Re: [quicwg/base-drafts] Move stateless reset token to the end (#842)
Martin Thomson <notifications@github.com> Tue, 10 October 2017 23:39 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED3813468E for <quic-issues@ietfa.amsl.com>; Tue, 10 Oct 2017 16:39:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.298
X-Spam-Level:
X-Spam-Status: No, score=-9.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atik4OEtNOfy for <quic-issues@ietfa.amsl.com>; Tue, 10 Oct 2017 16:39:37 -0700 (PDT)
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2-ext3.iad.github.net [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8EC71346C6 for <quic-issues@ietf.org>; Tue, 10 Oct 2017 16:39:28 -0700 (PDT)
Date: Tue, 10 Oct 2017 16:39:28 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1507678768; bh=T9tDqG0OmHXlzaZ8sgvv0qKU55Gzv0p/ukx1WDQUSj0=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=C/HBCGkpIyKbj6eE7FXKHjyEkZY2jH8jniS2+Oi8RMGfVCOBHeKYDdIX3jTO1rDQy QpqnNoaBfBt3smQvEoXq7PZh3jYphLEwPecI03EYFsYsPgLEkPXtyR8NeNiyBcNxko 2AVArWrovQTqpBCqjz7O5WS6xji78UKLCUnd+z10=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abfaba6c7eea210d351bf762e82552f876947c212e92cf0000000115f51c3092a169ce0fb8c6e7@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/842/review/68457636@github.com>
In-Reply-To: <quicwg/base-drafts/pull/842@github.com>
References: <quicwg/base-drafts/pull/842@github.com>
Subject: Re: [quicwg/base-drafts] Move stateless reset token to the end (#842)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59dd5a3049494_60a93fa19d18af285101a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/7AcoLTQ_-rf4233RhLNWoqPJLsc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 23:39:41 -0000
martinthomson commented on this pull request. > @@ -1595,11 +1600,11 @@ CONNECTION_CLOSE or APPLICATION_CLOSE frame if it has sufficient state to do so. #### Detecting a Stateless Reset A client detects a potential stateless reset when a packet with a short header -cannot be decrypted. The client then performs a constant-time comparison of the -16 octets that follow the Connection ID with the Stateless Reset Token provided -by the server in its transport parameters. If this comparison is successful, -the connection MUST be terminated immediately. Otherwise, the packet can be -discarded. +either cannot be decrypted or is marked as a potential duplicate. The client +then performs a constant-time comparison of the last 16 octets of the packet +with the Stateless Reset Token provided by the server in its transport +parameters. If this comparison is successful, the connection MUST be terminated You can't discard state if you are going to enter the draining period. But we don't need draining, we just need to stop. (Any subsequent stateless resets we get will get discarded according to our new packet handling rules.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/842#discussion_r143880589
- [quicwg/base-drafts] Move stateless reset token t… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… ekr
- Re: [quicwg/base-drafts] Move stateless reset tok… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… janaiyengar
- Re: [quicwg/base-drafts] Move stateless reset tok… Mike Bishop
- Re: [quicwg/base-drafts] Move stateless reset tok… Mike Bishop
- Re: [quicwg/base-drafts] Move stateless reset tok… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… ianswett
- Re: [quicwg/base-drafts] Move stateless reset tok… Martin Thomson
- Re: [quicwg/base-drafts] Move stateless reset tok… ianswett
- Re: [quicwg/base-drafts] Move stateless reset tok… janaiyengar
- Re: [quicwg/base-drafts] Move stateless reset tok… janaiyengar