IETF Logo Mail Archive

Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)

Kazuho Oku <notifications@github.com> Fri, 30 November 2018 07:30 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 685C512D4F0 for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 23:30:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.46
X-Spam-Level:
X-Spam-Status: No, score=-4.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YoCg3Y-HUjPU for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 23:30:55 -0800 (PST)
Received: from o4.sgmail.github.com (o4.sgmail.github.com [192.254.112.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A208126CB6 for <quic-issues@ietf.org>; Thu, 29 Nov 2018 23:30:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=e0dzasP1HNzOgGVEfc1v9rCSEJQ=; b=FSl3q++SPo8XMQ3O 14RbH3es6piK1NZkgT9XM1No7iMXsAJffqz6Bx3UuGOunmkcmVHN+G1cBp2hy9Dq qK6dx70RAeJJYaLPFm9FORZUuQ2+6TmxwLHVbTqReIszbaLFd7okrMYIOV4wKTFt 5TXjDnvLyQUunjpq7apwhC2gOI0=
Received: by filter0369p1iad2.sendgrid.net with SMTP id filter0369p1iad2-12230-5C00E72E-1 2018-11-30 07:30:54.013041477 +0000 UTC m=+19598.032307860
Received: from github-lowworker-89d05ac.cp1-iad.github.net (unknown [192.30.252.35]) by ismtpd0001p1iad2.sendgrid.net (SG) with ESMTP id j6dwKgHxTt6DLIl_8Ls23Q for <quic-issues@ietf.org>; Fri, 30 Nov 2018 07:30:53.988 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-89d05ac.cp1-iad.github.net (Postfix) with ESMTP id 01737AE02E6 for <quic-issues@ietf.org>; Thu, 29 Nov 2018 23:30:54 -0800 (PST)
Date: Fri, 30 Nov 2018 07:30:54 +0000
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abbdf696b87926f76849c0510b11571ad35762abfe92cf000000011818a92d92a169ce1678fc4e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1951/443116632@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1951@github.com>
References: <quicwg/base-drafts/issues/1951@github.com>
Subject: Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c00e72df4213_1f7c3fd9f88d45c0641448"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2tHBMYAPbv+8PRZGuEFSCjsPSCb+1dCByjoP 4upyaqHLVwpbD8HO8XdTHyo5EAnPKkRjHF2v9Qdo4Aj1J8u48WsSLfNf0685YgeUP5Giucf5zApCOK LxOxpdLdwN/d7L1JrFzAAFpxtUvWLR095N1Eoz8+qfB4zkjsFSc4eL3eANI3W7lH5c2gPi18qhwAae M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/H6HG_IbIHbyCInF-tU1o5GMaM8s>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 07:30:57 -0000

> If we ignore ACK frames for Initial packets after handshake keys become available, why would we still send them?

I am saying that ignoring suspicious ACK (either partially or entirely) does not disrupt a handshake once an endpoint has obtained the handshake keys, because the effect is the same as using implicit ACKs.

The benefit of exchanging ACKs (that can be ignored) rather than doing implicit ACKs is that they provide valuable information to loss recovery and congestion control.

>  And if we don't ignore them, we're vulnerable to injection attacks.

I disagree. Assuming that we adopt the rules in 
https://github.com/quicwg/base-drafts/issues/1951#issuecomment-443065734, I think that we would be as safe as #2054 after handshake keys are obtained. Also, the proposed approach is less vulnerable to injection attacks before the handshake keys are obtained.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1951#issuecomment-443116632

v2.23.0 | Report a Bug | By Email