
HTTP/3 spin bit [pdf] - angrygoat
https://github.com/quicwg/wg-materials/blob/master/ietf103/spin_summary.pdf
======
cesarb
Some context: [https://blog.apnic.net/2018/03/28/just-one-quic-
bit/](https://blog.apnic.net/2018/03/28/just-one-quic-bit/) (discussed on HN
at
[https://news.ycombinator.com/item?id=16695816](https://news.ycombinator.com/item?id=16695816)).

------
jakeogh
Another fingerprint vector, with location leak.

"generally lacks required precision" well, generally, you combine measurement
vectors to obtain required precision.

~~~
ihlar
Even without the spin bit it is possible to obtain at least one RTT sample per
observed connection, simply by observing the initial handshake, the spin bit
doesn't add any meaningful information from a location perspective. An
endpoint that wants to obfuscate its location could simply add a bit of
artificial jitter. Here's a paper by Brian Trammell where he investigates how
well RTT information can be used for geolocation:
[https://github.com/britram/trilateration/blob/master/paper.i...](https://github.com/britram/trilateration/blob/master/paper.ipynb)

~~~
londons_explore
>An endpoint that wants to obfuscate its location...

could just not ever set the spin bit.

~~~
cesarb
> could just not ever set the spin bit.

That works until middleboxes start requiring that the spin bit is set. As I
commented in the earlier discussion linked above:

"You do know that someone somewhere is going to make a middlebox that just
drops a packet unless that bit flipped in the precise sequence that the
middlebox developer believed was the correct one, right?

Then someone proposes an enhancement to QUIC which happens to change the
sequence of the flips (perhaps some multipath thing, or an enhancement in the
way it treats reordered packets), and it breaks... "

------
KaiserPro
But each packet is numbered, why can't one use the ACK of the numbered packet
instead?

~~~
tialaramex
You understand this is an encrypted protocol right?

A router or other node in the network that's just moving these packets can't
decrypt them, so it can't tell the "ACK of the numbered packet". The spin bit
lets such a node estimate the round trip time anyway because it will "spin"
between set and unset on each round trip.

~~~
SellingMyself
Why does an intermediate node (ie. not the endpoint) need to know the RTT?

~~~
tialaramex
Troubleshooting seems to be an especially popular reason to want this, but I
understand some traffic management strategies want to measure RTT also under
normal use.

------
londons_explore
Has anyone tested this out on a real network?

I imagine that it won't work at all when you combine something like 3G (with
random periods of hundreds of milliseconds of no packets delivered and them
all queueing up), with a little packet reordering.

The 'spin' will end up measuring half, 1/3, or 1/4 the original RTT. The issue
won't resolve until the connection ends up idle for at least 1 RTT.

~~~
zamadatix
Page 6 talks about this.

On the upside it probably doesn't need to work on 3G anyways. The reason being
if your spins are out of order and coming in 300ms chunks you probably aren't
worried about troubleshooting the latency anymore, you've been made aware the
connection is never going to be high quality, that the delay is low-300ms
depending on chunking interval, and that you have packet reordering.

