Re: [quicwg/base-drafts] Let Endpoints Ignore invalid Initial Packets (#1819)

ianswett <notifications@github.com> Thu, 18 October 2018 21:08 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFFF130E19 for <quic-issues@ietfa.amsl.com>; Thu, 18 Oct 2018 14:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.064
X-Spam-Level:
X-Spam-Status: No, score=-3.064 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1df2Gjf7vxS for <quic-issues@ietfa.amsl.com>; Thu, 18 Oct 2018 14:08:19 -0700 (PDT)
Received: from o3.sgmail.github.com (o3.sgmail.github.com [192.254.112.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C54F5130E8F for <quic-issues@ietf.org>; Thu, 18 Oct 2018 14:08:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=KMwl/y21oUemzN3NzU5GQthEdtc=; b=iJjmHsM6jwYpwjB1 DNo4Y/aZWL2oaB3qrBgXNKT8FGI7cMeGtoUr94A2WWRgQIWhvxavhJ23HuJEF/5H sXQOtn82MOzl6FpJYmBwM2f0BmvOxWs0Z1ffSLbxEKxiIDbsyfuxa5oi/t3SrPLX bNjO5QAb6Zn2ryXeSLRgzkLJag8=
Received: by filter0196p1iad2.sendgrid.net with SMTP id filter0196p1iad2-1319-5BC8F641-12 2018-10-18 21:08:17.38345785 +0000 UTC m=+1432.549753776
Received: from github-lowworker-39ccb07.cp1-iad.github.net (unknown [192.30.252.40]) by ismtpd0001p1iad2.sendgrid.net (SG) with ESMTP id wAM9s14SQzKVdB3dBUgbsQ for <quic-issues@ietf.org>; Thu, 18 Oct 2018 21:08:17.401 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-39ccb07.cp1-iad.github.net (Postfix) with ESMTP id 5BC5540009C for <quic-issues@ietf.org>; Thu, 18 Oct 2018 14:08:17 -0700 (PDT)
Date: Thu, 18 Oct 2018 21:08:17 +0000
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab03d9e88cb6630b7903a744b71b6991732a346a7e92cf0000000117e0b84192a169ce15cbb1a4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1819/review/166294304@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1819@github.com>
References: <quicwg/base-drafts/pull/1819@github.com>
Subject: Re: [quicwg/base-drafts] Let Endpoints Ignore invalid Initial Packets (#1819)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bc8f6415438a_9893f937d2d45c4122930"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1sDnU6Wz4TLlQJWlbdMRVO2u86igprYEkX6u qPjqNmiJfl+CC07l0YPOcgJpim3FtthR7fNCwYFJLPHHd4d/Zt3EmdYZV8OxMPO3tYyWzfGXDgo06o a31ZLIx+yXWmLKZD0x7If4JEUe1BvIin9Noh1Rxqz1DrE5QbM+eTnZz4+w==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/962tGZCdBbnaVcFXdlpm4HWKxfw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 21:08:22 -0000

ianswett commented on this pull request.



> @@ -736,6 +733,18 @@ and will contain a CRYPTO frame with an offset matching the size of the CRYPTO
 frame sent in the first Initial packet.  Cryptographic handshake messages
 subsequent to the first do not need to fit within a single UDP datagram.
 
+### Handling of Fatal Initial Packets
+
+The contents of some Initial packets may, according to this specification, force
+connection termination. For example, they might contain forbidden frame types
+or a CONNECTION_CLOSE frame. As Initial packets are not protected, these could
+indicate injection attacks to terminate the connection.
+
+Endpoints MAY treat the receipt of such packets as a connection error, drop them

The more I think about this, I think this is basically an intractable problem unless one is willing to keep copies of the QUIC handshake state machinery.

1) If you start processing a packet, and process one frame, then the next frame is invalid, you'd have to rewind/discard the state machinery.  Is that what you're recommending?
2) You have text that indicates you should process Initial packets, but not treat them as errors once you have received a Handshake packet, but similar to my first concern, I think that's fairly impractical unless you keep copies of the handshake.
3) One could ACK initial packets, but not process them, but then if the client ACKs a packet that was never sent, the server can close the connection, so you're still in a bad place.

To be clear, I sort of hate implicit ACKs of Initial, but we keep making decisions, such as that only Handshake packets count as address confirmation, that make most frames sent in Initial useless.  I have https://github.com/quicwg/base-drafts/pull/1862 to fix the rest of the deadlock case, but that would be fixed if we didn't send ACKs in Initial and relied upon implicit ACKs instead.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1819#pullrequestreview-166294304