IETF Logo Mail Archive

Re: [quicwg/base-drafts] Make EOED transmission optional in QUIC, please (#1518)

Victor Vasiliev <notifications@github.com> Mon, 03 September 2018 03:42 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCBF7130E07 for <quic-issues@ietfa.amsl.com>; Sun, 2 Sep 2018 20:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kxXhWLEr9_C for <quic-issues@ietfa.amsl.com>; Sun, 2 Sep 2018 20:42:01 -0700 (PDT)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64485130E0E for <quic-issues@ietf.org>; Sun, 2 Sep 2018 20:41:59 -0700 (PDT)
Date: Sun, 02 Sep 2018 20:41:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1535946118; bh=3eMHKi6zro7RAxQt41efRxQZhcZqvmBq1a5D1nKLSGU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Mi2jrnVF/xd7r84ZC/V6tie335+xlFMOzqeKJ420QOplK4IsjWDFHufVmfaavoSJe KMrx77ClLE9NWr/ZTlKS3ALOMQVG+Xu9ZfRfddkrPor8Rn9IYct4CHfVfe2UyTDt6U xUc3cm14PqaG/gDDTMNQ8wnm5Bq2xMUXG58g7zJ8=
From: Victor Vasiliev <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab2111042e8d80be3dd1a772229a0a000b8a45153c92cf0000000117a46f8692a169ce1427404b@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1518/417992450@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1518@github.com>
References: <quicwg/base-drafts/issues/1518@github.com>
Subject: Re: [quicwg/base-drafts] Make EOED transmission optional in QUIC, please (#1518)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b8cad8689791_41ee3fd8d58d45bc1507419"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: vasilvv
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/SEWMQtf8dYeCLamLmhSwILQHMPM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2018 03:42:03 -0000

> I don't think the main issue is compatibility with the existing TLS implementations but rather (a) having consistency with TLS

The point I was trying to make is that EOED is not logically part of TLS handshake protection (which we're trying to preserve in order to rely on security properties proven in multiple analyses), but rather of TLS record layer.  We're pretty much rolling our own record layer, which means it befalls on us to ensure its security ourselves.  That does not itself mean we should drop EOED by itself, merely that we actually *have* to decide something without pointing fingers to TLS 1.3 :)

Regarding your attack, if you're concerned about 0-RTT keys being compromised after EOED, wouldn't you want to drop them as soon as possible?  As it stands, the client can't do it because it has to hold onto them for retransmitting EOED.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1518#issuecomment-417992450

v2.29.0 | Report a Bug | By Email | System Status