IETF Logo Mail Archive

Re: [quicwg/base-drafts] Version numbers (#113)

Martin Thomson <notifications@github.com> Fri, 06 January 2017 00:49 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 378801297C2 for <quic-issues@ietfa.amsl.com>; Thu, 5 Jan 2017 16:49:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lc5e3yjCVBaF for <quic-issues@ietfa.amsl.com>; Thu, 5 Jan 2017 16:49:04 -0800 (PST)
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2-ext1.iad.github.net [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BBD91296D8 for <quic-issues@ietf.org>; Thu, 5 Jan 2017 16:49:04 -0800 (PST)
Date: Thu, 05 Jan 2017 16:49:03 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1483663743; bh=k1Ef/7GSNKnxxvjC+i8eu7N2q7vrXH6caoZC+5qLEA4=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=cuPo77ZTdQChHYBGRA9X32BVKsET6gxmMsHnxGCj08rnq/YISUcHptJAy3MKWGmil mO3b8Y+z6KBN8x/LPYAtEVLGRyGr+hklaF4s8anbFxe48yB74lGAwPOw0heXTj0e+9 WH5eVNgxNIlgxZp21u0V0KTHd1kTkNBrBH69Y6VI=
From: Martin Thomson <notifications@github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/113/review/15425156@github.com>
In-Reply-To: <quicwg/base-drafts/pull/113@github.com>
References: <quicwg/base-drafts/pull/113@github.com>
Subject: Re: [quicwg/base-drafts] Version numbers (#113)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_586ee97f78de1_2bcec3fd90199b14036302e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/4-YYeDeiONlY5tKTnieLdDaJOHA>
Cc: Subscribed <subscribed@noreply.github.com>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: quic@ietf.org
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 00:49:06 -0000

martinthomson commented on this pull request.



>  
-* If the client's version is not acceptable to the server, the server MUST send
-  a Version Negotiation packet to the client.  This packet will have the VERSION
-  flag set and will include the server's set of supported versions.  On
-  subsequently received packets for the same connection ID with the unacceptable
-  version, the server MUST continue responding with a Version Negotiation
-  packet.
+If the packet contains a version that is acceptable to the server, the server
+proceeds with the handshake ({{handshake}}).  All subsequent packets sent by the
+server MUST have the VERSION flag unset.  This commits the server to the version
+that the client selected.

Yeah, I have a separate change that removes the text on triggering version negotiation based on the ALPN token.  This is simpler: negotiate a quic version, then negotiate an application protocol based on what is permitted within QUIC.

I haven't done a thorough analysis of what effect that has on the downgrade situation though.  So there might be some potential avenues of attack on the unauthenticated part of the negotiation.  My hope is that the version fields we've got in the transport parameters will detect those sorts of attack, but I'm not sure yet.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/113

v2.39.1 | Report a Bug | By Email | System Status