Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)
Nick Banks <notifications@github.com> Thu, 21 June 2018 13:13 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 553CA1310BE for <quic-issues@ietfa.amsl.com>; Thu, 21 Jun 2018 06:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29z0xE3FDZvw for <quic-issues@ietfa.amsl.com>; Thu, 21 Jun 2018 06:13:05 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49CB41310A7 for <quic-issues@ietf.org>; Thu, 21 Jun 2018 06:13:05 -0700 (PDT)
Date: Thu, 21 Jun 2018 06:13:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529586784; bh=RJBkGpOFS06jD9+YrjqucJDC21RrB8bX0PPyu8YIoiE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=DRuXvyNVN4Qa/nKfFqLGYvwYA+Xb7ZRoVl1TzdEkcyDJprFapJ3i6XmWqbLxrEkG1 Z6B1fFnZCJ2go6ZBbOYQKfU15m2FqbYY0nraAeYB95+G6GOoQkIaCcFuucX3W8xxmn fFrOjTtOeIvey2IR8jw4AaLGMyYslZGvx65qiKzg=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abd03302349a3f13017384677ed26d2cd6d3bdf3d592cf000000011743666092a169ce13d69366@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1451/399098726@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1451@github.com>
References: <quicwg/base-drafts/issues/1451@github.com>
Subject: Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b2ba4604e990_2c12ada7410ef544546a0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/4GjkApUiRxEKbxpEdpSDy87s4CU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 13:13:17 -0000
The case that @mikkelfj points out is exactly the case we are trying to solve for Azure. Azure owns the DDoS mitigation devices and load balancers, while the 3rd party owns the QUIC server, which could be from any implementation. I agree we should look at the security properties and enumerate all the threats/attacks this design could expose. Then it's a matter of weighting the impact of those threats vs the cost/complexity if we decided to fix them. Personally, I haven't seen an attack that would really benefit a middle box any more than any other handshake disruption tactic. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1451#issuecomment-399098726
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… Mike Bishop
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… Mike Bishop
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… ianswett
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… ekr
- Re: [quicwg/base-drafts] Looping with multiple Re… Mike Bishop
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… Kazuho Oku
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… Mike Bishop
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Mike Bishop
- Re: [quicwg/base-drafts] Looping with multiple Re… ianswett
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… Marten Seemann
- Re: [quicwg/base-drafts] Looping with multiple Re… Juha-Matti Tilli
- Re: [quicwg/base-drafts] Looping with multiple Re… ianswett
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- Re: [quicwg/base-drafts] Looping with multiple Re… Martin Thomson
- Re: [quicwg/base-drafts] Looping with multiple Re… Nick Banks
- Re: [quicwg/base-drafts] Looping with multiple Re… MikkelFJ
- [quicwg/base-drafts] Looping with multiple Retry … Martin Thomson