Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10
David Schinazi <dschinazi.ietf@gmail.com> Wed, 05 October 2022 22:46 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F75AC1522A8; Wed, 5 Oct 2022 15:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZsLu0rhqshX; Wed, 5 Oct 2022 15:46:27 -0700 (PDT)
Received: from mail-vs1-xe2a.google.com (mail-vs1-xe2a.google.com [IPv6:2607:f8b0:4864:20::e2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA488C1522A6; Wed, 5 Oct 2022 15:46:27 -0700 (PDT)
Received: by mail-vs1-xe2a.google.com with SMTP id 63so390778vse.2; Wed, 05 Oct 2022 15:46:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=CXpa3aQvIr8m2Mngf+AW/hLeAhNPKPjaZSWodHSqbgw=; b=fh7qRNbx4eccYDEELygXd3cpbFBt8Cf9xull3yGreXZdt0VicuGULS60PjpZpAMq+c WpPNeVnTyl9OXNC+zsrzy7kL6hE0FfTmSoIYBs08bOMff5uWWqOl1pp5NsFxQC2k5op4 Q9C4lFoprT7HE8DfNKM9eoOjJMCiGgrstGCqDh1wwynZJfB8V5P5JNltq0sO2JviWOba wkQRVITL455APZWMLg66ccqsEemqOLKzZ443AwZS0QkxTvh4mpNfTD72DOTiHAa2HD0Z 2Hbe7RHzOyLNpdk98mSKu4XnaAnD1/KVTVR23QLDCB93V302QTxaXpLWOFjxLZYCInIO jlEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=CXpa3aQvIr8m2Mngf+AW/hLeAhNPKPjaZSWodHSqbgw=; b=2tvL1B3RdEN/DNNtvOFBT393VO4NloSzZ41yCbwlpGE77qTwhxR8FoNp+1rMJRxFzD jiVhhqPqmhxUnr/xug10DaVuL6JYJVUDoLFwmIoQNz2t3CZIXhU3qc7MwAMSaB3G7Osy ZTA15kvo3Tou1wH9hHluPQERr80PGeto8IzjJGKp2skTDqAq6wSZoPnhHZZDjpFDkVzc bybsJxZh1bRQ23r/W6obXKd8ypq3yEsWC4uawsvPR4w2q9qbax614c/TVNSwBes30BHs O0c/TvNqlETq+xUqrJoaxPxME66HgkjUoyevJvr7Bcwcx+2KUZZguYp6nBpf3WegBt9P 3Rbw==
X-Gm-Message-State: ACrzQf2R5gYvNYg8HmAx/QIVg7kJY9xsaR+QRaeu8xRpTpFFjlVgSFMN Hpsinh8J9g0eYE/2OgGSp9Ce/tcLqHBKEIgd6RFX4Wjz0Is=
X-Google-Smtp-Source: AMsMyM6yAWyiRzWMHHfdJaDke7G1lyTxlH06Oir2ouzNRYz4s2rfVjsb358X5AquTIKGs1s+Ga/EpFz8vfn9hzI8ulA=
X-Received: by 2002:a67:c381:0:b0:3a6:5fa8:fbc7 with SMTP id s1-20020a67c381000000b003a65fa8fbc7mr1201552vsj.84.1665009986332; Wed, 05 Oct 2022 15:46:26 -0700 (PDT)
MIME-Version: 1.0
References: <166491906926.345.3085225025028172235@ietfa.amsl.com>
In-Reply-To: <166491906926.345.3085225025028172235@ietfa.amsl.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 05 Oct 2022 15:46:15 -0700
Message-ID: <CAPDSy+77pETe2jZUas0_rvkgA6=GTBRk+Vx+6GQur2JJfF5auQ@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: art@ietf.org, draft-ietf-quic-version-negotiation.all@ietf.org, last-call@ietf.org, quic@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c86bd305ea5158d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/ZgksVydsU_lljvPGgCOS4aU6imY>
Subject: Re: [Last-Call] Artart last call review of draft-ietf-quic-version-negotiation-10
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 22:46:28 -0000
Hi Tim, thank you for your review. Responses inline. David On Tue, Oct 4, 2022 at 2:31 PM Tim Bray via Datatracker <noreply@ietf.org> wrote: > Reviewer: Tim Bray > Review result: Ready with Issues > > This is a clear, well-written document, with one exception noted below. > Note > that my understanding of QUIC is quite shallow and it's possible I missed > something in here that is obviously wrong or dangerous if you have a deeper > understanding of QUIC. I think the following are all nits except perhaps > the > extremely thin state of the Security Considerations section. > > Section 2.3 paragraph 4, this is arguably part of the definition of what > "Compatibility" means: that such a document exists with a description of > the > server-to-client signaling mechanism. Thus, the definition of > "Compatible" at > the start of section 2.2 is arguably incomplete: 'A is said to be > "compatible" > with B if it is possible to take a first flight of packets from version A > and > convert it into a first flight of packets from version B.' > Could you say more about the definition being incomplete please? More specifically, what do you think is missing from the definition? Same para: "Any set of mutually compatible versions SHOULD use the same > mechanism." Um, are mutually compatible versions necessarily organized into > sets which are disjoint? That wasn't obvious to me from the narrative and, > if > so, maybe worth saying. > You're right, this wasn't clear. Version compatibility is not symmetric, so you can visualize it as a directed graph but not as a set. I've removed the word set: https://github.com/quicwg/version-negotiation/commit/a8e8c29999262d391017ef8abc60afa4bcf9c818 Section 4 paragraph 5 is really hard to understand for this > non-QUIC-expert. > An example of the situation where the client might (invalidly) make a > choice > incompatible with its knowledge of what the server supports would be > useful. > That's fair. I couldn't easily find a way to make this clearer, I'll think about it some more. Section 5, last para, "Note that this opens connections to version > downgrades" > - do you mean "opportunities for" or "risk of"? "connections to" is > awkward. > Fair enough, that wasn't well worded. I've rewritten it: https://github.com/quicwg/version-negotiation/commit/37ee05cf65bee54aaeda834aa71f115fca9324a4 Note that, during the update window, connections are vulnerable to downgrade attacks for partially-deployed versions. This is because a client cannot distinguish such a downgrade attack from legitimate exchanges with both updated and non-updated server instances. Section 7.1, send para: "If a future document wishes to define compatibility > between two versions that support retry, that document MUST specify…" Is > an RFC > allowed to impose MUST constraints on future RFCs? Not a rhetorical > question, > just never seen anything like this before. (Also 7.3) > Yes, I think this is common practice as far as I know. Future documents can however remove the requirement, but that generally requires an Updates tag. Section 7.2. Sounds reasonable, but some motivation might be nice. > It would, but I don't think that research will happen in our publication time frame. Section 9, Security Considerations, seems very short for such a foundational > piece of protocol. I would have hoped to see some discussion of threat > models. > (There seems to be good attention to security issues in the body of the > document.) > The document defines and mitigates version downgrade attacks, the main concern in any version negotiation, but that's in the body of the document. I don't think moving text to make the security considerations longer would improve clarity.
- [Last-Call] Artart last call review of draft-ietf… Tim Bray via Datatracker
- Re: [Last-Call] Artart last call review of draft-… David Schinazi
- Re: [Last-Call] Artart last call review of draft-… Martin Thomson
- Re: [Last-Call] Artart last call review of draft-… Tim Bray
- Re: [Last-Call] Artart last call review of draft-… David Schinazi