Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10
Tim Bray <tbray@textuality.com> Thu, 06 October 2022 18:59 UTC
Return-Path: <tbray@textuality.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96646C15A729 for <last-call@ietfa.amsl.com>; Thu, 6 Oct 2022 11:59:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MDqbynTvgwc for <last-call@ietfa.amsl.com>; Thu, 6 Oct 2022 11:59:31 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CEE8C157B41 for <last-call@ietf.org>; Thu, 6 Oct 2022 11:59:31 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id l22so4149302edj.5 for <last-call@ietf.org>; Thu, 06 Oct 2022 11:59:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=LQOnI5DNVPYrVUGNPikZEV5xK+6vP2wjRpq/2v5bA5U=; b=d3nx9h4ULJ4lJoy5vujmQCaRwNakS+gm9iBnnkj9E0TohsYyR3fRzyGDrB47Ca7z+J MpkmH/GQ1EHRIKOWMUTzr90hRshd5R/XbMdg8PTSlClfuwnmpasr4xaj2Ok0+a3WYD5n Fn2TkG0Bpd+fxYU/CN1ec81pFZCuepAhc/H4SgZ+jgkons3zVqWrerxT1X8fYlnvKvZg 3Ej2EKGuoW50oFcZzdD66dP3jEJVn7/m79nXPglvjq8Ob+ArYtmJQWH/qlRVnlOhoD8Q vIZVEnuSb4dwUJv2T81ul4u2lHC/8vLv4LbHp3kfNUaq9q8M1eGt0pcRThVZJWAW4rIw Pt6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=LQOnI5DNVPYrVUGNPikZEV5xK+6vP2wjRpq/2v5bA5U=; b=f8tHm318c7K9skB5BueVSKU5M4sMbs7f/X5hV9EFc2nRf9dbgaERPmF+gIIlAkH5dQ 8VPNMk7kP1Uf4qan3Jbv/92TgCIBl4oV9f5cordmXts4kA+8to/q7/JRXCPtOqFnC97G +nD9gG9sGoXj9QmkGBFbWxKYneDZhH/i5st+1Breai90r7tQWzEyu0V0Shk8OA48C6Cq U0n3MiH2hGqppDjASWwFeAFVBhDaSxaoNmOeneNAGrqM9uoOJCjK/8k/Ot9c9JjqvCJK TpzeQYozJAEfNkBIVpXYkgwhyW3P1DD0OQ9cmkWV+uINYeG0bRDtXGAgsSIb/o2+/PRk xQVQ==
X-Gm-Message-State: ACrzQf2niaBsgZhlQxlXzfxQ/InVsZwmDRmCXjxgtfWblnBxLSz/3tkG GqJXelay/zdUi/GlH06h3zlLD0cDogAzEOMDS2mNxg==
X-Google-Smtp-Source: AMsMyM6zULydWt4LXEEw8y4vHToDKAH3PfDyOfblA2dj5PBnA2zOHK0/eY3QIV64r5kPStodDbMGS+LhzLLbdbieiZA=
X-Received: by 2002:a05:6402:1941:b0:457:138:1e88 with SMTP id f1-20020a056402194100b0045701381e88mr1196114edz.394.1665082769010; Thu, 06 Oct 2022 11:59:29 -0700 (PDT)
MIME-Version: 1.0
References: <166491906926.345.3085225025028172235@ietfa.amsl.com> <CAPDSy+77pETe2jZUas0_rvkgA6=GTBRk+Vx+6GQur2JJfF5auQ@mail.gmail.com>
In-Reply-To: <CAPDSy+77pETe2jZUas0_rvkgA6=GTBRk+Vx+6GQur2JJfF5auQ@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
Date: Thu, 06 Oct 2022 11:59:18 -0700
Message-ID: <CAHBU6itZopkpaiM2U-TVo0qxZ__7Yh3gnkE0yQUfvois7-_w0A@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: art@ietf.org, draft-ietf-quic-version-negotiation.all@ietf.org, last-call@ietf.org, quic@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f80c3605ea624a28"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/-xa-4wu2q6UeDzLHeGw8jBP2Wzc>
Subject: Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 18:59:35 -0000
A couple of small notes inline below. I have to say that I remain concerned about the thin-ness of section 9. I'm not on the IESG but if I were, and a draft spec for a pretty central piece of Internet infrastructure came in without threat analysis or in-depth security discussion, I would find it very difficult to be happy. Your call. On Wed, Oct 5, 2022 at 3:46 PM David Schinazi <dschinazi.ietf@gmail.com> wrote: > Section 2.3 paragraph 4, this is arguably part of the definition of what >> "Compatibility" means: that such a document exists with a description of >> the >> server-to-client signaling mechanism. Thus, the definition of >> "Compatible" at >> the start of section 2.2 is arguably incomplete: 'A is said to be >> "compatible" >> with B if it is possible to take a first flight of packets from version A >> and >> convert it into a first flight of packets from version B.' >> > > Could you say more about the definition being incomplete please? > More specifically, what do you think is missing from the definition? > Well, it's self-evidently incomplete because in 2.3 it's clear that for versions to be compatible, a document needs to exist and you say useful things about what that document has to contain. So I think the spec would be cleaner if you mentioned the document up there in 2.2. Section 4 paragraph 5 is really hard to understand for this >> non-QUIC-expert. >> An example of the situation where the client might (invalidly) make a >> choice >> incompatible with its knowledge of what the server supports would be >> useful. >> > > That's fair. I couldn't easily find a way to make this clearer, I'll think > about it some more. > Suggestion: Add a couple of examples. I'm a huge fan of examples in specifications. I often find that when I have to write them, it forces me to clarify my thinking and has regularly led to improvements in the explanatory text. > Section 9, Security Considerations, seems very short for such a >> foundational >> piece of protocol. I would have hoped to see some discussion of threat >> models. >> (There seems to be good attention to security issues in the body of the >> document.) >> > > The document defines and mitigates version downgrade attacks, the main > concern > in any version negotiation, but that's in the body of the document. I > don't think moving > text to make the security considerations longer would improve clarity. > Okay, that's useful. If you believe that the major threat scenario is downgrade attacks, and that there aren't any others that are worth addressing in this RFC, it would be useful to say so. Is it a fair assumption that anyone who's going to read this will understand what a "downgrade attack" is, so there's no benefit from describing the scenario?
- [Last-Call] Artart last call review of draft-ietf… Tim Bray via Datatracker
- Re: [Last-Call] Artart last call review of draft-… David Schinazi
- Re: [Last-Call] Artart last call review of draft-… Martin Thomson
- Re: [Last-Call] Artart last call review of draft-… Tim Bray
- Re: [Last-Call] Artart last call review of draft-… David Schinazi