IETF Logo Mail Archive

Re: [quicwg/base-drafts] Disable Migration field in SPA (#3898)

Jana Iyengar <notifications@github.com> Tue, 14 July 2020 06:27 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80C33A1127 for <quic-issues@ietfa.amsl.com>; Mon, 13 Jul 2020 23:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sezWPtUzKGbm for <quic-issues@ietfa.amsl.com>; Mon, 13 Jul 2020 23:27:17 -0700 (PDT)
Received: from out-27.smtp.github.com (out-27.smtp.github.com [192.30.252.210]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5656A3A1123 for <quic-issues@ietf.org>; Mon, 13 Jul 2020 23:27:17 -0700 (PDT)
Received: from github-lowworker-c5134a3.ac4-iad.github.net (github-lowworker-c5134a3.ac4-iad.github.net [10.52.23.55]) by smtp.github.com (Postfix) with ESMTP id 9174CE063C for <quic-issues@ietf.org>; Mon, 13 Jul 2020 23:27:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594708036; bh=1yERIBB9o9bK5LqfHOEvDYVVJojO19o0tWEUb44jkDU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HVohPRxr70NlqjePi4KFWIyaR3Qu0JiW9PMdb9YuRrCp2zLAohoZiijw5a1hoXpgL CTlCwqXirsPVbdVQDSd56qLYLL9gX4LuVQ3pdpQgytAOxJU9yVSf2EKdhmP7NERizx utB2+kmGIulqkZxpf6XK2G/RsS1+Orv5U+bgTcso=
Date: Mon, 13 Jul 2020 23:27:16 -0700
From: Jana Iyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZKRCN2M3ZJBR6K2LN5DEYUJEVBNHHCOG62GU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3898/review/447820847@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3898@github.com>
References: <quicwg/base-drafts/pull/3898@github.com>
Subject: Re: [quicwg/base-drafts] Disable Migration field in SPA (#3898)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f0d504482612_7f03fb5218cd960540934"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Dc97wxPhJY-nsboTTLiuPKVS1u4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 06:27:19 -0000

@janaiyengar commented on this pull request.

This is going to be a bit tricky.

> @@ -2178,12 +2180,16 @@ before the handshake is confirmed, as defined in section 4.1.2 of {{QUIC-TLS}}.
 
 If the peer sent the disable_active_migration transport parameter, an endpoint
 also MUST NOT send packets (including probing packets; see {{probing}}) from a
-different local address to the address the peer used during the handshake. An
-endpoint that has sent this transport parameter, but detects that a peer has
-nonetheless migrated to a different remote address MUST either drop the incoming
-packets on that path without generating a stateless reset or proceed with path
-validation and allow the peer to migrate. Generating a stateless reset or
-closing the connection would allow third parties in the network to cause
+different local address to the address the peer used during the handshake. If
+the server sets the Disable Migration field in the preferred_address transport
+parameter, the client MUST NOT send packets from a different local address to
+the server's preferred address.

Yeah, this is getting tricky. I think we can say "SHOULD use the same network interface" when changing to the server's SPA. The server will also have to do the validation dance with the client on the new client address from the SPA.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3898#pullrequestreview-447820847

v2.23.0 | Report a Bug | By Email