Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD with asymmetric connection-ids (#1243)
MikkelFJ <notifications@github.com> Tue, 05 June 2018 07:39 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DD0130F0A for <quic-issues@ietfa.amsl.com>; Tue, 5 Jun 2018 00:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IsqENDPir38k for <quic-issues@ietfa.amsl.com>; Tue, 5 Jun 2018 00:39:27 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7C42130F07 for <quic-issues@ietf.org>; Tue, 5 Jun 2018 00:39:27 -0700 (PDT)
Date: Tue, 05 Jun 2018 00:39:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1528184366; bh=nZEjBrOlL0qZPlibIaa9iLmP8YwqrN6Mll47GAGbMNM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TQspLyqcF/VhCkgD4Py6OrmnIXJfg56DU3jp3G5bqDQIjRagjFNSk08rOrkTwkSY6 KVvG6TwJWKaQsrU2xlKaeiQTNCH1lnHgZLWYcS7xIkq09Oq0QisT2Ct2GSqpdsJgoV UI3653OKEegCHRCxqHTCgcQ7JKq0MrhnSnGUMn0k=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7ef1fd40bf8ff981113f3fa653f263b22bfda65892cf00000001172e002e92a169ce124738ff@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1243/394612529@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1243@github.com>
References: <quicwg/base-drafts/issues/1243@github.com>
Subject: Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD with asymmetric connection-ids (#1243)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b163e2eb7495_32853f98c6ab4f843344f7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/DAlVqVZff1uGegvjld_Zu_ZdbUM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 07:39:30 -0000
I didn't mean to say dump the connection. By dump transmission I meant the single UDP datagram - either someone messed with it, or the peer is misbehaving. In that case it makes limited sense to further process the datagram since it is obviously not up to specs. This opens up to an on-path attack where a third party can attach content to a datagram and here you are right, but compound packets are only used during the early handshake, no? And here the best approach is to reject as much nonsense as possible. If the peer volunteers to sign a packet that makes non sense it becomes suspecious and repeat offences might lead to disconnection and black listing. Therefore it is IMO not a good idea to use invalid packets for path discovery or any other purpose. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1243#issuecomment-394612529
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… martinduke
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Gorry Fairhurst
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Igor Lubashev
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Gorry Fairhurst
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Gorry Fairhurst
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Igor Lubashev
- [quicwg/base-drafts] ICMP and ICMPv6 PMTUD with a… Erik Nygren
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Erik Nygren
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Igor Lubashev
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Martin Thomson
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Kazuho Oku
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… MikkelFJ
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Kazuho Oku
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… MikkelFJ
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Kazuho Oku
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Martin Thomson
- Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD wi… Jana Iyengar