Re: [quicwg/base-drafts] Proposal to make Version Negotiation more like Retry to punt VN to QUICv2 (#2313)

Martin Thomson <notifications@github.com> Tue, 12 February 2019 22:37 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D91130DD8 for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 14:37:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BtLYxRWypP2L for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 14:37:41 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E77126C01 for <quic-issues@ietf.org>; Tue, 12 Feb 2019 14:37:41 -0800 (PST)
Date: Tue, 12 Feb 2019 14:37:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1550011060; bh=m0qkzlpjxHORCntrmBxwjqvgvn3CIE0NN6bVjsaz5qc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OGDU9KfL7rTKhrv5tXpYaAMq26JS7gv1EaJ2ft1CiLF9Ad02zRVbfT9NxkV6x45/r +WAdpWGvZNvr3e+QgBGpcGCQemtbK0WvbfUsKpapQdOkwYXQg/1oNZjqzhbVKoFz3K oyF6BUqlJWwv8MwWJzUFU1nt9b+gfXv1XeBLC8tU=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7b7ef95ef65b2a4b46759d2b00383a8542b5b23892cf00000001187b0cb492a169ce17a48a98@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2313/review/202943803@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2313@github.com>
References: <quicwg/base-drafts/pull/2313@github.com>
Subject: Re: [quicwg/base-drafts] Proposal to make Version Negotiation more like Retry to punt VN to QUICv2 (#2313)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c634ab4a04ae_11c43f94ce6d45b440208b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3IJ5ufNunkdbfAvp_H71ZyeNf-I>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 22:37:44 -0000

martinthomson requested changes on this pull request.

A few suggestions, and one bit of text that needs to be fixed, otherwise this is good.

> @@ -1149,41 +1131,36 @@ expectation that it will eventually receive an Initial packet.
 
 ## Handling Version Negotiation Packets {#handle-vn}
 
-When the client receives a Version Negotiation packet, it first checks that the
-Destination and Source Connection ID fields match the Source and Destination
-Connection ID fields in a packet that the client sent.  If this check fails, the
-packet MUST be discarded.
+When a client receives a Version Negotiation packet, it MUST abandon the
+current connection attempt.  Version Negotiation packets are designed to allow
+future versions of QUIC to negotiate the version in use between endpoints.
+It is therefore expected for future versions of QUIC to change how
+implementations of this version of QUIC react to Version Negotiation packets.

I don't think that this can be true.  The point here is that implementations of future versions of QUIC might change how they react to Version Negotiation packets when attempting connections with this version of QUIC.

> @@ -5406,6 +5280,17 @@ correct instance, it is better to send a stateless reset than wait for
 connections to time out.  However, this is acceptable only if the routing cannot
 be influenced by an attacker.
 
+## Version Downgrade {#version-downgrade}
+
+This document defines QUIC Version Negotiation packets {{version-negotiation}},
+which can be used to negotiate the QUIC version used between two endpoints.
+However, this document does not specify how this negotiation will be performed
+between this version and subsequent future versions.  In particular, Version
+Negotiation packets do not contain any mechanism to prevent version downgrade
+attacks.  Future version of QUIC that wish to use Version Negotiation packets

```suggestion
attacks.  Future versions of QUIC that use Version Negotiation packets
```

> @@ -5406,6 +5280,17 @@ correct instance, it is better to send a stateless reset than wait for
 connections to time out.  However, this is acceptable only if the routing cannot
 be influenced by an attacker.
 
+## Version Downgrade {#version-downgrade}
+
+This document defines QUIC Version Negotiation packets {{version-negotiation}},
+which can be used to negotiate the QUIC version used between two endpoints.
+However, this document does not specify how this negotiation will be performed
+between this version and subsequent future versions.  In particular, Version
+Negotiation packets do not contain any mechanism to prevent version downgrade
+attacks.  Future version of QUIC that wish to use Version Negotiation packets
+to negotiate the use of that version MUST define a mechanism that is robust

```suggestion
MUST define a mechanism that is robust
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2313#pullrequestreview-202943803