IETF Logo Mail Archive

Re: [quicwg/base-drafts] Connection abort during handshake (#597)

MikkelFJ <notifications@github.com> Wed, 07 June 2017 06:46 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA69312EA67 for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 23:46:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level:
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMJ_FqG27bqX for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 23:46:56 -0700 (PDT)
Received: from o4.sgmail.github.com (o4.sgmail.github.com [192.254.112.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDA6212EA5A for <quic-issues@ietf.org>; Tue, 6 Jun 2017 23:46:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=UBekGUpqODWJGGNRsM7B/kAOfb4=; b=kjYrK1aWxj9wAEeD iNhLCkj4oxejOZlLYjiCZnHhclI/N28l5gZgtZ2VjxWhyDtkMMSN0CiTJ/Us8zms d0JCo6AddzUndO48v/ldiukUbM+q6PgWVLW3A7Aj6OoJKQA4Ml+e0cqiyCLaooVZ zX08v+CwMpQN9Urhmri7pFFeC5c=
Received: by filter0814p1mdw1.sendgrid.net with SMTP id filter0814p1mdw1-31937-5937A15D-37 2017-06-07 06:46:53.911465966 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0006p1iad1.sendgrid.net (SG) with ESMTP id SinJhOH-Skyo77-nE0okbA for <quic-issues@ietf.org>; Wed, 07 Jun 2017 06:46:53.948 +0000 (UTC)
Date: Tue, 06 Jun 2017 23:46:53 -0700
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc5631fce666d9c8a87b04e935c999cafc66f4b9192cf00000001154f635d92a169ce0df28989@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/597/306702712@github.com>
In-Reply-To: <quicwg/base-drafts/issues/597@github.com>
References: <quicwg/base-drafts/issues/597@github.com>
Subject: Re: [quicwg/base-drafts] Connection abort during handshake (#597)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5937a15dd5c32_7d533fb3671ffc3445759"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0B9yz16p8QT3knLdKRE1KFLF6FzufynN3V/u X+XRv5mMhK/I5CC462zhjOvM5VmaPjQ4mxEp2IDCobMnkASEdDZvtM2fz7RDXFSFCYzFwEDIgoZsrs qpa+LWWCcvQf4zqHE2gwn/YzDs24ds7cy/F+z/VdpPH5GgDEkYp6awynM7hX6cyBK1OmNxrMRm4W6R Q=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/MHWPsG9ICug07i3sJd8wg47yrHg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 06:46:58 -0000

>Well thats why I think this is another reason for using Server Stateless Retry, which returns client's selected random packet number and can be validated by client. It would be hard for attacker to guess that value (2^31).

On using packet numbers for validation: I think it would be simpler to validate on a client and a server chosen nonce (aka Connection Id) because it requires less state, but I might be missing something. For example if failing on a second Client ClearText packet you need to remember all packet numbers and while retransmission does this, it is a different machinery. Having the nonces also simplifies state lookup.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/597#issuecomment-306702712

v2.31.3 | Report a Bug | By Email | System Status