Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)

Kazuho Oku <notifications@github.com> Mon, 31 December 2018 20:49 UTC

Date: Mon, 31 Dec 2018 12:49:54 -0800
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abd5b8be34e34f8725be807686e9a91c01e4c26d9592cf00000001184242f292a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/450689295@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c2a80f268c8b_683a3fdde94d45c034862b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/T0q8ZpStEyeX1k242PlCSoFRgeQ>

@marten-seemann That's true. Thank you for pointing that out.

OTOH, I am still not convinced that we should disallow senders from coalescing QUIC packets of same type.

We need to maintain state while parsing the datagram (to not let each of enclosed packets generate a Retry), regardless of the approach we adopt. Therefore, I do not see benefit in disallowing coalescence, while the downside would be that it makes difficult to stitch a fake QUIC packet in front of the datagram to help PMTUD (as of -17, we do not have "reserved" packet types).



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2259#issuecomment-450689295

[quicwg/base-drafts] amplification attack using R… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Dmitri Tikhonov
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Martin Thomson
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar