[quicwg/base-drafts] a66b21: Document request forgery
Jana Iyengar <noreply@github.com> Tue, 08 September 2020 22:15 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6111C3A03EC for <quic-issues@ietfa.amsl.com>; Tue, 8 Sep 2020 15:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LU12w0UgI5b3 for <quic-issues@ietfa.amsl.com>; Tue, 8 Sep 2020 15:15:20 -0700 (PDT)
Received: from out-25.smtp.github.com (out-25.smtp.github.com [192.30.252.208]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DB773A02BB for <quic-issues@ietf.org>; Tue, 8 Sep 2020 15:15:20 -0700 (PDT)
Received: from github-lowworker-e8b54ca.ac4-iad.github.net (github-lowworker-e8b54ca.ac4-iad.github.net [10.52.23.39]) by smtp.github.com (Postfix) with ESMTP id 6882E840930 for <quic-issues@ietf.org>; Tue, 8 Sep 2020 15:15:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1599603319; bh=CWHeRtBdkLEtJPCeJ11aXBPetsyve9W+90jf4g0QD4E=; h=Date:From:To:Subject:From; b=v4edLmuMxc64OTrhRD3hDf0A2FAGaaV6VX0TiMRkujSS5hLORsXINVOHW81X3FYTS /gF53af3F6hMgBixeQXg+kzjexVRlC5Ha/dkgL0V9AoXeWyhikG+6uLa3rSz8jOkUT a2uxEr54/MmjJx0JYkTg8yihckzx0PgOttwR49hQ=
Date: Tue, 08 Sep 2020 15:15:19 -0700
From: Jana Iyengar <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/master/8ea650-cf26df@github.com>
Subject: [quicwg/base-drafts] a66b21: Document request forgery
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/1qIaBb2a3bjsGZlR-V2OFsYqofQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 22:15:22 -0000
Branch: refs/heads/master Home: https://github.com/quicwg/base-drafts Commit: a66b21eda0289e756188f3de712b21b49b199679 https://github.com/quicwg/base-drafts/commit/a66b21eda0289e756188f3de712b21b49b199679 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-13 (Thu, 13 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Document request forgery First cut at this, sorry about it being so long. It's fairly hard to write this, particularly since the existing documentation is so sparse. Hopefully this is clear enough. I haven't had time to properly proof-read it, so it's probably not very good. But I thought I'd share what I got. This includes some basic countermeasures, but they aren't very good. I think that's OK, but we should discuss. Closes #3995. Commit: 951da28eba29af1df230035fc0dc512baf812af3 https://github.com/quicwg/base-drafts/commit/951da28eba29af1df230035fc0dc512baf812af3 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-13 (Thu, 13 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Use a reference with a DOI that I can find Commit: e80ca89a63ff8d0313534b58e1d0dfc2c667b8be https://github.com/quicwg/base-drafts/commit/e80ca89a63ff8d0313534b58e1d0dfc2c667b8be Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-14 (Fri, 14 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Many small corrections OK, some of these are pretty big in that they fix my errors by inverting the meaning. Co-authored-by: Lucas Pardue <lucaspardue.24.7@gmail.com> Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> Co-authored-by: Mike Bishop <mbishop@evequefou.be> Commit: d273e12b888ebd5dcd0c659c9e14b8202dccc3ca https://github.com/quicwg/base-drafts/commit/d273e12b888ebd5dcd0c659c9e14b8202dccc3ca Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-14 (Fri, 14 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Control is via DNS Commit: aaf51ffa3a6db55aa3c125d71f13ed2abda4f5f2 https://github.com/quicwg/base-drafts/commit/aaf51ffa3a6db55aa3c125d71f13ed2abda4f5f2 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-14 (Fri, 14 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- We assume this limitation, though it might not be necessarily true Commit: 3e64135ab73339bfb719398c1954db43a95e00b4 https://github.com/quicwg/base-drafts/commit/3e64135ab73339bfb719398c1954db43a95e00b4 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-14 (Fri, 14 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Take suggestions from Lucas and massage a bit Commit: 718b774c016cdaae871d48252fb5dc92afa6968a https://github.com/quicwg/base-drafts/commit/718b774c016cdaae871d48252fb5dc92afa6968a Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-14 (Fri, 14 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Wrap suggestion Commit: 5e7f92e3848a907d9503a218042b4a7ac9a051d6 https://github.com/quicwg/base-drafts/commit/5e7f92e3848a907d9503a218042b4a7ac9a051d6 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-17 (Mon, 17 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- SHOULD NOT reuse tokens; to allow for all those exceptions Commit: dfc8827197fd9f3590acb897a7052f253eb4ccc9 https://github.com/quicwg/base-drafts/commit/dfc8827197fd9f3590acb897a7052f253eb4ccc9 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-19 (Wed, 19 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Much JanaIyengar review feedback Commit: 4252d1c829ea10800bc86fedb359e328782170f3 https://github.com/quicwg/base-drafts/commit/4252d1c829ea10800bc86fedb359e328782170f3 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-20 (Thu, 20 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Some residual cleanup Commit: 1cfbb7fdec57f73d8921736e093f7dd2e29b7974 https://github.com/quicwg/base-drafts/commit/1cfbb7fdec57f73d8921736e093f7dd2e29b7974 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-31 (Mon, 31 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Make the preferred address change prominent Commit: a587bf000834d69e8898467c2e579ae4cdf63768 https://github.com/quicwg/base-drafts/commit/a587bf000834d69e8898467c2e579ae4cdf63768 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-08-31 (Mon, 31 Aug 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Mention ciphertext malleability Commit: 7adbc31b00c3d26cff384bf66c88a5b72cc59722 https://github.com/quicwg/base-drafts/commit/7adbc31b00c3d26cff384bf66c88a5b72cc59722 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-09-01 (Tue, 01 Sep 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- This is not a true defense Commit: cf26df19a9dd21f7344ae06e0f8e1568cacb72d3 https://github.com/quicwg/base-drafts/commit/cf26df19a9dd21f7344ae06e0f8e1568cacb72d3 Author: Jana Iyengar <jri.ietf@gmail.com> Date: 2020-09-08 (Tue, 08 Sep 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Merge pull request #3996 from quicwg/request-forgery Document request forgery Compare: https://github.com/quicwg/base-drafts/compare/8ea650b3f558...cf26df19a9dd
- [quicwg/base-drafts] a66b21: Document request for… Jana Iyengar