[quicwg/base-drafts] 2fc515: Authenticate connection IDs
Martin Thomson <noreply@github.com> Wed, 11 March 2020 01:45 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17693A0DFD for <quic-issues@ietfa.amsl.com>; Tue, 10 Mar 2020 18:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCcXq60Y218N for <quic-issues@ietfa.amsl.com>; Tue, 10 Mar 2020 18:45:34 -0700 (PDT)
Received: from out-16.smtp.github.com (out-16.smtp.github.com [192.30.254.199]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D4F73A0DFC for <quic-issues@ietf.org>; Tue, 10 Mar 2020 18:45:34 -0700 (PDT)
Received: from github-lowworker-39ac79b.ac4-iad.github.net (github-lowworker-39ac79b.ac4-iad.github.net [10.52.18.15]) by smtp.github.com (Postfix) with ESMTP id 0AB2212129B for <quic-issues@ietf.org>; Tue, 10 Mar 2020 18:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1583891134; bh=P5Z/0RmjJ+uKiEh67bMQh748v0FUQo2eCGcM7ljLveg=; h=Date:From:To:Subject:From; b=ONXeOObzwMoT2TNi7add7Xc5s0DUxy+ifrXCbWQxJ+oQPk2/MpdJUVGu5CMV4T8rR bB2sQsTc0bv+cSMsZYwb0/3GarDOOShhCnjr/QMjp12dZNxwLARs8MOdnOI+u/Ax4s oCXr1Uq+Gi0crW8kvbkl8rRGOSxzM0tDuxlN+B7A=
Date: Tue, 10 Mar 2020 18:45:33 -0700
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/authenticate-hs-cid/d92b97-2fc515@github.com>
Subject: [quicwg/base-drafts] 2fc515: Authenticate connection IDs
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/92uA7VCGHGRuF_mNxO-ke-CR4wo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 01:45:36 -0000
Branch: refs/heads/authenticate-hs-cid Home: https://github.com/quicwg/base-drafts Commit: 2fc5157ed013ae8f84f17e44409c42be87660feb https://github.com/quicwg/base-drafts/commit/2fc5157ed013ae8f84f17e44409c42be87660feb Author: Martin Thomson <mt@lowentropy.net> Date: 2020-03-11 (Wed, 11 Mar 2020) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Authenticate connection IDs This authenticates all of them. Note that I have chosen to use position in the protocol (Source vs. Destination) as opposed to who selects the values (client vs. server) as the means of deciding where each lies. This avoids regressing an existing protocol characteristic. This changes the definition of original_connection_id so that it is mandatory for the server to include always. A new handshake_connection_id (which might be initial_connection_id, but I think that's confusing) is also mandatory for both roles. The retry_connection_id is used when there is a Retry. This is a granular encoding. That means some additional bytes for the types of transport parameters, but not so many as to be intolerable, I think. A single transport parameter, or a header on the transport parameter encoding (as we used to have) might be slightly more efficient, but offhand I think that the net saving would be at most 2 bytes, so I'm going with simple over small. Closes #3439.
- [quicwg/base-drafts] 2fc515: Authenticate connect… Martin Thomson