IETF Logo Mail Archive

[quicwg/base-drafts] a66b21: Document request forgery

Martin Thomson <noreply@github.com> Thu, 13 August 2020 07:28 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6D493A0828 for <quic-issues@ietfa.amsl.com>; Thu, 13 Aug 2020 00:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52Z45OSyxU09 for <quic-issues@ietfa.amsl.com>; Thu, 13 Aug 2020 00:28:46 -0700 (PDT)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 496EE3A0823 for <quic-issues@ietf.org>; Thu, 13 Aug 2020 00:28:46 -0700 (PDT)
Received: from github-lowworker-c53a806.ac4-iad.github.net (github-lowworker-c53a806.ac4-iad.github.net [10.52.23.45]) by smtp.github.com (Postfix) with ESMTP id 2578860059F for <quic-issues@ietf.org>; Thu, 13 Aug 2020 00:28:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1597303725; bh=zjs9d0bM5BHoPxxIPe2idchSM6CsGaVSrgw98S2mDng=; h=Date:From:To:Subject:From; b=lrzSi+qMMNPcGFvMxCuKrIv2FphHWFKkogCc8LkYOpxfo0y1kLEh3+YpJ5ujU6oMd BweHzZ3yI1YL3z8A0Hjz7pbRLvx6ayjQdTDS0/TzP4kAuaH7yjI4u+2HxLFBDsnt2Q fQHFkvDYZ+HVP1vqlch5+ui+4HjoixOJh15iNGB8=
Date: Thu, 13 Aug 2020 00:28:45 -0700
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/request-forgery/c79b02-a66b21@github.com>
Subject: [quicwg/base-drafts] a66b21: Document request forgery
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/MeNMiXNGmRqu-BHL80lYLN6WQ7A>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 07:28:48 -0000

  Branch: refs/heads/request-forgery
  Home:   https://github.com/quicwg/base-drafts
  Commit: a66b21eda0289e756188f3de712b21b49b199679
      https://github.com/quicwg/base-drafts/commit/a66b21eda0289e756188f3de712b21b49b199679
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-08-13 (Thu, 13 Aug 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Document request forgery

First cut at this, sorry about it being so long.  It's fairly hard to
write this, particularly since the existing documentation is so sparse.
Hopefully this is clear enough.  I haven't had time to properly
proof-read it, so it's probably not very good.  But I thought I'd share
what I got.

This includes some basic countermeasures, but they aren't very good.
I think that's OK, but we should discuss.

Closes #3995.

v2.23.0 | Report a Bug | By Email