Re: [quicwg/base-drafts] Refine minimum DCID length of Initial (#2001)
Martin Thomson <notifications@github.com> Tue, 13 November 2018 22:46 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD4BC130DEE for <quic-issues@ietfa.amsl.com>; Tue, 13 Nov 2018 14:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KgXEJbUSkouq for <quic-issues@ietfa.amsl.com>; Tue, 13 Nov 2018 14:46:15 -0800 (PST)
Received: from out-10.smtp.github.com (out-10.smtp.github.com [192.30.254.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C443D12F18C for <quic-issues@ietf.org>; Tue, 13 Nov 2018 14:46:15 -0800 (PST)
Date: Tue, 13 Nov 2018 14:46:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542149175; bh=yRu5n3y6bT2Fm3fYsIYmPayZPaQS7tTcxnlTqN3dNsw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=R0onVuS443j6u/AqyDXFL/voFN1iPMBzPRLbgSD4y55HC2xC9B4gL5eidZOBMfDyd xdijYXpNEZ2zwWnzdqofE09I06YuO8J9Wh2zGuYQOff1k6Tg0DNeBBjomrKOoUftfS NwMPNMs0zTc1u8HFqBHUkj+yI0mxbz4HjZzxfAyk=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abba3e6f9f8b4d6a3227e6253aadf10db3d26d009392cf000000011803163692a169ce16ad4519@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2001/review/174624774@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2001@github.com>
References: <quicwg/base-drafts/pull/2001@github.com>
Subject: Re: [quicwg/base-drafts] Refine minimum DCID length of Initial (#2001)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5beb5436df0bb_413a3fa36b6d45b858044"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/5qBcV0bpAGqdJXvdG2Zl1CscRfE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 22:46:18 -0000
martinthomson commented on this pull request. > @@ -1318,6 +1318,11 @@ packet is received from the server, the client MUST use the same value unless it abandons the connection attempt and starts a new one. The initial Destination Connection ID is used to determine packet protection keys for Initial packets. +A client SHOULD select a Destination Connection ID length long enough to fulfill +the minimum for every QUIC version it supports. This makes it easier to detect +version downgrade attacks, by increasing the chance Initial packets are routed +to the same server. This second sentence worries me. The mechanism we have for detecting version downgrade is robust without consistent routing. The problem here is that it might be too robust and - during a server upgrade - the server might change its mind. Having stable routing ensures that the server can maintain state during the cut-over and avoid connections being killed as a result. Given the complexities involved, I would suggest that we limit this to just the first sentence. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2001#pullrequestreview-174624774
- [quicwg/base-drafts] Refine minimum DCID length o… martinduke
- Re: [quicwg/base-drafts] Refine minimum DCID leng… ianswett
- Re: [quicwg/base-drafts] Refine minimum DCID leng… Martin Thomson
- Re: [quicwg/base-drafts] Refine minimum DCID leng… martinduke
- Re: [quicwg/base-drafts] Refine minimum DCID leng… martinduke
- Re: [quicwg/base-drafts] Refine minimum DCID leng… Martin Thomson
- Re: [quicwg/base-drafts] Refine minimum DCID leng… martinduke
- Re: [quicwg/base-drafts] Refine minimum DCID leng… Martin Thomson