Re: [quicwg/base-drafts] Single Stream of Bytes for CRYPTO Frames (#1592)

Nick Banks <notifications@github.com> Fri, 20 July 2018 19:39 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F3C6130DF1 for <quic-issues@ietfa.amsl.com>; Fri, 20 Jul 2018 12:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4L2RoJE5Tw8 for <quic-issues@ietfa.amsl.com>; Fri, 20 Jul 2018 12:39:05 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33C8C130DDE for <quic-issues@ietf.org>; Fri, 20 Jul 2018 12:39:05 -0700 (PDT)
Date: Fri, 20 Jul 2018 12:39:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1532115544; bh=j8NkQuS7/QtAdf06SP+mR43JerX1+2yP0PO6u4jAB+8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=smsZPCTeHAw877UAKecGVrn/ngeZVyxa39fP9LZEclKLhIkFwQ2EtVN6YXly74nvU menomfg3Kri39VWYFdj4HIfQPJz1M7LLtCFEyDikltks67wyEToUDFrFM9hDr4FGNG rcF4qgrEc5/hG31hbeVx0jOvJnE1r0pssavWPU0c=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab3437b6ba0830883287a7475a7ac4df0831bf54c692cf000000011769fc5892a169ce1474a4c7@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1592/406706348@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1592@github.com>
References: <quicwg/base-drafts/issues/1592@github.com>
Subject: Re: [quicwg/base-drafts] Single Stream of Bytes for CRYPTO Frames (#1592)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b523a5842810_20d03fb0e26d45c01417d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/KpJTmcohztkEwBgUiCVz7RqioOw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 19:39:08 -0000

Yes, the attack in this case would be resource exhaustion. There are 3 packet number spaces, but 4 encryption levels (Initial, 0-RTT, Handshake, 1-RTT). Each encryption level can be used to send CRYPTO frames (EOED uses 0-RTT). As for the number of streams a client can open, that is controllable by the server. It can choose to give less while under attack. Additionally, completing the handshake to get those extra streams requires additional resources on the attacker side, which might make the attack less attractive.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1592#issuecomment-406706348