Re: [quicwg/base-drafts] CID's should be compared in constant time (#2477)

Kazuho Oku <> Sat, 16 February 2019 03:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7E5E3130E11 for <>; Fri, 15 Feb 2019 19:19:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wY4iYkEeIUco for <>; Fri, 15 Feb 2019 19:19:52 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B3FD1130DEC for <>; Fri, 15 Feb 2019 19:19:52 -0800 (PST)
Date: Fri, 15 Feb 2019 19:19:51 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1550287191; bh=AuuYRTgw4Z11JbzX1J3vYjNHvnBz+DdiNoAB4H0WQ7s=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=F/pJ9yCCrTr178dpT1GNVyHtwuQTp6MKuVhbH8OO5v11KruXV4b9JI2N+/EWMEX52 U49Ce3K5VBwjbihEUjHsALhTvnxASc3fWG6ug4qVgKGAi3gNZmWZBIknHlD1zR5Nge 2tLKzOA5aFiz5OO25Y79jIws4DTKi57x4eIYIyek=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2477/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] CID's should be compared in constant time (#2477)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c678157c76f4_192a3faeed8d45c419614"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Feb 2019 03:19:55 -0000

I think @mikkelfj is technically correct. A simple attack would be like the following.

Assume there's a server using an ordered list to maintain CIDs. When it receives a packet, it scans the list in ascending order until it finds a matching CID (or if reaches the end of the list without finding one).

An attacker can bisect the server to see which CIDs is active, by observing the difference in the latency of receiving stateless resets. This is much convenient than a brute-force attack that tries every possible CID to see if one is active.

If we need to be clear about the constant time requirement is a different question.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: