Re: [quicwg/base-drafts] Clients cannot abandon Initial packets while server can still send initial close (#2541)
Christian Huitema <notifications@github.com> Wed, 08 May 2019 03:51 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9F0120052 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 20:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.919
X-Spam-Level:
X-Spam-Status: No, score=-6.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 654Yoxl5uZP5 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 20:51:42 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD43E120006 for <quic-issues@ietf.org>; Tue, 7 May 2019 20:51:42 -0700 (PDT)
Date: Tue, 07 May 2019 20:51:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1557287501; bh=qaJA0w3dq2uZH5NxZN5HCNO+x8sPl8UhElVko4/jUXg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=mSM5TSt1oPytEd7izu4T8+XbJatyO8A5grNFPrWG9ROYoeuCc4yst/KaWFYC1Q0GE piZzXPI1VGyk83xblKI+toZnpMMYyvaOsDjzpMRtoG5dDEehM2vKST1soXvCX4Sr4p Crzuu+cypp2V/mAKuUBYpawhhvAvGKY7kKYd9bPQ=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4PUWVZZ5TJ4DLYIQ5236CM3EVBNHHBSQ7R3A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2541/490336977@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2541@github.com>
References: <quicwg/base-drafts/issues/2541@github.com>
Subject: Re: [quicwg/base-drafts] Clients cannot abandon Initial packets while server can still send initial close (#2541)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/U5bn4RZ9Yp_dqMp1FJrPlGCqxbk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 03:51:44 -0000
Note the trade-off there: once the handshake is established, the peers have a secure channel modulo possible MITM. Critical messages like connection close really ought to be sent on the secure channel. The client that accepts connection close on the Initial channel opens itself to the equivalent of a spoofed TCP RST. Secure implementations must be allowed to ignore all Initial packets once handshake is established. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977
- [quicwg/base-drafts] Clients cannot abandon Initi… mjoras
- Re: [quicwg/base-drafts] Clients cannot abandon I… Subodh Iyengar
- Re: [quicwg/base-drafts] Clients cannot abandon I… Nick Banks
- Re: [quicwg/base-drafts] Clients cannot abandon I… David Schinazi
- Re: [quicwg/base-drafts] Clients cannot abandon I… Kazuho Oku
- Re: [quicwg/base-drafts] Clients cannot abandon I… Subodh Iyengar
- Re: [quicwg/base-drafts] Clients cannot abandon I… Nick Banks
- Re: [quicwg/base-drafts] Clients cannot abandon I… ianswett
- Re: [quicwg/base-drafts] Clients cannot abandon I… Lars Eggert
- Re: [quicwg/base-drafts] Clients cannot abandon I… Christian Huitema
- Re: [quicwg/base-drafts] Clients cannot abandon I… ekr
- Re: [quicwg/base-drafts] Clients cannot abandon I… Mark Nottingham
- Re: [quicwg/base-drafts] Clients cannot abandon I… David Schinazi
- Re: [quicwg/base-drafts] Clients cannot abandon I… David Schinazi
- Re: [quicwg/base-drafts] Clients cannot abandon I… mjoras
- Re: [quicwg/base-drafts] Clients cannot abandon I… Mark Nottingham
- Re: [quicwg/base-drafts] Clients cannot abandon I… Mark Nottingham
- Re: [quicwg/base-drafts] Clients cannot abandon I… David Schinazi
- Re: [quicwg/base-drafts] Clients cannot abandon I… Eric Kinnear
- Re: [quicwg/base-drafts] Clients cannot abandon I… Mike Bishop
- Re: [quicwg/base-drafts] Clients cannot abandon I… Martin Thomson