IETF Logo Mail Archive

Re: [quicwg/base-drafts] Handling of corrupt Retry packets (#3014)

Mike Bishop <notifications@github.com> Tue, 15 October 2019 20:36 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5F1120052 for <quic-issues@ietfa.amsl.com>; Tue, 15 Oct 2019 13:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Level:
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOuOaEV4zHXV for <quic-issues@ietfa.amsl.com>; Tue, 15 Oct 2019 13:36:30 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A641A120046 for <quic-issues@ietf.org>; Tue, 15 Oct 2019 13:36:30 -0700 (PDT)
Date: Tue, 15 Oct 2019 13:36:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1571171789; bh=a4+lyJQx/Y9JaHd9eVyQhwz066P08oifIkPQl+SRcig=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=DOgP3rsuS5Tg3lPVd0XgyrMCbkqaONpM9aN6EpTGA4SDxpcHaXx5GPFofNtZ8Hi6v 76BxhL6biIQZgM5buoP8T9OzEaLQlqvJZU1F1OZAfodxMgQOVXt5BX/z08BQUc2Dcm 8fQLNg3OzpWTUcnTg2pIHbIXNVIf3R73B/8xUTmU=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYM6OR5RKF37VSC6UN3WNXF3EVBNHHB2TYBKQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3014/542393406@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3014@github.com>
References: <quicwg/base-drafts/issues/3014@github.com>
Subject: Re: [quicwg/base-drafts] Handling of corrupt Retry packets (#3014)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da62dcdafc78_606c3f8924ecd96023256d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/AF82Y6iCFjHL72qyfBjoQBkHOEQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 20:36:33 -0000

> @ianswett suggests that we could allow a server to generate a CONNECTION_CLOSE in response to an Initial with a token that is probably an invalid Retry token. This would allow the server to signal to the client that the connection is busted.

This also becomes an attack vector, since an attacker could inject such a CONNECTION_CLOSE.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3014#issuecomment-542393406

v2.23.0 | Report a Bug | By Email