IETF Logo Mail Archive

Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)

Martin Thomson <notifications@github.com> Wed, 06 March 2019 21:37 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 734FF12EB11 for <quic-issues@ietfa.amsl.com>; Wed, 6 Mar 2019 13:37:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcznKaG3q_f9 for <quic-issues@ietfa.amsl.com>; Wed, 6 Mar 2019 13:37:30 -0800 (PST)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71D9312DF71 for <quic-issues@ietf.org>; Wed, 6 Mar 2019 13:37:30 -0800 (PST)
Date: Wed, 06 Mar 2019 13:37:29 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1551908249; bh=kFXh2I64aUa9ohiiOz66Cc2Bap7PWe63VlIcnMFBwEc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=WJMT6ldR1zuZCK9cqWlETp6KgY4xF12prnv2NMAp2XqwuqiiZ9bZAKbH1ScVCu18z hN2uPoffPttyWg/i0epDI/Rtv9uEcX38lweMIrTp2Q5nI2JYxarhnyojz8KO9c6SgO ZT01xoGeWbMiGNemW+xsnnBXow//w6P7DY82n5qE=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7bdda2783aa2724fa9ac8729fcc02e9045ddbe6c92cf000000011897ff9992a169ce17e9c1c4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2355/review/211487748@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2355@github.com>
References: <quicwg/base-drafts/pull/2355@github.com>
Subject: Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c803d993d9af_1bb63fdf71ad45b8123625"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/13PvS9Yr6GuoC22nYdvidY2s_BU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2019 21:37:33 -0000

martinthomson commented on this pull request.



> +## Replay Attacks with 0-RTT
+
+As described in Section 8 of {{!TLS13}}, use of TLS early data comes with an
+exposure to replay attack.  The use of 0-RTT in QUIC is similarly vulnerable to
+replay attack.
+
+Endpoints MUST implement and use the replay protections described in {{!TLS13}},
+however it is recognized that these protections are imperfect.  Therefore,
+additional consideration of the risk of replay are needed.
+
+QUIC is not inherently vulnerable to replay attack.  The management of QUIC
+protocol state based on the frame types defined in {{QUIC-TRANSPORT}} is not
+vulnerable to replay.  Processing of QUIC frames is idempotent and cannot result
+in invalid connection states if frames are reordered or lost.  QUIC connections
+do not produce effects that last beyond the lifetime of the connection, except
+for those produced by the application protocol that QUIC serves.

I realize that I had typed a response to this, but didn't post it...

This change would be a mistake.  TLS, like QUIC itself, is not the application protocol.  While it is true that the effects of tickets and address validation tokens last beyond the connection (and this might have some implications for the text), they are not effects that an application needs to worry about.

I would prefer to add "TLS session tickets and address validation tokens might be carried between connections, but these mechanisms are distinct from application state and require independent protection against reuse."  Or something to that effect.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2355#discussion_r263146416

v2.39.1 | Report a Bug | By Email | System Status