IETF Logo Mail Archive

Re: [quicwg/base-drafts] Pad path validation in both directions (#4241)

ianswett <notifications@github.com> Mon, 19 October 2020 02:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9A8E3A1218 for <quic-issues@ietfa.amsl.com>; Sun, 18 Oct 2020 19:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.201
X-Spam-Level:
X-Spam-Status: No, score=-1.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnNtQHtAxxvL for <quic-issues@ietfa.amsl.com>; Sun, 18 Oct 2020 19:02:25 -0700 (PDT)
Received: from out-28.smtp.github.com (out-28.smtp.github.com [192.30.252.211]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574483A1214 for <quic-issues@ietf.org>; Sun, 18 Oct 2020 19:02:25 -0700 (PDT)
Received: from github.com (hubbernetes-node-11600f8.ash1-iad.github.net [10.56.110.43]) by smtp.github.com (Postfix) with ESMTPA id 46889900080 for <quic-issues@ietf.org>; Sun, 18 Oct 2020 19:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1603072944; bh=p99UjDpzPpCSMjQzeqwfHx1ppU2dyc6q3TgDV54CJFE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Bmon/LaAPMbutM7kUrHkFmsFC+GHdBBmW/gH3FetYbLRdDWJxTOEAQJz3HKW1E1V+ mDSgcut0CENQsHGq5hSBYjeJrQgt9ntJHtzXjtieNoWXcZMuhcab3tERFhwqcaYaN/ 7n0p/+mVepmbLyORZdo5fdDbEJkhdDzllrJ2Q4tE=
Date: Sun, 18 Oct 2020 19:02:24 -0700
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2XPSSZFDHZXZJHWQ55TDKLBEVBNHHCWKQC3Q@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/4241/review/511366824@github.com>
In-Reply-To: <quicwg/base-drafts/pull/4241@github.com>
References: <quicwg/base-drafts/pull/4241@github.com>
Subject: Re: [quicwg/base-drafts] Pad path validation in both directions (#4241)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f8cf3b042e5a_5419b431991"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/QCzdO7nalCA5PkcDmZc9utHjW3c>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 02:02:27 -0000

@ianswett commented on this pull request.

LG, but a few suggestions

> +A PATH_RESPONSE frame MUST be sent on the network path where the PATH_CHALLENGE
+was received.  This requirement MUST NOT be enforced by the endpoint that
+initiates path validation as that would enable an attack on migration; see
+{{off-path-forward}}.

I think this is a SHOULD not a MUST both because it's unenforceable and because future multicast use cases may need to not follow it.

```suggestion
A PATH_RESPONSE frame SHOULD be sent on the network path where the PATH_CHALLENGE
was received.  This ensures the path is functional in both directions.  This requirement
MUST NOT be enforced by the endpoint that initiates path validation as that would enable
an attack on migration; see {{off-path-forward}}.
```

> +least the smallest allowed maximum datagram size of 1200 bytes. This in
+combination with sending on the same path allows the endpoint that initiated
+path validation to verify that the path is able to carry datagrams of this size
+in both directions.

```suggestion
least the smallest allowed maximum datagram size of 1200 bytes. This verifies
that the path is able to carry datagrams of this size in both directions.
```

> +the data that was sent in a previous PATH_CHALLENGE frame.  This PATH_RESPONSE
+frame can be received on any network path.  This validates the path on which
+the PATH_CHALLENGE was sent.

```suggestion
the data that was sent in a previous PATH_CHALLENGE frame.  A PATH_RESPONSE
frame received on any network path validates the path on which the
PATH_CHALLENGE was sent.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/4241#pullrequestreview-511366824

v2.23.0 | Report a Bug | By Email