[quicwg/base-drafts] 595808: Expand the anti-replay story

Martin Thomson <martin.thomson@gmail.com> Mon, 21 January 2019 22:20 UTC

Return-Path: <bounce+565321.40f-quic-issues=ietf.org@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F490129C6A for <quic-issues@ietfa.amsl.com>; Mon, 21 Jan 2019 14:20:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.997
X-Spam-Level:
X-Spam-Status: No, score=-0.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4xKw5f6ekavy for <quic-issues@ietfa.amsl.com>; Mon, 21 Jan 2019 14:20:40 -0800 (PST)
Received: from m69-170.mailgun.net (m69-170.mailgun.net [166.78.69.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AED49129BBF for <quic-issues@ietf.org>; Mon, 21 Jan 2019 14:20:40 -0800 (PST)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=github.com; q=dns/txt; s=mailo; t=1548109240; h=Content-Transfer-Encoding: Content-Type: Mime-Version: Subject: Message-ID: To: Reply-To: From: Date: Sender; bh=CS76ocXRteZjkdh9Jw1r5fywDQ6zqhcEoTIWM+kCIKA=; b=hjxD2yYMTmFIIwv0H6l8+HR4T6yR4+vCJxkiQj1OS4eFh1+EJeJb7Y8uJbi6aoKzq78yNke9 6G3vp8sW+NY8tkTR1cuqWOZowcnFG9N1oogXuIe0gjkQ1kqdUG0aLgxiIKyNVmrULag9R/XL I+gVpzwsanUM5UrAVtVY1/rw9ZA=
X-Mailgun-Sending-Ip: 166.78.69.170
X-Mailgun-Sid: WyJhNzYyYiIsICJxdWljLWlzc3Vlc0BpZXRmLm9yZyIsICI0MGYiXQ==
Sender: martin.thomson=gmail.com@github.com
Received: from github.com (Unknown [192.30.252.39]) by mxa.mailgun.org with ESMTP id 5c4645b7.7fd60b882f60-smtp-out-n03; Mon, 21 Jan 2019 22:20:39 -0000 (UTC)
Date: Mon, 21 Jan 2019 14:20:39 -0800
From: Martin Thomson <martin.thomson@gmail.com>
Reply-To: Martin Thomson <martin.thomson@gmail.com>
To: quic-issues@ietf.org
Message-ID: <5c4645b77b17c_4f592abea117057c454cf@hookshot-fe-da92815.cp1-iad.github.net.mail>
Subject: [quicwg/base-drafts] 595808: Expand the anti-replay story
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="--==_mimepart_5c4645b77adad_4f592abea117057c453f7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/LcrQukGPeG1DtNb98iLhGPJaObw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 22:20:42 -0000

  Branch: refs/heads/0rtt-reset
  Home:   https://github.com/quicwg/base-drafts
  Commit: 59580812145936f7089586212155f14f4495d49f
      https://github.com/quicwg/base-drafts/commit/59580812145936f7089586212155f14f4495d49f
  Author: Martin Thomson <martin.thomson@gmail.com>
  Date:   2019-01-22 (Tue, 22 Jan 2019)

  Changed paths:
    M draft-ietf-quic-http.md
    M draft-ietf-quic-tls.md

  Log Message:
  -----------
  Expand the anti-replay story

The inclusion of RESET_STREAM (and all other frame types) in 0-RTT
inspired me to do some more analysis and due diligence on anti-replay.

This adds a security considerations section with requirements for
application protocols.  That section explains more about what the risks
for QUIC are, how QUIC itself isn't affected, but how an application
protocol might be.

It also adds a section to the HTTP draft citing RFC 8470, explaining how
that analysis is sufficient for HTTP/3.



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.