IETF Logo Mail Archive

[quicwg/base-drafts] If you don't reset DCID you will repeat keys. (#2179)

ekr <notifications@github.com> Fri, 14 December 2018 00:58 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F151C130EC8 for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 16:58:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.056
X-Spam-Level:
X-Spam-Status: No, score=-8.056 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ipNQbqLQckBd for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 16:58:40 -0800 (PST)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EA15130EBF for <quic-issues@ietf.org>; Thu, 13 Dec 2018 16:58:40 -0800 (PST)
Date: Thu, 13 Dec 2018 16:58:39 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1544749119; bh=LLSE3Zhi+ps6ApiPKW00HOST+3BjGUk2q+E4J0tGvXQ=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=QRZg77vhAvUSWWTHAmk172HAew+t6J1FXehe2XVyRJyenSjgTrd1VfLdstBXHu0Up gxPA1JxlVWcH8VTaNjzNTSAM57PVCtmznDk615k+2iza6i6n0FzWSwdckmfXMSTah9 KoVc8xlKuCrJd5PaOlvqN3PzZx8zeNGbPULkz0m4=
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc3696bb9486e1128fec258048177c7479bc768eb92cf00000001182ac23f92a169ce174d03c4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2179@github.com>
Subject: [quicwg/base-drafts] If you don't reset DCID you will repeat keys. (#2179)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c13003fa50b7_5bd3fe0334d45c43638e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Jwek0VMR3BP24576YegMFNlZlaA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2018 00:58:43 -0000

```
Note that if you don't reset DCID, you repeat keys


A client sets the Destination Connection ID field of this Initial packet to the
value from the Source Connection ID in the Retry packet. Changing Destination
Connection ID also results in a change to the keys used to protect the Initial
packet. It also sets the Token field to the token provided in the Retry. The
client MUST NOT change the Source Connection ID because the server could include
the connection ID as part of its token validation logic (see
{{validate-future}}).
```

Correct me if I'm wrong, but if the server chooses a DCID that is the same as the client's DCID (which, I believe it can do), then you would get the same keys. Arguably, this doesn't matter b/c any attacker who is on-path can derive the keys anyway, but...

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2179

v2.30.2 | Report a Bug | By Email | System Status