Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)

Christian Huitema <notifications@github.com> Sun, 22 March 2020 17:43 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 559073A0940 for <quic-issues@ietfa.amsl.com>; Sun, 22 Mar 2020 10:43:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.482
X-Spam-Level:
X-Spam-Status: No, score=-1.482 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaMnJ7qHgz3M for <quic-issues@ietfa.amsl.com>; Sun, 22 Mar 2020 10:43:20 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D8693A093D for <quic-issues@ietf.org>; Sun, 22 Mar 2020 10:43:19 -0700 (PDT)
Received: from github-lowworker-292e294.va3-iad.github.net (github-lowworker-292e294.va3-iad.github.net [10.48.102.70]) by smtp.github.com (Postfix) with ESMTP id 046AE9600AC for <quic-issues@ietf.org>; Sun, 22 Mar 2020 10:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1584898999; bh=kYSROJ3zjwHoa8OTlFobk1yPocvnLRzm0LtdPq/wyXg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZBCpskB3gBazewnGkMj0YooOpGaOyv/dxOf5QLl1oXCMdS4TtNi62tLp5VfycTFM1 lb5Vyhp7XqGcxvdYr6pGuLV1wdeIIvjLXRIKOvlR2E3JNqELWyAP98YMgQNs48KGc0 B23o/omEPrHquzs53bhvv3fUr/eP9it9nFShYivA=
Date: Sun, 22 Mar 2020 10:43:18 -0700
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK7ZOWYPZGCXK4NGGH54QOCLNEVBNHHCESD76A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3499/c602245593@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3499@github.com>
References: <quicwg/base-drafts/pull/3499@github.com>
Subject: Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e77a3b6ea20d_1fb23ff7c58cd960661333"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/JPgFZeLS1BD6XWQOhLAqlOeNhNM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2020 17:43:23 -0000

@ianswett I have implement it in picoquic as such:

1) Always send the handshake CID. Not an interop issue since implementations are supposed to ignore unknown CID

2) Send the retry CID when also sending the ODCID.

3) Verify that the client is not sending Retry CID

4) If the protocol version is newer than "draft 27", check that the handshake CID is present, and that the retry CID is present if required. Then check that the values are what is expected.

5) When verifying the retry token, check that the retry CID sent by the client is what is expected.

That version of picoquic is used in the interop runner, and I have not noticed any issue related to CID checks. But then the tests are bypassed with draft-27 versions. I suppose I could split the TP test into verifying that the CID are present if the version is newer than draft-27, and then check that the CID have the expected value if they are present. That would allow for interop testing with draft 27.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3499#issuecomment-602245593