Re: [quicwg/base-drafts] The method of identifying "the same server" (#3155)

Nick Harper <notifications@github.com> Mon, 28 October 2019 19:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFC6120921 for <quic-issues@ietfa.amsl.com>; Mon, 28 Oct 2019 12:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Level:
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjnGLXDykSHG for <quic-issues@ietfa.amsl.com>; Mon, 28 Oct 2019 12:02:13 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7D8712090C for <quic-issues@ietf.org>; Mon, 28 Oct 2019 12:02:12 -0700 (PDT)
Date: Mon, 28 Oct 2019 12:02:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1572289332; bh=z9FrWkMaMh13G49PgTuY8nOIYJCw/1ZtQaRMG87ToN0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=DoxzlcoWCK/xh2zo1i/+iBq9KXzt8xqjQIg2OA3rtmwZw5ONN652d2OrI0qEtMRYD pkJOicw4Ote8BmALGVRm6WY8buBvLYgEbWUUW0vKXhGSP7kpffhqFpU23Tn5KulIu8 P1enoBsPSV0hcbAQAYJNY7qqdvECfbUEZir7yHtM=
From: Nick Harper <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK57M7PNESQNAFWE4E53YR54HEVBNHHB5FITQM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3155/547098249@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3155@github.com>
References: <quicwg/base-drafts/issues/3155@github.com>
Subject: Re: [quicwg/base-drafts] The method of identifying "the same server" (#3155)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db73b33f1b52_6bef3fa4f3acd9605977f"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nharper
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3WhkncKIYs3auhIBdwxqZDd_y8w>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 19:02:23 -0000

I agree that a or b is not restrictive enough based on the example given above.

I wonder if c/d/e are also not restrictive enough though. Consider example.com hosted on multiple CDNs (where QUIC is terminated by the CDN). A client makes an initial connection to example.com (which gets served by CDN A) and receives a NEW_TOKEN token. Later, this client looks up example.com, gets directed to CDN B, and sends the token it received on the connection to CDN A. I wouldn't expect CDN B to be able to process that token.

We could also decide that it's not worth solving the case above. Being overly restrictive in scoping tokens could mean we don't save tokens often enough (resulting in connections being established with no token when we could have used a token), which might be worse than occasionally sending the wrong token to a server.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3155#issuecomment-547098249