Re: [quicwg/base-drafts] Proposal to make Version Negotiation more like Retry to punt VN to QUICv2 (#2313)
Martin Thomson <notifications@github.com> Tue, 12 February 2019 22:37 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D91130DD8 for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 14:37:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BtLYxRWypP2L for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 14:37:41 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E77126C01 for <quic-issues@ietf.org>; Tue, 12 Feb 2019 14:37:41 -0800 (PST)
Date: Tue, 12 Feb 2019 14:37:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1550011060; bh=m0qkzlpjxHORCntrmBxwjqvgvn3CIE0NN6bVjsaz5qc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OGDU9KfL7rTKhrv5tXpYaAMq26JS7gv1EaJ2ft1CiLF9Ad02zRVbfT9NxkV6x45/r +WAdpWGvZNvr3e+QgBGpcGCQemtbK0WvbfUsKpapQdOkwYXQg/1oNZjqzhbVKoFz3K oyF6BUqlJWwv8MwWJzUFU1nt9b+gfXv1XeBLC8tU=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7b7ef95ef65b2a4b46759d2b00383a8542b5b23892cf00000001187b0cb492a169ce17a48a98@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2313/review/202943803@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2313@github.com>
References: <quicwg/base-drafts/pull/2313@github.com>
Subject: Re: [quicwg/base-drafts] Proposal to make Version Negotiation more like Retry to punt VN to QUICv2 (#2313)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c634ab4a04ae_11c43f94ce6d45b440208b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3IJ5ufNunkdbfAvp_H71ZyeNf-I>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 22:37:44 -0000
martinthomson requested changes on this pull request. A few suggestions, and one bit of text that needs to be fixed, otherwise this is good. > @@ -1149,41 +1131,36 @@ expectation that it will eventually receive an Initial packet. ## Handling Version Negotiation Packets {#handle-vn} -When the client receives a Version Negotiation packet, it first checks that the -Destination and Source Connection ID fields match the Source and Destination -Connection ID fields in a packet that the client sent. If this check fails, the -packet MUST be discarded. +When a client receives a Version Negotiation packet, it MUST abandon the +current connection attempt. Version Negotiation packets are designed to allow +future versions of QUIC to negotiate the version in use between endpoints. +It is therefore expected for future versions of QUIC to change how +implementations of this version of QUIC react to Version Negotiation packets. I don't think that this can be true. The point here is that implementations of future versions of QUIC might change how they react to Version Negotiation packets when attempting connections with this version of QUIC. > @@ -5406,6 +5280,17 @@ correct instance, it is better to send a stateless reset than wait for connections to time out. However, this is acceptable only if the routing cannot be influenced by an attacker. +## Version Downgrade {#version-downgrade} + +This document defines QUIC Version Negotiation packets {{version-negotiation}}, +which can be used to negotiate the QUIC version used between two endpoints. +However, this document does not specify how this negotiation will be performed +between this version and subsequent future versions. In particular, Version +Negotiation packets do not contain any mechanism to prevent version downgrade +attacks. Future version of QUIC that wish to use Version Negotiation packets ```suggestion attacks. Future versions of QUIC that use Version Negotiation packets ``` > @@ -5406,6 +5280,17 @@ correct instance, it is better to send a stateless reset than wait for connections to time out. However, this is acceptable only if the routing cannot be influenced by an attacker. +## Version Downgrade {#version-downgrade} + +This document defines QUIC Version Negotiation packets {{version-negotiation}}, +which can be used to negotiate the QUIC version used between two endpoints. +However, this document does not specify how this negotiation will be performed +between this version and subsequent future versions. In particular, Version +Negotiation packets do not contain any mechanism to prevent version downgrade +attacks. Future version of QUIC that wish to use Version Negotiation packets +to negotiate the use of that version MUST define a mechanism that is robust ```suggestion MUST define a mechanism that is robust ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2313#pullrequestreview-202943803
- [quicwg/base-drafts] Proposal to make Version Neg… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… ianswett
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… Mike Bishop
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… Martin Thomson
- Re: [quicwg/base-drafts] Proposal to make Version… ianswett
- Re: [quicwg/base-drafts] Proposal to make Version… Martin Thomson
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… David Schinazi
- Re: [quicwg/base-drafts] Proposal to make Version… Martin Thomson
- Re: [quicwg/base-drafts] Proposal to make Version… Martin Thomson
- Re: [quicwg/base-drafts] Proposal to make Version… Martin Thomson