Re: [quicwg/base-drafts] Stateless reset fixes (#1346)

janaiyengar <notifications@github.com> Wed, 23 May 2018 19:40 UTC

Date: Wed, 23 May 2018 12:40:27 -0700
From: janaiyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab98e6b205e54f090edcbb1578edee2bcb7c5b14c892cf00000001171d85ab92a169ce132e6b76@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1346/review/122737195@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1346@github.com>
References: <quicwg/base-drafts/pull/1346@github.com>
Subject: Re: [quicwg/base-drafts] Stateless reset fixes (#1346)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b05c3abc2686_45482acace018f6059696"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/G-mmcbxr5OhBIuGMkFfS7CTjQC0>

janaiyengar commented on this pull request.



>  
 A single static key can be used across all connections to the same endpoint by
 generating the proof using a second iteration of a preimage-resistant function
-that takes three inputs: the static key, the server's connection ID (see
-{{connection-id}}), and an identifier for the server instance.  A server could
-use HMAC {{?RFC2104}} (for example, HMAC(static_key, server_id ||
+that takes three inputs: the static key, the connection ID chosen by the
+endpoint (see {{connection-id}}), and an instance identifier.  An endpoint could
+use HMAC {{?RFC2104}} (for example, HMAC(static_key, instance_id ||

@martinthomson : Ah, right, I see it's addressed below. Given this is an example construction, I would suggest making that explicitly clear up at the beginning of this paragraph.
@MikeBishop : Yes, that is true, but defending the routing infrastructure against attacks seems out of scope for us, since similar attacks can be launched against TCP as well, where you'd receive an RST or ICMP unreachable.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1346#discussion_r190374682

[quicwg/base-drafts] Stateless reset fixes (#1346) Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… martinduke
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… martinduke
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… janaiyengar
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop
Re: [quicwg/base-drafts] Stateless reset fixes (#… janaiyengar
Re: [quicwg/base-drafts] Stateless reset fixes (#… janaiyengar
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Martin Thomson
Re: [quicwg/base-drafts] Stateless reset fixes (#… Pascalh2001
Re: [quicwg/base-drafts] Stateless reset fixes (#… MikkelFJ
Re: [quicwg/base-drafts] Stateless reset fixes (#… Mike Bishop