Re: [quicwg/base-drafts] Allow reuse of stateless reset tokens (#2733)

MikkelFJ <notifications@github.com> Wed, 22 May 2019 15:17 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF8B41201F8 for <quic-issues@ietfa.amsl.com>; Wed, 22 May 2019 08:17:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XAsRrizKbDKu for <quic-issues@ietfa.amsl.com>; Wed, 22 May 2019 08:17:26 -0700 (PDT)
Received: from out-16.smtp.github.com (out-16.smtp.github.com [192.30.254.199]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 096FD1201E5 for <quic-issues@ietf.org>; Wed, 22 May 2019 08:17:26 -0700 (PDT)
Date: Wed, 22 May 2019 08:17:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1558538245; bh=IMpxz4l05iy9spZkBVIzky1sWong/IVStdhM8j31Jr8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=xk6yiRYrFwus6TdV8N97SfIM+Sf66fun0YqY0TXC/4yHS2siaTe6WYlhGTSxtV1rA 82y/8CsQmwm0kqtclcYgj7wgeXw62et9uzLYiIabvtCnBdINkuz81Yyir9b+yd9MVq vkDr/Exo5sY1Jl3I333NRLKwzAamtm9Vezt9Ou30=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK3ERM7JXRHP4VOD5LF26KNIBEVBNHHBVHINUM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2733/review/240703667@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2733@github.com>
References: <quicwg/base-drafts/pull/2733@github.com>
Subject: Re: [quicwg/base-drafts] Allow reuse of stateless reset tokens (#2733)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ce56800c978d_35a73ff0612cd9684372bf"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/G3SxHICv5yLJ0tFmjYaQUeSdT00>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 15:17:28 -0000

mikkelfj commented on this pull request.



> @@ -2476,6 +2476,14 @@ the same static key (see {{reset-oracle}}).  A connection ID from a connection
 that is reset by revealing the Stateless Reset Token MUST NOT be reused for new
 connections at nodes that share a static key.
 
+The same Stateless Reset Token MAY be used for multiple connection IDs on the
+same connection.  An endpoint that reuses a Stateless Reset Token MUST ensure
+that any connection ID used on the connection is matched to the active
+connection, including any routing performed at load balancers, even when a
+connection ID has been retired.  Otherwise, an attacker might be able to send a
+packet with a retired connection ID and cause the endpoint to produce a
+Stateless Reset.
+
 Note that Stateless Reset packets do not have any cryptographic protection.

The text has been changed since I wrote the above, but largely:

> An endpoint that reuses a Stateless Reset Token MUST ensure
that any connection ID associated with the reused value is correlated with to
the active connection, even when the connection ID has been retired.

It is not entirely clear what timeframe this pertains to. There is time where the an unknown packet is received and the connection is active from the peers perspective but no longer used from the receivers perspective. And there is the time where the token is issued during connection establishment or path migration. The latter is the intent, but it is not easy to read.

It could perhaps be formulated like

A Stateless Reset Token MUST be unique to a single connection. The same token MAY be reissued for different Connection ID's on the same connection when it can be guaranteed that they all route to the same endpoint for the duration of the connection even after a Connection ID has been retired.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2733#discussion_r286546409