IETF Logo Mail Archive

Re: [quicwg/base-drafts] Path validation should be done even for what looks like NAT rebinding (#2579)

David Schinazi <notifications@github.com> Tue, 02 April 2019 01:16 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF3120086 for <quic-issues@ietfa.amsl.com>; Mon, 1 Apr 2019 18:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.383
X-Spam-Level:
X-Spam-Status: No, score=-6.383 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rc8cgwLWZDZD for <quic-issues@ietfa.amsl.com>; Mon, 1 Apr 2019 18:16:31 -0700 (PDT)
Received: from out-12.smtp.github.com (out-12.smtp.github.com [192.30.254.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C18B12006E for <quic-issues@ietf.org>; Mon, 1 Apr 2019 18:16:31 -0700 (PDT)
Date: Mon, 01 Apr 2019 18:16:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1554167790; bh=mjyMSYv+yFWHoPhWzGB9LZlG0+2O+sR6+anJO6ldep8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=K6+61Osvj2DIZo7K7v0GhjnoAFq4u2Q0yWEUekj3B+xW2LkRgAOe77//xfVeNze4x 8fAcxgiZiEN1CBBj7geZCBU0XG75n0zPpnjmF/Lps6PH0mrBuBOvbiZ7BQuS81xvPP 9DO5nuSMZ70LLwO9rNHorfv+Msx5s+HmFNQVmSEM=
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abe1bad2842ec9c109570a02c6bf27db957dae8f1c92cf0000000118ba79ee92a169ce197da202@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2579/478805472@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2579@github.com>
References: <quicwg/base-drafts/issues/2579@github.com>
Subject: Re: [quicwg/base-drafts] Path validation should be done even for what looks like NAT rebinding (#2579)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ca2b7ee98ad0_281a3fbfcb4d45c0381661"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/9hI075jsYZeOjRm1V1cjcyw7Jgw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 01:16:34 -0000

The difference is that when performing connection migration, the client MUST change connection ID. On the other hand, when the NAT rebinds, the client is not immediately aware of it and there will be packets with the old connection ID coming from the new NAT binding.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2579#issuecomment-478805472

v2.23.0 | Report a Bug | By Email