36PM -0800, Christian Huitema wrote: > The process for any proposal is to submit a draft to the relevant > working group. I have no idea whether you will find a better reception > in QUIC or in TLS. Your proposal amounts to lowering security in order > to improve p

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Christian Huitema
On 2/13/2023 7:25 AM, Boris Pismenny wrote: On Mon, Feb 13, 2023 at 7:20 AM Christian Huitema > wrote: This issue, packet number encryption versus hardware acceleration, was discussed in quite some depth during the standardization process. The current de

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Boris Pismenny
On Mon, Feb 13, 2023 at 4:29 PM Watson Ladd wrote: > > > On Wed, Feb 8, 2023 at 10:16 AM Boris Pismenny > wrote: > > > > Hello, > > > > I work on NIC hardware acceleration for NVIDIA, and we are looking into > QUIC and DTLS1.3 acceleration. QUIC and DTLS employ packet number > encryption (PNE) w

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Watson Ladd
On Wed, Feb 8, 2023 at 10:16 AM Boris Pismenny wrote: > > Hello, > > I work on NIC hardware acceleration for NVIDIA, and we are looking into QUIC and DTLS1.3 acceleration. QUIC and DTLS employ packet number encryption (PNE) which increases security. At the same time, PNE significantly encumbers ha

Re: [TLS] Packet number encryption negotiation

2023-02-13 Thread Boris Pismenny
On Mon, Feb 13, 2023 at 7:20 AM Christian Huitema wrote: > This issue, packet number encryption versus hardware acceleration, was > discussed in quite some depth during the standardization process. The > current design was adopted with full knowledge that hardware > acceleration will require some