IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client's initial source CID is unauthenticated (#1479)

Kazuho Oku <notifications@github.com> Wed, 27 June 2018 03:50 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA56130E10 for <quic-issues@ietfa.amsl.com>; Tue, 26 Jun 2018 20:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pxppjzkWmF6 for <quic-issues@ietfa.amsl.com>; Tue, 26 Jun 2018 20:50:00 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A58212785F for <quic-issues@ietf.org>; Tue, 26 Jun 2018 20:50:00 -0700 (PDT)
Date: Tue, 26 Jun 2018 20:49:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530071399; bh=1Z+g/KmJMbNlRLMC4Q2vBnlEvGc9U5iOguLp7g1Uiec=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=iLB6kgmKV6aFT/ymEd/1IC9MbQZDC3rPwDkBYPnvbotpcaTdZrA2ivhevafdAxOAJ y7Hv9S5nMtPQP9wVwA42BEvVMS22qsSs2KcCnv7nAHTrX0yAPJ2c6YnxS0n1yzqKMf +kT+gUu/bgzJTPhFiUN9ol/bmI9U/m4hkt5Prbt0=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc1f11d90c8b913d9a9dcb275034f75e98167abf692cf00000001174acb6792a169ce1403e20c@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1479/400534297@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1479@github.com>
References: <quicwg/base-drafts/issues/1479@github.com>
Subject: Re: [quicwg/base-drafts] Client's initial source CID is unauthenticated (#1479)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b3309675a8ed_252f2b17a827af5c95e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/-nW-KfW49utlLmnU3564nOWA9UE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2018 03:50:03 -0000

@chris-wood 
>> ... client's CID is never allowed to change during the handshake.
> 
> Can you please point me to where this is written?

My understanding is that the following paragraphs effectively requires that.

> During the handshake, an endpoint might receive multiple packets with the long header, and thus be given multiple opportunities to update the Destination Connection ID it sends. A client MUST only change the value it sends in the Destination Connection ID in response to the first packet of each type it receives from the server (Retry or Initial); a server MUST set its value based on the Initial packet. Any additional changes are not permitted; if subsequent packets of those types include a different Source Connection ID, they MUST be discarded. This avoids problems that might arise from stateless processing of multiple Initial packets producing different connection IDs.
> [4.7. Connection ID Encoding](https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#connection-id-encoding)

> If the assumption is that changing the source CID means the handshake continues indefinitely, then putting it in the TP seems to actually enforce that requirement.

To be precise, having client's initial source CID in the TP allows the server to check if the value was consistent during the handshake. Clients naturally check that, by comparing the DCID field of the Initial / Handshake packets that they receive.

That's what is different from having client's initial destination CID in TP; without that, neither the client nor the server can check if the field was tampered by a middlebox.

> In general, I'd like the TP to authenticate as many things in initial packets as possible.

That's a fair point. Though I might argue that we do not necessarily need to include something that is a constant during the handshake. As @martinthomson points out, we do not authenticate IP addresses. To me it seems that the security properties of client's source CID is equivalent to that.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1479#issuecomment-400534297

v2.23.0 | Report a Bug | By Email