IETF Logo Mail Archive

Re: [quicwg/base-drafts] Compatible version upgrade (#1901)

martinduke <notifications@github.com> Mon, 05 November 2018 07:08 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4651112F18C for <quic-issues@ietfa.amsl.com>; Sun, 4 Nov 2018 23:08:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nw9_AvHOOnF8 for <quic-issues@ietfa.amsl.com>; Sun, 4 Nov 2018 23:08:08 -0800 (PST)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D297912EB11 for <quic-issues@ietf.org>; Sun, 4 Nov 2018 23:08:07 -0800 (PST)
Date: Sun, 04 Nov 2018 23:08:06 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1541401686; bh=zEZo4gCJ92UMC4sHvbZxiMOZL/ZHiTSVjrK84tGTagU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=epqHF+6xaT47u4VtmHlNyYu7VExNxhouZDhkeleI3N0quKBcdgIrm0EvB0LD665Eb AbcF40jnPDnxjOHXJdSuVMfSZPYa1zNDu9+pI4OJ5/Dyqn8k8Sy8tFJBXQZk9eufX8 NBtF59jCtf8KKTUwa64AVE7luLGlA+E8g+YaEwkw=
From: martinduke <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab64b60d91071e3eaec6bdf9775f20ad21ff75678892cf0000000117f7ae5692a169ce1640b1a8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1901/c435774516@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1901@github.com>
References: <quicwg/base-drafts/pull/1901@github.com>
Subject: Re: [quicwg/base-drafts] Compatible version upgrade (#1901)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bdfec56b3bc6_72f13f80e88d45c01690e9"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/PUfR8FhjTGYeHcbvPCTKyGEjixE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 07:08:11 -0000

After discussing this with @kazuho, @janaiyengar, and @ianswett in Bangkok, I'm not sure the server upgrade problem has been correctly reasoned.

Downgrade attack detection happens in the context of a single connection. After receiving VN, the client uses the same CID and increments the packet number. Non-pathological load balancers will direct this to the same server. People have repeatedly pointed out to me that the LB config could flip over in that moment, but that is an edge case of an edge case, and the only consequence is a fatal connection error and a possible security alert.

It might we worth adding somewhere that in the event of a downgrade alert, the client SHOULD NOT cache the contents of VN for future use. Also, if the server's TPs don't match the contents of a client version cache from a different connection, that is not a downgrade attack.

Furthermore, @ianswett points out that downgrade attack detection traditionally happens at the client. We haven't fully thought through the incentives and other implications of moving this responsibility to the server.

In summary, I no longer support moving downgrade detection to the server.  I am open to seamless upgrade in v2 after we do some more analysis to make sure there are no gotchas.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1901#issuecomment-435774516

v2.23.0 | Report a Bug | By Email