IETF Logo Mail Archive

Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10

David Schinazi <dschinazi.ietf@gmail.com> Thu, 06 October 2022 22:22 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD6DCC1594BB; Thu, 6 Oct 2022 15:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzPIUy47PO40; Thu, 6 Oct 2022 15:22:25 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3F55C1594AB; Thu, 6 Oct 2022 15:22:25 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id a26so7643115ejc.4; Thu, 06 Oct 2022 15:22:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=k5CKh/1tqw6N1PMV9cWnk26C+F4nhj+kVPyLq43AwDs=; b=mg0ztz9Oru+VdxMDdUxBZB9k1XArRM5zGktT0N10oiWo6+vGKvxyul4mdzuKtgipvA UO5Y+xyBd0NaAuvCZQp6sKWxecucMBC7GfxMlEl5qLRu6dN32zbOb3Se0ZoqSWqVk/wU 76PTZ7idZgiRDsPCXq9dWqzV1KrKK73S0TQe/oDzwaqXAPgeuYX07iCekR7DON/HKfcz ITjtvTIT/4JvwFtUw6kka6jHbG81XJ2sdnYpnyXyFk0GgQRBNXsKpslDK0ZYx0W441VR 73EfDQLlq3zoHoQwZav16V5mN7eio7N5rS3Wf0xao1BL/6RCWU7NdT6T3OdNYIL6X5yh ZoGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=k5CKh/1tqw6N1PMV9cWnk26C+F4nhj+kVPyLq43AwDs=; b=RWYpFK/8yK1DsN5TK8rUWCKu6Gx0w4l3OGzleNlwoolE6mYsDx25XRq/06vOQffHp6 4LC3Rn1zWbN7enAb2vay12Hxsp3kQWCT7LJSPVmlxDbTeOTmYicvC2Fq1m8/ARvguO8R AfBTxaGzo0HLq/8nZwOMNtyBVNjZ0Jsdzgsjzfl/gBDeHBHr2k3m3368K4YuezEr7t/9 EfrdNBi5se+YMXvBKTI3qH1KttTlmJLl96Ehxt3UCbJFgOn58UABZohrEcOFPF9yNV4m ggRPCuT2Cw18hNQweDF4O0gVNAT4dKsoELO0nzPPnYInn+OOoioZxSDE09y+4dmv5TSr KMeA==
X-Gm-Message-State: ACrzQf3TxrVq244LlNPFDBok3MQDyyHE7faCS4hjnfdtCQQ4VpdXjgtu XbVkO2K4tZXQnZAuyA1PyHy6yQ02eQ2OeDLz84oM7Yjg8JA=
X-Google-Smtp-Source: AMsMyM7vo4vPwfDn4tBp2IVJnH0vll0v0F1zxA2FPjhAsAGkTzoxNOwDFaE3u2DTfZ3GK6MyD8jMhQSiHo9HnSBCpbw=
X-Received: by 2002:a17:906:fe0b:b0:787:f1d3:2105 with SMTP id wy11-20020a170906fe0b00b00787f1d32105mr1649753ejb.83.1665094943455; Thu, 06 Oct 2022 15:22:23 -0700 (PDT)
MIME-Version: 1.0
References: <166491906926.345.3085225025028172235@ietfa.amsl.com> <CAPDSy+77pETe2jZUas0_rvkgA6=GTBRk+Vx+6GQur2JJfF5auQ@mail.gmail.com> <CAHBU6itZopkpaiM2U-TVo0qxZ__7Yh3gnkE0yQUfvois7-_w0A@mail.gmail.com>
In-Reply-To: <CAHBU6itZopkpaiM2U-TVo0qxZ__7Yh3gnkE0yQUfvois7-_w0A@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 06 Oct 2022 15:22:11 -0700
Message-ID: <CAPDSy+65Q7zFmNy+qKDgk8drQp=AQevBaNSiCd9pV_FMSq0W8g@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: art@ietf.org, draft-ietf-quic-version-negotiation.all@ietf.org, last-call@ietf.org, quic@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009f3b9305ea652084"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/VFydQ65FnKmAVamd0ITlNOAN1Fk>
Subject: Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 22:22:27 -0000

