[quicwg/base-drafts] 2417e9: Define an anti-forgery limit
Martin Thomson <noreply@github.com> Tue, 09 June 2020 07:21 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27EA3A0A8B for <quic-issues@ietfa.amsl.com>; Tue, 9 Jun 2020 00:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jF3YxcH4zMTE for <quic-issues@ietfa.amsl.com>; Tue, 9 Jun 2020 00:21:18 -0700 (PDT)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3EA63A0A88 for <quic-issues@ietf.org>; Tue, 9 Jun 2020 00:21:18 -0700 (PDT)
Received: from github-lowworker-a6a2749.va3-iad.github.net (github-lowworker-a6a2749.va3-iad.github.net [10.48.16.62]) by smtp.github.com (Postfix) with ESMTP id 1255C660C3F for <quic-issues@ietf.org>; Tue, 9 Jun 2020 00:21:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1591687278; bh=+dF7pK4TZXTJOubryU7LA4SWgaYjGxnvqi4UKQFyi2E=; h=Date:From:To:Subject:From; b=BRpxbWTB69w2iUA2C2D1gTAVDyrNpuGT/447slYSI6chMe9udp1JdomPHK+i0emIk BipksxspI8YA2qnke0oEO7onEsWQ8xfvjSXqxC8dRQ2WXLM0n6B6hC0jAlWDNA33ug H8h3b+p9UKamamtM+TaVw8jGaylkInoYbQG2pMlQ=
Date: Tue, 09 Jun 2020 00:21:18 -0700
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/master/18becf-f0d856@github.com>
Subject: [quicwg/base-drafts] 2417e9: Define an anti-forgery limit
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/JktOR1jRmKeZ3MqWD5ANdW_bVqY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 07:21:21 -0000
Branch: refs/heads/master Home: https://github.com/quicwg/base-drafts Commit: 2417e9d953bdae559dd0b2c74406da98dc75c1e1 https://github.com/quicwg/base-drafts/commit/2417e9d953bdae559dd0b2c74406da98dc75c1e1 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-04-29 (Wed, 29 Apr 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Define an anti-forgery limit This defines a limit on the number of packets that can fail authentication before you have to use new keys. There is a big hole here in that AES-CCM (that is, the AEAD based on CBC-MAC) is currently permitted, but we have no analysis to support either the confidentiality limits in TLS 1.3 or the integrity limits in this document. It is probably OK, but that is not the standard we apply here. So this might have to remain open until we get some sort of resolution on that issue. My initial opinion is to cut CCM from the draft until/unless an analysis is produced. Closes #3619. Commit: 4b2f0cf43f98a5b8f80e258e6f4de369e9ac8856 https://github.com/quicwg/base-drafts/commit/4b2f0cf43f98a5b8f80e258e6f4de369e9ac8856 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-01 (Fri, 01 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Update link Commit: f94409a03ddd7a92cf1c1388e036a3eecf896853 https://github.com/quicwg/base-drafts/commit/f94409a03ddd7a92cf1c1388e036a3eecf896853 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-01 (Fri, 01 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Keep CCM Commit: a81e74f3a94c44735f38a943d8ad242d6e5adbed https://github.com/quicwg/base-drafts/commit/a81e74f3a94c44735f38a943d8ad242d6e5adbed Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-01 (Fri, 01 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Improve description of 'l' Commit: 5efe1df7db38536d6b9e2153e5ecb52dacb1105a https://github.com/quicwg/base-drafts/commit/5efe1df7db38536d6b9e2153e5ecb52dacb1105a Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-01 (Fri, 01 May 2020) Changed paths: M draft-ietf-quic-http.md M draft-ietf-quic-qpack.md M draft-ietf-quic-recovery.md M draft-ietf-quic-tls.md M draft-ietf-quic-transport.md Log Message: ----------- Merge branch 'master' into forgery-limit Commit: acb7b227f19ac7572efb987e60f8e494e1301e32 https://github.com/quicwg/base-drafts/commit/acb7b227f19ac7572efb987e60f8e494e1301e32 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-07 (Thu, 07 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Basic editing Co-authored-by: ianswett <ianswett@users.noreply.github.com> Commit: 7d982461c409323b5a2ba2363441c09f3d763832 https://github.com/quicwg/base-drafts/commit/7d982461c409323b5a2ba2363441c09f3d763832 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Grammah Co-authored-by: Lucas Pardue <lucaspardue.24.7@gmail.com> Commit: d5613bc37a4a89238782c0743c64f541c810f54a https://github.com/quicwg/base-drafts/commit/d5613bc37a4a89238782c0743c64f541c810f54a Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Editorial