Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
MikkelFJ <notifications@github.com> Thu, 07 March 2019 00:13 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02DF3131115 for <quic-issues@ietfa.amsl.com>; Wed, 6 Mar 2019 16:13:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7PW6JGUJgvp for <quic-issues@ietfa.amsl.com>; Wed, 6 Mar 2019 16:13:00 -0800 (PST)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 252041310F7 for <quic-issues@ietf.org>; Wed, 6 Mar 2019 16:13:00 -0800 (PST)
Date: Wed, 06 Mar 2019 16:12:59 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1551917579; bh=P7prTJ+slp2FJSIXSZ+RIPRb9S2bo2RqTmEUutzLJNk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eE80fw91mG6d7CMjBf3xtm43Dfd1DoXsC+vp/DBTZBKOzAKAM6HdCO/E/vMLncS9J dA77XYeQHKdFw6d4EkUgMsLpFc5R8XJxIdAhwUSiR7cdOfc1vRO8/VyRT3LU+AbYDu K1+fkYzETlmnhbrFmmChcw6CR+Kpvg9HitoOM/NA=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abbc040cd83c5a986c5bdc074385bc932661ebc5c492cf000000011898240b92a169ce17e9c1c4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2355/c470329092@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2355@github.com>
References: <quicwg/base-drafts/pull/2355@github.com>
Subject: Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c80620bd925_68f33fd05fed45bc3136f4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/J1E0bprQ__ZoWiqAK5oryQERyaU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2019 00:13:02 -0000
Proposed shortening of replay section
## Replay Attacks with 0-RTT
As described in Section 8 of {{!TLS13}}, use of TLS early data comes with an
exposure to replay attack. The use of 0-RTT in QUIC is similarly vulnerable to
replay attack.
Endpoints MUST implement and use the replay protections described in {{!TLS13}},
however it is recognized that these protections are imperfect. Therefore,
additional consideration of the risk of replay are needed.
The QUIC transport protocol is not vulnerable to replay attacks and does
tolerate replayed frames because all frames are idempotent and because
no state is carried across connections.
Applications might carry state across connections and can be confused by
STREAM frame content under 0-RTT keys and also by other content such as
flow control credits. Servers can be configured to reject old 0-RTT
packets but it is not perfect nor guaranteed. Only application protocols
can define semantics that are acceptable for 0-RTT sessions, if any.
A copied 0-RTT session is cheap to establish and can be exploited to
expend excessive server resources. Applications MUST account for this
overhead before accepting 0-RTT connections.
QUIC extensions SHOULD describe how replay attacks affect their
operation. Applications MUST prohibit extensions where efficient
replay mitigation strategies cannot be provided.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2355#issuecomment-470329092
- [quicwg/base-drafts] Allow stream-related frames … Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Marten Seemann
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Kazuho Oku
- Re: [quicwg/base-drafts] Allow stream-related fra… Alessandro Ghedini
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Nick Banks
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Mike Bishop
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Luca Niccolini
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Luca Niccolini
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Marten Seemann
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson