IETF Logo Mail Archive

[quicwg/base-drafts] Packet Number Must Be Decrypted to Read Initial Token Field (#1492)

Nick Banks <notifications@github.com> Wed, 27 June 2018 20:37 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11F3A130E29 for <quic-issues@ietfa.amsl.com>; Wed, 27 Jun 2018 13:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xkk6CrQh518u for <quic-issues@ietfa.amsl.com>; Wed, 27 Jun 2018 13:37:43 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 529DC130E25 for <quic-issues@ietf.org>; Wed, 27 Jun 2018 13:37:43 -0700 (PDT)
Date: Wed, 27 Jun 2018 13:37:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530131862; bh=ZenJ3Do3FCtc0m7YhmdsnXtpnwtePcvCHjG6DrJvrDA=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=u6xII1bOfL/UOlHHc56IY6dRmcoSYxPBwrH1c1of2I4mcaLpp0voY+SWP3ll+HfFn ecDwz4u96kk0p9yNAZuQ1rODcZZteo6QwSE72p8YN/bo/8re31bGQzchtm0jE+at9A jJ7uZb358ADZMPrAipdKQbd2UM7MoSqpxu/VIpIw=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab8fcd48a995e6ae73c9b41ab6496a3a4b47220d8a92cf00000001174bb79692a169ce140cbab8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1492@github.com>
Subject: [quicwg/base-drafts] Packet Number Must Be Decrypted to Read Initial Token Field (#1492)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b33f5964047b_5e622ae69c860f5841972"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/3l38YNU0185eNktQ4Lc409C5Pnk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2018 20:37:46 -0000

Because the Initial packet's token is after the rest of the long header, the packet number must be decrypted first to determine the starting offset of the Token Length field and then the Token field. This adds a requirement for DDoS Mitigation Devices, that would simple read the token field to validate address ownership before passing the packet along or sending a Retry packet of its own, to have crypto support. If the packet number followed the token, this would no longer be a requirement on the hardware.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1492

v2.20.3 | Report a Bug | By Email