IETF Logo Mail Archive

Re: [quicwg/base-drafts] Rework Retry packet (#1498)

MikkelFJ <notifications@github.com> Thu, 19 July 2018 15:14 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81481131108 for <quic-issues@ietfa.amsl.com>; Thu, 19 Jul 2018 08:14:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level:
X-Spam-Status: No, score=-3.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1O9lOc4Hidaq for <quic-issues@ietfa.amsl.com>; Thu, 19 Jul 2018 08:14:31 -0700 (PDT)
Received: from o6.sgmail.github.com (o6.sgmail.github.com [192.254.113.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E76713112D for <quic-issues@ietf.org>; Thu, 19 Jul 2018 08:14:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=7pfWrkgM64MV7Ga0ic644fYizQQ=; b=hEZvW5bqb7Fz9PHN zMX/D/uLr98LHJXezZwJBy1DqdxbyaLxC8OGOMc3c79JbXErtb/dgpzpGN2L5Ltg ZF8G9LWHy96o8bvy1IS0AMaotvqblzy/2rMeM8UjX0Z06kvqJGFaCmY6Mxnmp2in GQXqJHgVDQRw7MnsWhIsfHWQRJ0=
Received: by filter0188p1iad2.sendgrid.net with SMTP id filter0188p1iad2-18243-5B50AAD6-16 2018-07-19 15:14:30.309621209 +0000 UTC m=+143728.842085133
Received: from github-lowworker11-cp1-prd.iad.github.net (unknown [192.30.252.35]) by ismtpd0002p1iad1.sendgrid.net (SG) with ESMTP id ApS4WqmwRV6TgRo21WQ0EQ for <quic-issues@ietf.org>; Thu, 19 Jul 2018 15:14:30.221 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker11-cp1-prd.iad.github.net (Postfix) with ESMTP id 34CC8E08A5 for <quic-issues@ietf.org>; Thu, 19 Jul 2018 08:14:30 -0700 (PDT)
Date: Thu, 19 Jul 2018 15:14:30 +0000
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab0763758d8c3d824d83ec5bedf8e0a1a9546915a592cf0000000117686cd692a169ce14138c09@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1498/review/138721285@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1498@github.com>
References: <quicwg/base-drafts/pull/1498@github.com>
Subject: Re: [quicwg/base-drafts] Rework Retry packet (#1498)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b50aad632647_4ba83fac2f6bef84146338"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1nFMw83wI1a1LkKnC8zDmd7EK0u10EQ/I9DY Dh4xFFpBMyNmPUIm0HxI+dXKHZbnRmx92fiMjODzQAvU4DQOtKPvHjmkqRqkW/ElzDvmvv+E8kxPID yWZS/9V2lcyL06n37Dc2Wym5jLvnLtKTr0+zkgBarZSxQBLh/uif9PnoSauLKDavPOmqVvnPNGs9tc 4=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/EopDYypQq0M6tbavpwY-DDnNiv8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 15:14:46 -0000

mikkelfj commented on this pull request.



> +A Retry packet does not include a packet number and cannot be explictly
+acknowledged by a client.
+
+A server MUST only send a Retry in response to a client Initial packet.
+
+If the Original Destination Connection ID field does not match the Destination
+Connection ID from the most recent Initial packet it sent, clients MUST discard
+the packet.  This prevents an off-path attacker from injecting a Retry packet.
+
+The client responds to a Retry packet with an Initial packet that includes the
+provided Retry Token to continue connection establishment.
+
+A server that might send another Retry packet in response to a subsequent
+Initial packet MUST set the Source Connection ID to a new value of at least 8
+octets in length.  This allows clients to distinguish between Retry packets when
+the server sends multiple rounds of Retry packets.  Consequently, a valid Retry

The clients original DCID disappears once it reaches the server. Since the server sets its own SCID and the client is not allowed to change its SCID, the context is lost.
While I agree that not changing SCID is a good thing, I wondered why that was made a requirement before solving this loss of context here.
Your proposal to modify servers SCID seems like a workaround for the fundamental problem that some nonce is required. But I dont' recall all the concerns related to this right now.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1498#discussion_r203766499

v2.23.0 | Report a Bug | By Email