[quicwg/base-drafts] NEW_TOKEN token and encryption (#2543)

Kazuho Oku <notifications@github.com> Thu, 21 March 2019 20:53 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C1B61315B4 for <quic-issues@ietfa.amsl.com>; Thu, 21 Mar 2019 13:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.597
X-Spam-Level:
X-Spam-Status: No, score=-6.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOmBjdh7Yzwl for <quic-issues@ietfa.amsl.com>; Thu, 21 Mar 2019 13:53:52 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F8421315B3 for <quic-issues@ietf.org>; Thu, 21 Mar 2019 13:53:52 -0700 (PDT)
Date: Thu, 21 Mar 2019 13:53:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1553201630; bh=vizLBiFqk5oKGObGsWb8pNBNcB2wIH8aZ59nPlrsPUc=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=dvHdVG1U6xQmvoEgVRP6CtucAPLEybznzXYBXr68zBUb6VeiOpaKk8TuqkVWokCxV oiH2AtXnJ+GVYC5+N2aG3GdbS2SOHe1UBZGc97JNOj3CgVS+c9bfvV2cJcvhR6H5GE nn+BMyG5yjmMnrt9+rPVEjVIU/aHAnS0btdruXaw=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab502b7a68abc5a2b62710acc0b0e866abb682833192cf0000000118abbbde92a169ce1944c3bc@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2543@github.com>
Subject: [quicwg/base-drafts] NEW_TOKEN token and encryption (#2543)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c93f9debfcaf_e923fdf5eed45b8213098"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/6TQOq7TznPb-1fbR5-ffnawQhGA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 20:53:55 -0000

My understanding is that tokens provided by NEW_TOKEN frames should not leak information that allows observers correlate the newly established connection with the previous connection. Such information include the time when the token was issued, RTT, server name (when SNI is not used or Encrypted SNI is used).

However, the draft seems to be vague about the requirement. I think it might be worth clarifying the principle in the draft.

"a token SHOULD include an expiration time" (section 8.1.2) - I think we should change this to "a token SHOLUD be associated an expiration time", considering the fact that we are talking about "stateful" design (stateless design is mentioned briefly in one of the following paragraphs).

"In a stateless design, a server can use encrypted and authenticated tokens to pass information to clients" - I think we might prefer using "SHOULD" rather than "can".

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2543