Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 2F9F0120052
 for <quic-issues@ietfa.amsl.com>; Tue,  7 May 2019 20:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.919
X-Spam-Level: 
X-Spam-Status: No, score=-6.919 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001,
 MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001,
 SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=github.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 654Yoxl5uZP5 for <quic-issues@ietfa.amsl.com>;
 Tue,  7 May 2019 20:51:42 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id AD43E120006
 for <quic-issues@ietf.org>; Tue,  7 May 2019 20:51:42 -0700 (PDT)
Date: Tue, 07 May 2019 20:51:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
 s=pf2014; t=1557287501;
 bh=qaJA0w3dq2uZH5NxZN5HCNO+x8sPl8UhElVko4/jUXg=;
 h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID:
 List-Archive:List-Post:List-Unsubscribe:From;
 b=mSM5TSt1oPytEd7izu4T8+XbJatyO8A5grNFPrWG9ROYoeuCc4yst/KaWFYC1Q0GE
 piZzXPI1VGyk83xblKI+toZnpMMYyvaOsDjzpMRtoG5dDEehM2vKST1soXvCX4Sr4p
 Crzuu+cypp2V/mAKuUBYpawhhvAvGKY7kKYd9bPQ=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts
 <reply+AFTOJK4PUWVZZ5TJ4DLYIQ5236CM3EVBNHHBSQ7R3A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2541/490336977@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2541@github.com>
References: <quicwg/base-drafts/issues/2541@github.com>
Subject: Re: [quicwg/base-drafts] Clients cannot abandon Initial packets while
 server can still send initial close (#2541)
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/U5bn4RZ9Yp_dqMp1FJrPlGCqxbk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG
 <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>,
 <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 03:51:44 -0000


----==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Note the trade-off there: once the handshake is established, the peers have a secure channel modulo possible MITM. Critical messages like connection close really ought to be sent on the secure channel. The client that accepts connection close on the Initial channel opens itself to the equivalent of a spoofed TCP RST. Secure implementations must be allowed to ignore all Initial packets once handshake is established.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977
----==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Note the trade-off there: once the handshake is established, the peers have a secure channel modulo possible MITM. Critical messages like connection close really ought to be sent on the secure channel. The client that accepts connection close on the Initial channel opens itself to the equivalent of a spoofed TCP RST. Secure implementations must be allowed to ignore all Initial packets once handshake is established.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AFTOJK7AS2GTS7PK37F3MPTPUJE43ANCNFSM4HAIOPVA">mute the thread</a>.<img src="https://github.com/notifications/beacon/AFTOJK5QSV3HWB3XYCGPRTLPUJE43A5CNFSM4HAIOPVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODU47FUI.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977",
"url": "https://github.com/quicwg/base-drafts/issues/2541#issuecomment-490336977",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>
----==_mimepart_5cd2524d7ae9e_4443f9dc9ecd96013585a--