Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Kazuho Oku <notifications@github.com> Fri, 28 September 2018 09:23 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFA17130E01 for <quic-issues@ietfa.amsl.com>; Fri, 28 Sep 2018 02:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqjr6N9JZFWR for <quic-issues@ietfa.amsl.com>; Fri, 28 Sep 2018 02:23:21 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36181130DC8 for <quic-issues@ietf.org>; Fri, 28 Sep 2018 02:23:21 -0700 (PDT)
Date: Fri, 28 Sep 2018 02:23:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1538126600; bh=/nK37sHnxMid/7L3Zn1qt1cRF7Qmzy92HeM4okuexqk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BXzxFGBw1rl4AQFeVHs8Iy15jRWG6RLZvFKDtdwTzO8CsuofkvhvIdFeiCW6JeSZy w4kzgSUHiGPCSn+b/ftOFbU1rQkX+4i2m4oTwKprpXA5dW26kWBsh6PWRet+s01yCI rsbaK3Ch3m6q3U8XErXH110WSlEXtRkvAiU3oH3Y=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab0d3a94117e1c66e43aa72ca6e81d55519506c0f292cf0000000117c5b50792a169ce159f31b4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1786/425377046@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1786@github.com>
References: <quicwg/base-drafts/issues/1786@github.com>
Subject: Re: [quicwg/base-drafts] Add Advice and Rules for CONN_CLOSE in Initial and Handshake (#1786)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5badf30844ad_5d573fdce06d45b4530465"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/S9WODSPwAbM5WExftf_eD9xe99w>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2018 09:23:23 -0000
> Well, the specs says that you MUST terminate the connection. You can't countermeasure that without not being QUIC. You cannot process packets once you drop the keys, meaning that you would never see the CONNECTION_CLOSE packet, or anything else that might disrupt the handshake. Therefore, what an endpoint that is cautious of detecting attacks should do is drop the Initial key at the earliest moment. I simply do not see why we need to handle CONNECTION_CLOSE differently than other frames that we might see in a Initial packet that arrives at a later moment. And in regard to the philosophical question of if ignoring a Initial packet that you detected and found a CONNECTION_CLOSE frame is against the spec., my argument would be that stacks are allowed to do whatever they want in these circumstances. In my view, it is the same as having a packet filter that drops suspicious TCP packets. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1786#issuecomment-425377046
- [quicwg/base-drafts] Add Advice and Rules for CON… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… Mike Bishop
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… Ryan Hamilton
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… Martin Thomson
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… Ryan Hamilton
- Re: [quicwg/base-drafts] Add Advice and Rules for… MikkelFJ
- Re: [quicwg/base-drafts] Add Advice and Rules for… Kazuho Oku
- Re: [quicwg/base-drafts] Add Advice and Rules for… Kazuho Oku
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… Kazuho Oku
- Re: [quicwg/base-drafts] Add Advice and Rules for… ianswett
- Re: [quicwg/base-drafts] Add Advice and Rules for… Kazuho Oku
- Re: [quicwg/base-drafts] Add Advice and Rules for… martinduke
- Re: [quicwg/base-drafts] Add Advice and Rules for… Martin Thomson