Re: [quicwg/base-drafts] Clarify text around preferred address (#3589)

[ekr <notifications@github.com>]

@ekr commented on this pull request.



> @@ -1084,10 +1084,10 @@ Sending a RETIRE_CONNECTION_ID frame indicates that the connection ID will not
 be used again and requests that the peer replace it with a new connection ID
 using a NEW_CONNECTION_ID frame.
 
-As discussed in {{migration-linkability}}, endpoints limit the use of a
-connection ID to a single network path where possible. Endpoints SHOULD retire
-connection IDs when no longer actively using the network path on which the
-connection ID was used.
+As discussed in {{migration-linkability}}, endpoints MUST limit the use of a
+connection ID to packets sent from a single local address.  Endpoints SHOULD
+retire connection IDs when they are no longer actively using the network path on
+which the connection ID was used.

Perhaps the problem is the use of "network path". As I understand it, the requirement here is that from your perspective the 5-tuple be the same, right? The issue is that with NAT your perspective and others may different. So  perhaps "MUST limit the use of a connection ID to a single pair of remote/local address"

> @@ -2277,11 +2278,21 @@ linked by any other entity.
 At any time, endpoints MAY change the Destination Connection ID they send to a
 value that has not been used on another path.
 
-An endpoint MUST use a new connection ID if it initiates connection migration as
-described in {{initiating-migration}} or probes a new network path as described
-in {{probing}}.  An endpoint MUST use a new connection ID in response to a
-change in the address of a peer if the packet with the new peer address uses an
-active connection ID that has not been previously used by the peer.
+An endpoint MUST NOT reuse a connection ID when sending from more than one local
+address, for example when initiating connection migration as described in
+{{initiating-migration}} or when probing a new network path as described in
+{{probing}}.
+
+Similarly, an endpoint MUST NOT reuse a connection ID when sending to more than
+one destination address.  However, if an endpoint receives packets from a new
+source address with the same destination connection ID, it MAY continue to use
+the current connection ID with the new address.

Do we actually have to make this exception? I haven't been tracking all of the conversations, but why not just have endpoints use a new CID in this case.

In general an endpoint MUST limit the use of a connection ID to a single pair of remote and local addresses. This prevents linkage between network paths. However, if an endpoint may experiences unexpected NAT rebinding, that endpoint's peer may receive a packet from a new remote address but reusing an existing connection ID, thus apparently violating this rule linking those paths. [TODO: Something about how you have to accept this?]
As an exception to the rule above, if an endpoint sees a given connection ID reused from a new remote address, it MAY also reuse its corresponding connection ID when sending to that address, as long as it sends from the same local address.




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3589#discussion_r422984471