IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client's initial source CID is unauthenticated (#1479)

Martin Thomson <notifications@github.com> Wed, 27 June 2018 02:04 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41609130E72 for <quic-issues@ietfa.amsl.com>; Tue, 26 Jun 2018 19:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycSTYJIxOsna for <quic-issues@ietfa.amsl.com>; Tue, 26 Jun 2018 19:04:19 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744D7126DBF for <quic-issues@ietf.org>; Tue, 26 Jun 2018 19:04:19 -0700 (PDT)
Date: Tue, 26 Jun 2018 19:04:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530065057; bh=jEGHabhV38Karmw0U7s5neaIzU+3SURWZr2tS3cC/Po=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Sbl3iEmxsWsQFhOYVmk22id2lSXrCkXCNwib4fTWZwlae8OSEHQSuQwtCutA3OBcz /WiwS2LhS7YIAN2pPUjMiwirY2ezqnEZqjowjCJTPIorsljMogMRKgSu1v3Apuxg2O fwvIOtn6Kj7qt2NCJIaZ8DkeER18urgUoy7vgSKM=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab0a113174bb23edce564ffbea8923c6e94cf3d7ce92cf00000001174ab2a192a169ce1403e20c@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1479/400519057@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1479@github.com>
References: <quicwg/base-drafts/issues/1479@github.com>
Subject: Re: [quicwg/base-drafts] Client's initial source CID is unauthenticated (#1479)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b32f0a1e4e04_758f3f9df18c4f7863266"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/6jMGkjyoOpZOloL6ij7gHyDfJPg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2018 02:04:23 -0000

If we were going to include the client source connection ID, then we also need to the server connection ID - that isn't authenticated by the handshake either.  Then there are all the connection IDs that the server might have the client cycle through with Retry.

We don't authenticate the IP address in the same way.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1479#issuecomment-400519057

v2.23.0 | Report a Bug | By Email