Re: [quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)

Jana Iyengar <notifications@github.com> Wed, 11 December 2019 03:22 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F26312006B for <quic-issues@ietfa.amsl.com>; Tue, 10 Dec 2019 19:22:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMo3hXyyBQJs for <quic-issues@ietfa.amsl.com>; Tue, 10 Dec 2019 19:22:05 -0800 (PST)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88532120059 for <quic-issues@ietf.org>; Tue, 10 Dec 2019 19:22:05 -0800 (PST)
Date: Tue, 10 Dec 2019 19:22:04 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1576034524; bh=xPO/KFPW6jtmWAlqiaqqTOZ+u8aEfl2G8C3ocNBu72Q=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AY4oGn40VVuP3cUgxqwRxOeY8emfv0vT29JQMhcrmBNUSOd7esTVtwTe2IaY7XlCo pdLfh2ujbyqg6G5cflMHilN6RkVTq97cEz7WbNqa8d5HF0u50RGnMgjFlTfk5xsmut B3rVO601jL66vtGNhKB+IiNbcX75C/ZVdekSBCTw=
From: Jana Iyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYDRTOTPA2T7ZJ7X7F37WJVZEVBNHHB7XUJLA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3292/review/330277488@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3292@github.com>
References: <quicwg/base-drafts/pull/3292@github.com>
Subject: Re: [quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5df060dc9078f_51c73fbf93ecd960140311"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Abzi1D8KwTyIic1h1rGpX3kAo80>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 03:22:08 -0000

janaiyengar approved this pull request.

A few editorial suggestions, but this looks good to me now.

> @@ -3479,10 +3498,10 @@ Datagrams containing Initial packets MAY exceed 1200 bytes if the client
 believes that the Path Maximum Transmission Unit (PMTU) supports the size that
 it chooses.
 
-A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in
-response to an Initial packet it receives from a client if the UDP datagram is
-smaller than 1200 bytes. It MUST NOT send any other frame type in response, or
-otherwise behave as if any part of the offending packet was processed as valid.
+A server MUST discard an Initial packet that is carried in a UDP datagram that
+is smaller than 1200 bytes.  A server MAY also immediately close the connection
+by sending a CONNECTION_CLOSE frame with an error code of PROTOCOL_VIOLATION;
+see {{immediate-close}}.

```suggestion
see {{immediate-close-hs}}.
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to

```suggestion
An endpoint might send a CONNECTION_CLOSE frame in an Initial packet or in response to
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to
+unauthenticated information received in Initial or Handshake packets.  An

```suggestion
unauthenticated information received in Initial or Handshake packets.
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to
+unauthenticated information received in Initial or Handshake packets.  An
+immediate close in response might result in a denial of service for a legitimate

```suggestion
Such an immediate close might expose legitimate connections to a denial of service.
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to
+unauthenticated information received in Initial or Handshake packets.  An
+immediate close in response might result in a denial of service for a legitimate
+connection.  QUIC does not include defensive measures for on-path attacks during

```suggestion
QUIC does not include defensive measures for on-path attacks during
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to
+unauthenticated information received in Initial or Handshake packets.  An
+immediate close in response might result in a denial of service for a legitimate
+connection.  QUIC does not include defensive measures for on-path attacks during
+the handshake; see {{handshake-dos}}.  However, at the cost of reducing feedback
+about errors for legitimate peers, some forms of denial of service can be made
+more difficult for an attacker if endpoints discard illegal packets rather than
+terminating a connection with CONNECTION_CLOSE.  For this reason, endpoints MAY
+discard packets rather than immediately close if errors are detected in packets
+that lack authentication.
+
+An endpoint that has not established state, such as a server that detects an
+error in an Initial packet, does not enter the closing state.  An endpoint that
+has no state for the connection sends a CONNECTION_CLOSE frame without entering

```suggestion
has no state for the connection does not enter a closing or draining period
```

> @@ -2491,6 +2494,22 @@ Handshake and 1-RTT packets prior to confirming the handshake; see Section 4.1.2
 of {{QUIC-TLS}}.  These packets can be coalesced into a single UDP datagram; see
 {{packet-coalesce}}.
 
+A CONNECTION_CLOSE frame might be sent in an Initial packet or in response to
+unauthenticated information received in Initial or Handshake packets.  An
+immediate close in response might result in a denial of service for a legitimate
+connection.  QUIC does not include defensive measures for on-path attacks during
+the handshake; see {{handshake-dos}}.  However, at the cost of reducing feedback
+about errors for legitimate peers, some forms of denial of service can be made
+more difficult for an attacker if endpoints discard illegal packets rather than
+terminating a connection with CONNECTION_CLOSE.  For this reason, endpoints MAY
+discard packets rather than immediately close if errors are detected in packets
+that lack authentication.
+
+An endpoint that has not established state, such as a server that detects an
+error in an Initial packet, does not enter the closing state.  An endpoint that
+has no state for the connection sends a CONNECTION_CLOSE frame without entering
+a closing or draining period.

```suggestion
on sending a CONNECTION_CLOSE frame.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3292#pullrequestreview-330277488