Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)

Kazuho Oku <notifications@github.com> Thu, 13 June 2019 01:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85A77120164 for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 18:02:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.391
X-Spam-Level:
X-Spam-Status: No, score=-6.391 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxu-FwjKQufM for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 18:02:17 -0700 (PDT)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 049BE120018 for <quic-issues@ietf.org>; Wed, 12 Jun 2019 18:02:17 -0700 (PDT)
Date: Wed, 12 Jun 2019 18:02:16 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1560387736; bh=nt2r5Pp5/7dxJN5KcQZk2a7Nw/fxnE+2P3QHhFGilBw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NolQh41Doqd/6wmWfWCL4GDV0wTwoQR3ffoJK28lStJhDIzNUFXmJUEn7nItn7tY1 U4ouG65NUeu88L87JeyVg6cUtdqYnyvCgAS0l7v9gkl25mY7JakpbwfMOsg+5CH8aP Nc/jme8eYesI7NwHinmg4obURTdCZ3Qyv0cn7fwI=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZIXVOT5AH5RT3WBGF3B3JRREVBNHHBWJFGY4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2785/501509032@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2785@github.com>
References: <quicwg/base-drafts/issues/2785@github.com>
Subject: Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d01a09834a85_13793fb1b4ecd95c30905f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/P3hP5qUnZSd_dwJcsYtsv18YCoU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 01:02:20 -0000

> What exactly do you think this prohibition will achieve?

If there is a prohibition, an endpoint can remove the SRT of the CID being retired, without consulting the SRTs of other CIDs belonging to the same connection.

While incorrect in terms of current spec, such design works flawlessly with endpoints that issue different SRT for each CID. It seems that most implementations would issue different SRT for each CID. Then, there's chance that we might see stacks implementing this incorrect but simpler approach.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2785#issuecomment-501509032