Re: [quicwg/base-drafts] Discard Initial keys as soon as possible (#2045)
MikkelFJ <notifications@github.com> Sat, 24 November 2018 20:33 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB95130FA8 for <quic-issues@ietfa.amsl.com>; Sat, 24 Nov 2018 12:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6eDoSELIhx-M for <quic-issues@ietfa.amsl.com>; Sat, 24 Nov 2018 12:33:01 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 861B0130FB1 for <quic-issues@ietf.org>; Sat, 24 Nov 2018 12:33:01 -0800 (PST)
Date: Sat, 24 Nov 2018 12:33:00 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543091580; bh=jO/ncfPbGfJZmrVnv8AzuWfkHlDs31xclBK3m8nwY98=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rmgjRyYg8dlnJjXzAJ+RjpRwa8h/Tjqd7noWMBEv6bycKyqUHGch/NMJggg5gi0R8 TEpqcx1fMkj1MrP9vAR9pvCfbIqRj2kdkm+0ro4fC9+k1vkm1AeuawI85oo8pkLp/Z bnvfhTtImowxOe8UuyJ/CeVOwZPk2/qvfIHb8DDk=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab8ff3f4f9204792704539f2814eb9b3722e01639292cf000000011811777c92a169ce16de7e61@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2045/review/178061541@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2045@github.com>
References: <quicwg/base-drafts/pull/2045@github.com>
Subject: Re: [quicwg/base-drafts] Discard Initial keys as soon as possible (#2045)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf9b57c77c64_2cde3fa607cd45b4187082"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/HFIplu-YQjdyHB_V_3Rj8cn7fXA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2018 20:33:12 -0000
mikkelfj commented on this pull request.
> @@ -691,6 +692,24 @@ will be marked as lost before this, as they leave a gap in the sequence of
packet numbers.
+## Discarding Initial Keys {#discard-initial}
+
+Packets protected with Initial secrets ({{initial-secrets}}) are not
+authenticated, meaning that an attacker could spoof packets with the intent to
+disrupt a connection. To limit these attacks, Initial packet protection keys
+can be discarded more aggressively than other keys.
+
+The successful use of Handshake packets indicates that no more Initial packets
+need to be exchanged, as these keys can only be produced after receiving all
+CRYPTO frames from Initial packets. Thus, a client MUST discard Initial keys
+when it first sends a Handshake packet and a server MUST discard Initial keys
+when it first successfully processes a Handshake packet. Endpoints MUST NOT
+send Initial packets after this point.
It is not a man in the middle attack, it is a man on the side attack. The initial packet can be decrypted and a response can be constructed, but at the next encryption level that option is gone. This is why the initial is special.
If it is possible to forge a reset from the initial packet, something is wrong in the design. It is not possible when a new connection id is produced, but I'm not sure if there the CID is fixed zero length. If there is an attack here, the reset token ought to moved further into the handshake.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2045#discussion_r236052984
- [quicwg/base-drafts] Discard Initial keys as soon… Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Marten Seemann
- Re: [quicwg/base-drafts] Discard Initial keys as … ekr
- Re: [quicwg/base-drafts] Discard Initial keys as … Marten Seemann
- Re: [quicwg/base-drafts] Discard Initial keys as … ekr
- Re: [quicwg/base-drafts] Discard Initial keys as … Rui Paulo
- Re: [quicwg/base-drafts] Discard Initial keys as … Marten Seemann
- Re: [quicwg/base-drafts] Discard Initial keys as … Rui Paulo
- Re: [quicwg/base-drafts] Discard Initial keys as … MikkelFJ
- Re: [quicwg/base-drafts] Discard Initial keys as … Rui Paulo
- Re: [quicwg/base-drafts] Discard Initial keys as … MikkelFJ
- Re: [quicwg/base-drafts] Discard Initial keys as … Kazuho Oku
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Mike Bishop
- Re: [quicwg/base-drafts] Discard Initial keys as … janaiyengar
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Mike Bishop
- Re: [quicwg/base-drafts] Discard Initial keys as … janaiyengar
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … janaiyengar
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … ekr
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … ekr
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … ianswett
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Christian Huitema
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson
- Re: [quicwg/base-drafts] Discard Initial keys as … Martin Thomson