Re: [quicwg/base-drafts] Initials carrying different first ClientHello are considered as belonging to different connections (#2076)
Christian Huitema <notifications@github.com> Mon, 03 December 2018 07:28 UTC
Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE21F126BED for <quic-issues@ietfa.amsl.com>; Sun, 2 Dec 2018 23:28:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.46
X-Spam-Level:
X-Spam-Status: No, score=-4.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c0eijlzXswxZ for <quic-issues@ietfa.amsl.com>; Sun, 2 Dec 2018 23:28:44 -0800 (PST)
Received: from o6.sgmail.github.com (o6.sgmail.github.com [192.254.113.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF93124C04 for <quic-issues@ietf.org>; Sun, 2 Dec 2018 23:28:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=0NmkQFSE0scWG9Zt7wvS9vcIGcA=; b=mFlmaZIMYZW05jGu N73LIrVPd7ORHCt7iYYfTPuH/dFe1CFICBt0ozvgI81jXVbYBo9ZKqcXw+JEmxis 9IVB5nMXfAhPB/riCfxeFXKEWS7GmCgG2d+3hyTG+25IOurb9hGg3mzjkqeeKFJn wbB1eiYxv9GHdn3qQvlZX8KNjFQ=
Received: by filter1095p1las1.sendgrid.net with SMTP id filter1095p1las1-15848-5C04DB2B-A 2018-12-03 07:28:43.632333702 +0000 UTC m=+101836.375004127
Received: from github-lowworker-c7d2ff2.cp1-iad.github.net (unknown [192.30.252.32]) by ismtpd0006p1iad2.sendgrid.net (SG) with ESMTP id RKI3j3eVR9yxW_Gl4cpD3w for <quic-issues@ietf.org>; Mon, 03 Dec 2018 07:28:43.535 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-c7d2ff2.cp1-iad.github.net (Postfix) with ESMTP id 786264C01E4 for <quic-issues@ietf.org>; Sun, 2 Dec 2018 23:28:43 -0800 (PST)
Date: Mon, 03 Dec 2018 07:28:43 +0000
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba852b7336f527364e09c0dcb66ca3b39f43d9eab92cf00000001181c9d2b92a169ce1701edfc@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2076/review/180636442@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2076@github.com>
References: <quicwg/base-drafts/pull/2076@github.com>
Subject: Re: [quicwg/base-drafts] Initials carrying different first ClientHello are considered as belonging to different connections (#2076)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c04db2b77144_78a23fb5f52d45c04906e0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2pdiO5HSGkcb4nKR2BzqPu+eXqHZUn7RBdER dm3f34N59sU/FLypb+4uu97QV8Y0+OlJKIvsurBAZKHLEBx71eWg6tX4o0AG4/REAb9Ld1mjF4XROO GbqkjGCGkA9F7Cs4IRl1ZFHFarnrkmlSZb7gHii8oV8kL6bBIQxe4HOB98loDC88j+w96yyLPupKOb 8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/KwdEIyUUQQQ_HjfevFCgWydMp8g>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 07:28:47 -0000
huitema commented on this pull request. This looks like a good idea, but it raises the question of how to handle HRR. I think that if we want to explore this path, we need to redefine a way to carry the HRR inside a stateless retry packet of some kind, so we can create two independent connections contexts if two client hello respond to a single HRR. I am also not convinced that we can easily implement the client side of this. What if the attacker spoofs the response from server to client? Now the client receives to SHello, from the same address. What does it do? > @@ -1037,8 +1037,18 @@ Servers MUST drop other packets that contain unsupported versions. Packets with a supported version, or no version field, are matched to a connection using the connection ID or - for packets with zero-length connection -IDs - the address tuple. If the packet doesn't match an existing connection, -the server continues below. +IDs - the address tuple, with the following exception. + +A server that uses a non-zero-length connection ID SHOULD handle Initial packets +that share the same address tuple, Source and Destination Connection IDs, but +contain different first ClientHello messages as belonging to different +connections. This might be used by a client to defend against attacks that race +spoofed Initial packets with legitimate ones. A server can treat every Initial +packet containing a CRYPTO frame at an offset of 0 as potentially creating a new +connection, discarding any packet that has the same Destination Connection ID +and CRYPTO frame content as one that has been answered. + How do you distinguish between the first Initial packet and the next one, in the case of HRR? What if the server gets two responses to an HRR message, does it treat them as two connections? I am concerned that to make this work, we should go back to the "stateless HRR" model, maybe sending the TLS HRR in a crypto frame in the payload of a retry packet. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2076#pullrequestreview-180636442
- [quicwg/base-drafts] Initials carrying different … Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Martin Thomson
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… MikkelFJ
- Re: [quicwg/base-drafts] Initials carrying differ… Christian Huitema
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Christian Huitema
- Re: [quicwg/base-drafts] Initials carrying differ… Kazuho Oku
- Re: [quicwg/base-drafts] Initials carrying differ… Martin Thomson
- Re: [quicwg/base-drafts] Initials carrying differ… Martin Thomson