Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)

Christian Huitema <notifications@github.com> Thu, 07 June 2018 05:09 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BED88130DDA for <quic-issues@ietfa.amsl.com>; Wed, 6 Jun 2018 22:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qvA6RBEq00i for <quic-issues@ietfa.amsl.com>; Wed, 6 Jun 2018 22:09:04 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BCD812777C for <quic-issues@ietf.org>; Wed, 6 Jun 2018 22:09:04 -0700 (PDT)
Date: Wed, 06 Jun 2018 22:09:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1528348143; bh=0q2tC3ebPuZxWQGVfogigj1M4N83aOlqCc9M74BOuyo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OARhZ1r0LmbJxMxns6G6QYPamZ+bxk0GNB1fTyFN32wutRF1O4aqKPyo+JLaqS8mU bzl8ox+G4RX2xW3DhAAq3h4DxpYolbwEL0JlGJsxEcrIAZ2or+2KpNKWZkzebh5sjB 1bsZBLUxHi8woMqdFtvDNC7se6GwLzqmCN+N/3dM=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab603531e76615834007dda501b2ae6d130a3f051a92cf0000000117307fef92a169ce138d6870@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1405/395294672@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1405@github.com>
References: <quicwg/base-drafts/issues/1405@github.com>
Subject: Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b18bdefc9a34_4dbf2b116eca4f548728b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/6UhnNHndEmdnVHB2VIF6jaisINc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 05:09:07 -0000

I think this discussion of duplicates illustrates a more fundamental issue with ECN: it is a signal from outside the encryption envelope that affects the behavior of the encrypted communication. In theory, all kinds of games are possible: adversarial ECN marking by an on-path device; copying of packets and reinjection with adversarial ECN markings by a man-on-the-side; copying of packets and reinjection with different IP headers and ports by an on-path device or a man on the side, possibly with the goal of messing up per-path ECN behavior. IMHO, the handling of ECN should be robust against these attacks, and the protection of ECN should not come from assumptions about how devices might or might not filter duplicate packets.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1405#issuecomment-395294672