IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client connection IDs are broken (#2844)

Kazuho Oku <notifications@github.com> Sat, 27 July 2019 06:32 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E49120121 for <quic-issues@ietfa.amsl.com>; Fri, 26 Jul 2019 23:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkeg1rBG1fRb for <quic-issues@ietfa.amsl.com>; Fri, 26 Jul 2019 23:31:59 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 490F5120106 for <quic-issues@ietf.org>; Fri, 26 Jul 2019 23:31:59 -0700 (PDT)
Date: Fri, 26 Jul 2019 23:31:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1564209118; bh=LTIfVA2BUwoexc2+bS0XNmWMvMNH5gyM+a9JApm4tLU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=E1r6MZe6t7SyGtxRPaoTV2a2swwgevHG3fewnjzwtJtj4slPqu/HafA8Q+E64g7mn mU/0U+IujVBD42aVOXPX75rFgdssSONMeRFdgFiigt82ZylGGy62cxGkqv0dy3m73Q d7IK3woLQ7crhMxJM+KQaKUyEa1p+nMjv27uoL9c=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZKVQMYCG5OCRMHBL53JERF5EVBNHHBW5BWIY@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2844/515657133@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2844@github.com>
References: <quicwg/base-drafts/issues/2844@github.com>
Subject: Re: [quicwg/base-drafts] Client connection IDs are broken (#2844)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d3befde48e2b_42233f8294acd96447385f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/UgG1Ixkp-QudaVe_-3L6pDt3a9M>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 06:32:02 -0000

@igorlord 
> This discussion is about not arbitrarily forbidding something that is useful. 

Thank you for the clarification. Assuming that we can give clients the freedom coalesce multiple connections onto a single 5-tuple, I do not have a strong argument against giving servers some wiggle room.

> I am puzzled why you think it is "complex", though.
> 
> Is it that much more complex to do
> 
> `connection = by_4tuple[pkt.4tuple()] ? : by_cid[pkt.cid()];`
> 
> than
> 
> `connection = by_cid[pkt.cid()];`

I think it is more complex than that.

The approach you are describing can be modeled as a daisy-chain of two QUIC servers.

What would the server do if there is no corresponding state for a short header packet that you receive, neither in `by_4tuple` nor `by_cid`?

The server needs to send a stateless reset. But because the server cannot tell if the packet were to be identified by the 4-tuple or the CID (because you no longer have state!), the server needs to send two stateless reset packets, one generated using the 4-tuple as the key, and the other generated using the CID. However, simply doing that could lead to an amplification attack (as we know, the amount of data (or packets) the server can send as a reset needs to be smaller than the amount of data that the server has received).

This _might_ be a problem htat we want to solve. But is it worth spending the time of the WG to discuss such thing? I'm not sure.

And I'm not sure if this is the only problem that exists in the proposed design.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2844#issuecomment-515657133

v2.23.0 | Report a Bug | By Email