comments, reorder Commit: 9da9774ddd3638a4f85faf29893495b5855fcbe9 https://github.com/quicwg/base-drafts/commit/9da9774ddd3638a4f85faf29893495b5855fcbe9 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Editorial improvement Commit: cdf655307293ebf7be598849ccdad0f41ce32e11 https://github.com/quicwg/base-drafts/commit/cdf655307293ebf7be598849ccdad0f41ce32e11 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Math is hard, halve the numbers again Based on input from @chris-wood, it appears as though the length calculation was off. Of course, the length calculation is off anyway, because 2^10 is arbitrary and doesn't match the expected packet size. But as long as we're being arbitrary, we can at least be *consistently* arbitrary. Commit: 7d4f2ac708582bd6b60d00586d177af41867263a https://github.com/quicwg/base-drafts/commit/7d4f2ac708582bd6b60d00586d177af41867263a Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Missed one Co-authored-by: Felix Günther <mail@felixguenther.info> Commit: f756508d497d4111c40f0f2523b90d1cd5f91abc https://github.com/quicwg/base-drafts/commit/f756508d497d4111c40f0f2523b90d1cd5f91abc Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-08 (Fri, 08 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Explain how we got the 2l value Commit: 2eb8646ec7863d97336e7f8e1391391db6d57e24 https://github.com/quicwg/base-drafts/commit/2eb8646ec7863d97336e7f8e1391391db6d57e24 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-11 (Mon, 11 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Some code review suggestions Co-authored-by: Christopher Wood <caw@heapingbits.net> Co-authored-by: Felix Günther <mail@felixguenther.info> Commit: 7958c9f2ae14aaf59ce3cc39817173cc65422dc5 https://github.com/quicwg/base-drafts/commit/7958c9f2ae14aaf59ce3cc39817173cc65422dc5 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-11 (Mon, 11 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Reflow Commit: ce9fde0b69b18db153239177fe1fe5e4655b295d https://github.com/quicwg/base-drafts/commit/ce9fde0b69b18db153239177fe1fe5e4655b295d Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-15 (Fri, 15 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Limits are per key Commit: 05b02df1e77c959c0dba467baed39e525f2a4ee8 https://github.com/quicwg/base-drafts/commit/05b02df1e77c959c0dba467baed39e525f2a4ee8 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-22 (Fri, 22 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Stop using the keys, not close Only require closing the connection if you can't update. If you hit this limit, you can send a key update. You won't be able to read any packets until your peer reads that key update though. This manifests as a bunch of packet loss, because you threw out keys. So you do end up sending a bunch of packets into the dark in the hopes that one will get through. Of course, you can't always update, so you have to close then. Commit: bfc409bb529d6a248f4ed20cac3c3d1d204a75ae https://github.com/quicwg/base-drafts/commit/bfc409bb529d6a248f4ed20cac3c3d1d204a75ae Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-22 (Fri, 22 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Forgeries likely exhaust TWO keys Closes #3662. Commit: 874036ba9762c1cddaaf54e2dcd43d4d80297161 https://github.com/quicwg/base-drafts/commit/874036ba9762c1cddaaf54e2dcd43d4d80297161 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-22 (Fri, 22 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- plural Commit: 3a1f14b85b5528cf230251a6924f5d0b5581859d https://github.com/quicwg/base-drafts/commit/3a1f14b85b5528cf230251a6924f5d0b5581859d Author: Martin Thomson <mt@lowentropy.net> Date: 2020-05-27 (Wed, 27 May 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Merge pull request #3686 from quicwg/forgeries-and-updates Forgeries likely exhaust TWO keys Commit: f0d856cd4d6250e910c89029ea6f7e7c09ceb367 https://github.com/quicwg/base-drafts/commit/f0d856cd4d6250e910c89029ea6f7e7c09ceb367 Author: Martin Thomson <mt@lowentropy.net> Date: 2020-06-09 (Tue, 09 Jun 2020) Changed paths: M draft-ietf-quic-tls.md Log Message: ----------- Merge pull request #3620 from quicwg/forgery-limit Define an anti-forgery limit Compare: https://github.com/quicwg/base-drafts/compare/18becf27d355...f0d856cd4d62
- [quicwg/base-drafts] 2417e9: Define an anti-forge… Martin Thomson