Re: [quicwg/base-drafts] Clients cannot abandon Initial packets while server can still send initial close (#2541)

Christian Huitema <notifications@github.com> Wed, 08 May 2019 03:51 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9F0120052 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 20:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.919
X-Spam-Level:
X-Spam-Status: No, score=-6.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 654Yoxl5uZP5 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 20:51:42 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD43E120006 for <quic-issues@ietf.org>; Tue, 7 May 2019 20:51:42 -0700 (PDT)
Date: Tue, 07 May 2019 20:51:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1557287501; bh=qaJA0w3dq2uZH5NxZN5HCNO+x8sPl8UhElVko4/jUXg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=mSM5TSt1oPytEd7izu4T8+XbJatyO8A5grNFPrWG9ROYoeuCc4yst/KaWFYC1Q0GE piZzXPI1VGyk83xblKI+toZnpMMYyvaOsDjzpMRtoG5dDEehM2vKST1soXvCX4Sr4p Crzuu+cypp2V/mAKuUBYpawhhvAvGKY7kKYd9bPQ=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4PUWVZZ5TJ4DLYIQ5236CM3EVBNHHBSQ7R3A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2541/490336977@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2541@github.com>
References: <quicwg/base-drafts/issues/2541@github.com>
Subject: Re: [quicwg/base-drafts] Clients cannot abandon Initial packets while server can still send initial close (#2541)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/U5bn4RZ9Yp_dqMp1FJrPlGCqxbk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 03:51:44 -0000

Note the trade-off there: once the handshake is established, the peers have a secure channel modulo possible MITM. Critical messages like connection close really ought to be sent on the secure channel. The client that accepts connection close on the Initial channel opens itself to the equivalent of a spoofed TCP RST. Secure implementations must be allowed to ignore all Initial packets once handshake is established.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977