Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 22403130E9F
 for <quic-issues@ietfa.amsl.com>; Fri, 29 Jun 2018 15:32:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level: 
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1,
 RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=github.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VXXYlkVNcKgF for <quic-issues@ietfa.amsl.com>;
 Fri, 29 Jun 2018 15:32:45 -0700 (PDT)
Received: from out-15.smtp.github.com (out-15.smtp.github.com [192.30.254.198])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 6F954130E9E
 for <quic-issues@ietf.org>; Fri, 29 Jun 2018 15:32:45 -0700 (PDT)
Date: Fri, 29 Jun 2018 15:32:44 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
 s=pf2014; t=1530311565;
 bh=euTUQb9b+tWpdXO9crRz67NiKZY6YaP1HGkf6afjRNw=;
 h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
 List-Archive:List-Post:List-Unsubscribe:From;
 b=VDvgnEZymeDqa/Ji8cAwSYdAnazpeBxVdi027iJ7Kz+4sufReMxLsCjMgAUZUzDmm
 S+W1B7TzvcYnoZLhNKuGqMOMN+tTW4gotEDw7MFjfISnQhqfXY8Uu8XvLY+Ft0XJ0I
 JIQPOjD5En1hBBvafW3zwf4A3YUIBbPaFCdh/vuA=
From: Igor Lubashev <notifications@github.com>
Reply-To: quicwg/base-drafts
 <reply+0166e4abffedeccaefb983773f1e08e0f31e7c77dd71f0a892cf00000001174e758c92a169ce1418889d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1505/401490090@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1505@github.com>
References: <quicwg/base-drafts/issues/1505@github.com>
Subject: Re: [quicwg/base-drafts] Stateless Reset from clients, bis (#1505)
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5b36b38ce3a87_1f952b08ccae0f60132633";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: igorlord
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/2kPZgOdfPLJ7o4lgtKNYEoo1oy0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG
 <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 22:32:47 -0000


----==_mimepart_5b36b38ce3a87_1f952b08ccae0f60132633
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Ted, take a look at #466 (closer to the end of the thread).

The problem we have right now is that client cannot supply a stateless reset token during handshake, because client's part of the handshake (unlike the server's) is not protected.  So the situation we have right now is that clients _cannot_ send a Stateless Reset any time later, until the server has switched to using a new CID from the client, provided by the client in NEW_CONNECTION_ID.  (And switching CIDs may never happen.)

So the "idea" I am proposing is very simple -- since the client cannot not send its stateless reset token associated with its CID during handshake, let it send that token later (as soon as it starts to send protected packets).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1505#issuecomment-401490090
----==_mimepart_5b36b38ce3a87_1f952b08ccae0f60132633
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Ted, take a look at <a class=3D"issue-link js-issue-link" data-error-t=
ext=3D"Failed to load issue title" data-id=3D"224461522" data-permission-=
text=3D"Issue title is private" data-url=3D"https://github.com/quicwg/bas=
e-drafts/issues/466" href=3D"https://github.com/quicwg/base-drafts/issues=
/466">#466</a> (closer to the end of the thread).</p>
<p>The problem we have right now is that client cannot supply a stateless=
 reset token during handshake, because client's part of the handshake (un=
like the server's) is not protected.  So the situation we have right now =
is that clients <em>cannot</em> send a Stateless Reset any time later, un=
til the server has switched to using a new CID from the client, provided =
by the client in NEW_CONNECTION_ID.  (And switching CIDs may never happen=
.)</p>
<p>So the "idea" I am proposing is very simple -- since the client cannot=
 not send its stateless reset token associated with its CID during handsh=
ake, let it send that token later (as soon as it starts to send protected=
 packets).</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/quic=
wg/base-drafts/issues/1505#issuecomment-401490090">view it on GitHub</a>,=
 or <a href=3D"https://github.com/notifications/unsubscribe-auth/AWbkq2zL=
iPgdKYGCJTMz2o7_8U19Ruvbks5uBqsMgaJpZM4U9sIC">mute the thread</a>.<img sr=
c=3D"https://github.com/notifications/beacon/AWbkq4hl-2Q0jwiMv1OsMvBKvjeI=
JfmGks5uBqsMgaJpZM4U9sIC.gif" height=3D"1" width=3D"1" alt=3D"" /></p>
<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/quicwg/base-drafts","title":"=
quicwg/base-drafts","subtitle":"GitHub repository","main_image_url":"http=
s://assets-cdn.github.com/images/email/message_cards/header.png","avatar_=
image_url":"https://assets-cdn.github.com/images/email/message_cards/avat=
ar.png","action":{"name":"Open in GitHub","url":"https://github.com/quicw=
g/base-drafts"}},"updates":{"snippets":[{"icon":"PERSON","message":"@igor=
lord in #1505: Ted, take a look at #466 (closer to the end of the thread)=
.\r\n\r\nThe problem we have right now is that client cannot supply a sta=
teless reset token during handshake, because client's part of the handsha=
ke (unlike the server's) is not protected.  So the situation we have righ=
t now is that clients _cannot_ send a Stateless Reset any time later, unt=
il the server has switched to using a new CID from the client, provided b=
y the client in NEW_CONNECTION_ID.  (And switching CIDs may never happen.=
)\r\n\r\nSo the \"idea\" I am proposing is very simple -- since the clien=
t cannot not send its stateless reset token associated with its CID durin=
g handshake, let it send that token later (as soon as it starts to send p=
rotected packets)."}],"action":{"name":"View Issue","url":"https://github=
.com/quicwg/base-drafts/issues/1505#issuecomment-401490090"}}}</script>
<script type=3D"application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/quicwg/base-drafts/issues/1505#issuecomment=
-401490090",
"url": "https://github.com/quicwg/base-drafts/issues/1505#issuecomment-40=
1490090",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [quicwg/base-drafts] Stateless Reset from clients, bis (#15=
05)",
"sections": [
{
"text": "",
"activityTitle": "**Igor Lubashev**",
"activityImage": "https://assets-cdn.github.com/images/email/message_card=
s/avatar.png",
"activitySubtitle": "@igorlord",
"facts": [

]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \=
"quicwg/base-drafts\",\n\"issueId\": 1505,\n\"IssueComment\": \"{{IssueCo=
mment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"q=
uicwg/base-drafts\",\n\"issueId\": 1505\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/quicwg/base-drafts/issues/1505#issuecomment-40=
1490090"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 3517158=
42\n}"
}
],
"themeColor": "26292E"
}
]</script>=

----==_mimepart_5b36b38ce3a87_1f952b08ccae0f60132633--