IETF Logo Mail Archive

Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)

Marten Seemann <notifications@github.com> Thu, 05 March 2020 02:52 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C393A0974 for <quic-issues@ietfa.amsl.com>; Wed, 4 Mar 2020 18:52:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.696
X-Spam-Level:
X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPLelz4iVxbP for <quic-issues@ietfa.amsl.com>; Wed, 4 Mar 2020 18:52:22 -0800 (PST)
Received: from out-20.smtp.github.com (out-20.smtp.github.com [192.30.252.203]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E54023A0973 for <quic-issues@ietf.org>; Wed, 4 Mar 2020 18:52:21 -0800 (PST)
Received: from github-lowworker-f1f7af9.ash1-iad.github.net (github-lowworker-f1f7af9.ash1-iad.github.net [10.56.111.13]) by smtp.github.com (Postfix) with ESMTP id 160908C000A for <quic-issues@ietf.org>; Wed, 4 Mar 2020 18:52:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1583376741; bh=suQByysiEWwuK+07elV0XieiG6M90NavcHD60YH3QWY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eDKC08Weq4SR8uRE36INZky3baJu0ePaQBx6fo2TkmISgs3nRVPI0m2V8uf0v4Lc+ QmmU7GjuudBy8jqGxQxDVUUwTsm6cM5BE6uEutCdsCH+aKJ5wICqUZ7mhqHAPbqwId uKhl8pw9irGZ2jR+7/65FBJZx6yTeEgqodS0+mJo=
Date: Wed, 04 Mar 2020 18:52:21 -0800
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZUV7JYZHAO2K3DN7N4NRFGLEVBNHHCC4LIRI@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3439/595001383@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3439@github.com>
References: <quicwg/base-drafts/issues/3439@github.com>
Subject: Re: [quicwg/base-drafts] Authenticating connection IDs (#3439)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e6069655c75_36b33fee73ccd96c786c8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/4ni2ZygRv0dm3B9l3ylO3dgShY0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 02:52:24 -0000

I'm not convinced that we need a transport parameter here. As explained by @martinthomson, a transport parameter would only protect the connection IDs used after the Retry, i.e. CIDs that are used *after* a connection has been accepted and an endpoint has created state for this connection.

At this point, we could require endpoints to keep track of the SCID that they used, and discard incoming packets that arrive at this connection where the DCID doesn't match the SCID they chose. If I'm not mistaken, this would thwart the attack (and as a bonus, it would do so earlier than the TP proposed here, since the TP would only be validated after the handshake completes).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3439#issuecomment-595001383

v2.30.2 | Report a Bug | By Email | System Status