Re: [quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)

Kazuho Oku <notifications@github.com> Tue, 10 December 2019 00:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1631200F6 for <quic-issues@ietfa.amsl.com>; Mon, 9 Dec 2019 16:19:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zt4sL91bzhBc for <quic-issues@ietfa.amsl.com>; Mon, 9 Dec 2019 16:19:11 -0800 (PST)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 374F012002F for <quic-issues@ietf.org>; Mon, 9 Dec 2019 16:19:11 -0800 (PST)
Date: Mon, 09 Dec 2019 16:19:10 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575937150; bh=kMEtFg0KXGtByN1xOi9lKlU4HW24At5wzygfwShtpKE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=SKb12es2XVnfY56GlTRyURh6ary/yg/10GxAe/Vo0E6pKuVCzlDDMu67K+Xu8J5dk Zg0/wYmZ/Ffsk6sBIdOhoy/+WDDqpyvq+NaccrC2XNybmmGiJ2fCi2OHkY9WDnqMJX R9tQnu6mib3ZpPoLr1rbaqzPre1iAdX25Lc9fyjI=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5ZTPUCCJZXOSRQX5N37QLP5EVBNHHB7XUJLA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3292/review/329519839@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3292@github.com>
References: <quicwg/base-drafts/pull/3292@github.com>
Subject: Re: [quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5deee47e3fa51_746b3f9d0d4cd96895255"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/9b_kWEHPe1iwn375tw4PBJJPY0w>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 00:19:13 -0000

kazuho commented on this pull request.



> @@ -3476,10 +3485,12 @@ Datagrams containing Initial packets MAY exceed 1200 bytes if the client
 believes that the Path Maximum Transmission Unit (PMTU) supports the size that
 it chooses.
 
-A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in
-response to an Initial packet it receives from a client if the UDP datagram is
-smaller than 1200 bytes. It MUST NOT send any other frame type in response, or
-otherwise behave as if any part of the offending packet was processed as valid.
+A server that has no existing state for a connection MUST discard an Initial
+packet that is carried in a UDP datagram that is smaller than 1200 bytes.  Other
+packets in the datagram SHOULD also be discarded.  A server MAY send a
+CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in addition to
+discarding a packet if that does not affect a connection for which the server
+has established state; see {{immediate-close}}.

@martinthomson Thank you for the clarification.

I think there are three possible behaviors in such a situation:
* immediate-close the connection with PROTOCOL_VIOLATION
* discard the small Initial
* discard the small Initial, send PROTOCOL_VIOLATION, without affecting the connection state

I think that either of the first two makes sense.

However, the third one (which IIUC is what the text suggests) does not. This is because sending PROTOCOL_VIOLATION will instruct the client to discard *its* connection state, regardless of the sender of the small Initial packet being the client or an attacker. There is no point in the server retaining the connection state after sending PROTOCOL_VIOLATION.

Therefore, I think that the advice should be: SHOULD discard, MAY immediate-close.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3292#discussion_r355760171