Re: [quicwg/base-drafts] Actions to take when Reserved Bits are not Zero (#2329)
Martin Thomson <notifications@github.com> Thu, 10 January 2019 21:14 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E0C3130F3F for <quic-issues@ietfa.amsl.com>; Thu, 10 Jan 2019 13:14:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Level:
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qt5gQvTgRZHA for <quic-issues@ietfa.amsl.com>; Thu, 10 Jan 2019 13:14:37 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6640812896A for <quic-issues@ietf.org>; Thu, 10 Jan 2019 13:14:37 -0800 (PST)
Date: Thu, 10 Jan 2019 13:14:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1547154875; bh=Rs6eMUgGfpYeGIIiiNbbI4SW7NKVTmlMVFCFsAPY+4M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VUUfxMjeATlD9+eaioZ/eku/ckC1KQMRJUO3W2J0XDg+77jKikvqW339QvxpT6Y08 YmTEC0VTBIYi44Netv8XapCyorIUb3TaJCVAFO2bbDehUF7a8TO9RCX18PdOyk9Qn1 HXYRijHp3YqMbCm1+euz56QVBjy8usQKGgo5knDo=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab413ea5453d8634b5f4411ccd40463b14c1c2a73d92cf00000001184f77bb92a169ce17b7938d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2329/453256192@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2329@github.com>
References: <quicwg/base-drafts/issues/2329@github.com>
Subject: Re: [quicwg/base-drafts] Actions to take when Reserved Bits are not Zero (#2329)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c37b5bbea049_7a5e3fd2212d45b4153577"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/1Mb49mR0CcJcvPquYQwtiZ7-FLY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 21:14:39 -0000
Thanks for opening the issue. One point about the second and third options. > if we simply discard there is no response for the attacker to measure This is only true if there is no adjacent activity. I would advise not taking timing side-channels so lightly. > that possibility was decisively rejected in #2022 That discussion was mostly about leaving the bits unprotected. That said, the option of ignoring the bits is potentially valid, but it could give an attacker some leverage on the header protection key. It wouldn't be much, but it was what pushed me toward the current design. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2329#issuecomment-453256192
- [quicwg/base-drafts] Actions to take when Reserve… martinduke
- Re: [quicwg/base-drafts] Actions to take when Res… Martin Thomson
- Re: [quicwg/base-drafts] Actions to take when Res… Kazuho Oku
- Re: [quicwg/base-drafts] Actions to take when Res… Magnus Westerlund
- Re: [quicwg/base-drafts] Actions to take when Res… Martin Thomson
- Re: [quicwg/base-drafts] Actions to take when Res… Martin Thomson