On 9/25/2018 2:30 PM, Mukund Sivaraman wrote:
> Hi Christian
>
> On Tue, Sep 25, 2018 at 01:40:59PM -0700, Christian Huitema wrote:
>> On 9/25/2018 12:15 PM, Tony Finch wrote:
>>
>>> For DNS-over-QUIC I think that could drop to 2RTT, or maybe 1RTT? I don't
>>> know QUIC's handshake.
>>>
>>> The warm start time should soon be 0RTT.
>> The basic QUIC handshake will be 1-RTT before sending the first query,
>> with two exceptions:
>>
>> 1) The server may require a token exchange (similar to SYN cookies or
>> DNS cookies) to protect against DOS attacks, in which case the handshake
>> will take 2 RTT.
>>
>> 2) If the client has established a connection previously and obtained a
>> "resume token", it could use 0-RTT, and send the first query immediately
>> after the initial QUIC packet -- in fact in the same UDP packet as the
>> initial QUIC packet.
>>
>> Using 0-RTT is a trade-off between security and performance, because
>> 0-RTT packets can be subject to replay attacks. That's true for 0-RTT in
>> QUIC and also 0-RTT in TLS. If you are really concerned about privacy,
>> the prudent decision is to not use 0-RTT.
>>
>> I ran a number of simulations comparing DNS over QUIC to DNS over UDP or
>> TCP, considering QUIC with and without 0RTT. The high level summary is
>> that for traffic from client to recursive, there is very little difference:
> I'm not familiar with the QUIC protocol, but following what you're
> saying:
>
> QUIC handshake + query = 2 roundtrips
>
> If there's a "connection" previously, query = 1 roundtrip
>
> RFC 1035 UDP query = 1 roundtrip
>
> RFC 1035 TCP query = 1 roundtrip if connection exists, 2 for syn,ack+query
>
> The 0 roundtrip case occurs only when there are no fetches involved
> (e.g., when the answer is found in cache, but there are other cases).
>
> So there will be a difference (at least double RTT latency vs. DNS over
> UDP) when the query requires talking to a new nameserver. Some desired
> security features such as DHE for forward secrecy may need additional
> round trips, so pros and cons of what is picked will need discussion.
> It looks like the parent of this thread wants to gather usage stories
> only and does not want us to discuss implementation details, so let's
> continue this discussion at another time when the requirements are
> gathered.
The QUIC connection provides DHE and forward secrecy by default, just
like TLS 1.3. This is already accounted for in the "1 roundtrip". Note
that there are really 4 sources of latency:

* Initial connection setup -- UDP or QUIC+0RTT beat TCP, TLS and QUIC
without 0-RTT by 1 RTT
* Inefficient retransmission -- in case of errors, corrections may
arrive much later with UDP
* Head of queue blocking -- an issue for TCP and TLS, not for UDP or
QUIC, may cause 1 RTT delay of packets coming after and error
* Fallback to TCP -- an issue with UDP if the response does not fit in a
single packet.

When you are comparing protocols, you need to consider all 4 issues, not
just the initial connection setup. Estimate probabilities of issues
based on traffic patterns, see what happens. For example, in the
resolver to authoritative scenario, you are likely to use DNSSEC, in
which case UDP suffers from the fallback to TCP a lot.

-- Christian Huitema

_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to