Re: [quicwg/base-drafts] Recommend discarding bad, unauthentication packets (#2141)

ekr <notifications@github.com> Thu, 13 December 2018 11:56 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F6B212D4E8 for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 03:56:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.056
X-Spam-Level:
X-Spam-Status: No, score=-8.056 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Coflsul1SCtO for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 03:56:45 -0800 (PST)
Received: from out-11.smtp.github.com (out-11.smtp.github.com [192.30.254.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF98B123FFD for <quic-issues@ietf.org>; Thu, 13 Dec 2018 03:56:44 -0800 (PST)
Date: Thu, 13 Dec 2018 03:56:44 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1544702204; bh=1G8xAYa7rzNtyagRVvW5Zbug0KVVbFxVdia6D0gSW28=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VmVAbZP4H87QJG2qqzz1pjcwW7h0ngoL00w+2kDTjPM+3zDk9uNZPNTFFHPH+eowM q4/I1FFvkdvPSh+IlFSiTU/bNamWIUnPxCdV0XviGEbP9TV1HLdBohSWiJHnQyZfvE JdKiQY8KwjfOj2cqEcstYpT/WNiYmtk2y4o9kpw8=
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba72e80c8a5cf3a0ee161f77394d63058f615801792cf00000001182a0afc92a169ce174735aa@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2141/review/184626031@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2141@github.com>
References: <quicwg/base-drafts/pull/2141@github.com>
Subject: Re: [quicwg/base-drafts] Recommend discarding bad, unauthentication packets (#2141)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c1248fc2ca40_55f93fb3cbcd45c4399847"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/O5UoyIhCs6Oi1s2DnQVB_g_fT_E>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 11:56:47 -0000

ekr commented on this pull request.



> @@ -1000,6 +1000,12 @@ to more quickly identify when a connection becomes unusable.
 Packets that are matched to an existing connection, but for which the endpoint
 cannot remove packet protection, are discarded.
 
+Invalid packets without packet protection, such as Initial, Retry, or Version
+Negotiation, SHOULD be discarded without altering connection state.  An endpoint

I'm not sure this is generally a good idea. Consider the case where we have a packet with two frames. (1) a perfectly legitimate stream frame (2) a frame that is misformatted but generally parseable and doesn't otherwise require connection termination. Why is the sensible procedure here to (a) keep the connection alive but (b) ignore the stream data?




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2141#discussion_r241372642