Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)
Nick Banks <notifications@github.com> Mon, 24 June 2019 22:14 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8EA912020A for <quic-issues@ietfa.amsl.com>; Mon, 24 Jun 2019 15:14:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yi1Fn9Opgmyp for <quic-issues@ietfa.amsl.com>; Mon, 24 Jun 2019 15:14:01 -0700 (PDT)
Received: from out-17.smtp.github.com (out-17.smtp.github.com [192.30.252.200]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED541120041 for <quic-issues@ietf.org>; Mon, 24 Jun 2019 15:14:00 -0700 (PDT)
Date: Mon, 24 Jun 2019 15:13:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1561414439; bh=BT6vO2GkkkjhcODBsElDRtmRPrLg+m9NVZbjcOl4o7M=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=WV507IBQxGojbXYqowJ4tQ6/YE+AoIMXBtwLuIi1CaVuhodCwbGLU8zWhW3aMqPgz e3kCBmP6gVaRar8cvR14xDWj57aiihReRX/z3cvQCEjakNBNWb4hm1YCQaK7hGBw1R uOZHdvarGbpuoZL2iB+efXGfHAkqlMYXKVXdTi04=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4THMJG2CUXWFPIUAF3DZ62PEVBNHHBWZGHNE@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2834/505201750@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2834@github.com>
References: <quicwg/base-drafts/issues/2834@github.com>
Subject: Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d114b27b692b_582d3f9b546cd96c350290"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Tng-5fXoCqUIdBnnaXikuS3EkTM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 22:14:03 -0000
>All the packets that the client sends in response to server's packet contains a server-chosen CID. >This is an excellent property. @kazuho with the current way things are spec'ed, and assuming you do not use auth tags in the CIDs and that you do not try to decrypt the actual payload, when a stateless LB receives an Initial packet from the client, how exactly is it supposed to chose which backend server to send it to? In other words, how do you differentiate the very first Initial packet from the client (using the client CID) vs a response Initial packet (using the server CID)? > Besides, if you are fine with routing packets based on client-chosen CID, I'd assume that you'd also be fine with routing long header packets based on the 5-tuple. As far as exposing attacks, existing (TCP/UDP) deployments already use hashing of the 5-tuple to route packets. Using similar logic (hash of CID+tuple) to route just initial QUIC packets doesn't expose any additional attack surface. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2834#issuecomment-505201750
- [quicwg/base-drafts] Long Header Packets and Rout… Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Marten Seemann
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Mike Bishop
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … Mike Bishop
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … Mike Bishop
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … David Schinazi
- Re: [quicwg/base-drafts] Long Header Packets and … Marten Seemann
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Marten Seemann
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … David Schinazi
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … MikkelFJ
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … David Schinazi
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … David Schinazi
- Re: [quicwg/base-drafts] Long Header Packets and … Nick Banks
- Re: [quicwg/base-drafts] Long Header Packets and … David Schinazi
- Re: [quicwg/base-drafts] Long Header Packets and … Kazuho Oku
- Re: [quicwg/base-drafts] Long Header Packets and … ianswett
- Re: [quicwg/base-drafts] Long Header Packets and … Martin Thomson
- Re: [quicwg/base-drafts] Long Header Packets and … mirjak
- Re: [quicwg/base-drafts] Long Header Packets and … Igor Lubashev
- Re: [quicwg/base-drafts] Long Header Packets and … Lars Eggert
- Re: [quicwg/base-drafts] Long Header Packets and … martinduke
- Re: [quicwg/base-drafts] Long Header Packets and … Mark Nottingham