Thanks Tim, responses inline.
David


On Thu, Oct 6, 2022 at 11:59 AM Tim Bray <tbray@textuality.com> wrote:

> A couple of small notes inline below.
>
> I have to say that I remain concerned about the thin-ness of section 9.
> I'm not on the IESG but if I were, and a draft spec for a pretty central
> piece of Internet infrastructure came in without threat analysis or
> in-depth security discussion, I would find it very difficult to be happy.
> Your call.
>

QUIC is a pretty central piece of Internet infrastructure, but this
document describes a very small portion. At the end of the day, this
document defines an algorithm whose single purpose is to take two lists of
supported versions as inputs and produce one version as output. The
security risk there is downgrade attacks, more on that below.

On Wed, Oct 5, 2022 at 3:46 PM David Schinazi <dschinazi.ietf@gmail.com>
> wrote:
>
>
>> Section 2.3 paragraph 4, this is arguably part of the definition of what
>>> "Compatibility" means: that such a document exists with a description of
>>> the
>>> server-to-client signaling mechanism.  Thus, the definition of
>>> "Compatible" at
>>> the start of section 2.2 is arguably incomplete: 'A is said to be
>>> "compatible"
>>> with B if it is possible to take a first flight of packets from version
>>> A and
>>> convert it into a first flight of packets from version B.'
>>>
>>
>> Could you say more about the definition being incomplete please?
>> More specifically, what do you think is missing from the definition?
>>
>
> Well,  it's self-evidently incomplete because in 2.3 it's clear that for
> versions to be compatible, a document needs to exist and you say useful
> things about what that document has to contain. So I think the spec would
> be cleaner if you mentioned the document up there in 2.2.
>

Isn't that covered by this paragraph in s2.2? It uses "otherwise specified"
to refer to the required document.

    When a new version of QUIC is defined, it is assumed to not be
compatible
    with any other version unless otherwise specified. Similarly, no other
version
    is compatible with the new version unless otherwise specified.
Implementations
    MUST NOT assume compatibility between versions unless explicitly
specified.

Section 4 paragraph 5 is really hard to understand for this
>>> non-QUIC-expert.
>>> An example of the situation where the client might (invalidly) make a
>>> choice
>>> incompatible with its knowledge of what the server supports would be
>>> useful.
>>>
>>
>> That's fair. I couldn't easily find a way to make this clearer, I'll
>> think about it some more.
>>
>
> Suggestion: Add a couple of examples.  I'm a huge fan of examples in
> specifications. I often find that when I have to write them, it forces me
> to clarify my thinking and has regularly led to improvements in the
> explanatory text.
>

Thanks for the nudge. I've added examples:
https://github.com/quicwg/version-negotiation/commit/01c8b63a9f7585531c9d3779b66338c9502a3fd9

Section 9, Security Considerations, seems very short for such a foundational
>>> piece of protocol.  I would have hoped to see some discussion of threat
>>> models.
>>>  (There seems to be good attention to security issues in the body of the
>>> document.)
>>>
>>
>> The document defines and mitigates version downgrade attacks, the main
>> concern
>> in any version negotiation, but that's in the body of the document. I
>> don't think moving
>> text to make the security considerations longer would improve clarity.
>>
>
> Okay, that's useful.  If you believe that the major threat scenario is
> downgrade attacks, and that there aren't any others that are worth
> addressing in this RFC, it would be useful to say so.
>

I'm not sure there's much benefit in saying that - doesn't it amount to
saying "we protected against what we knew about"? There's never an absolute
guarantee when it comes to security.

Is it a fair assumption that anyone who's going to read this will
> understand what a "downgrade attack" is, so there's no benefit from
> describing the scenario?
>

Oh right my bad, the definition had been written but not added yet, it's
currently a PR:
https://github.com/quicwg/version-negotiation/pull/127/files

v2.23.0 | Report a Bug | By Email