[quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)

Martin Thomson <notifications@github.com> Mon, 09 December 2019 04:08 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AB851200CC for <quic-issues@ietfa.amsl.com>; Sun, 8 Dec 2019 20:08:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lBq5yBZM3qEN for <quic-issues@ietfa.amsl.com>; Sun, 8 Dec 2019 20:08:36 -0800 (PST)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D70B412004A for <quic-issues@ietf.org>; Sun, 8 Dec 2019 20:08:35 -0800 (PST)
Date: Sun, 08 Dec 2019 20:08:34 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575864515; bh=09yRUKo/j4/Jjhvzth6/EtZ8nUGS5CZ9fD2JeG9nAMs=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=h5s8q+bMPDvjg4dnI5CQOfnoWTg88O4eA4+qKwye3OenLoTM5f+SfbW0fFG42l+Pz npfJ+SJaESeLbCsufvHsXE4HPsUWHVzVefO93CZVVCuLnuX+6yLdT5ZvXCpB5vpw7w SYSTFBXvDaOBYyV6JxJ8trIfmUlIWkjSXbgnIQnk=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK7FXCYGF7CF54CT6WN37L5UFEVBNHHB7XUJLA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3292@github.com>
Subject: [quicwg/base-drafts] Curtail CONNECTION_CLOSE for small Initial (#3292)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dedc8c2f1b54_77173f8dfcacd9643799d6"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/V3NjZNiLKqfLUs5PYkgI-gBLQTE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 04:08:37 -0000

This is trickier than I had imagined.  Sending CONNECTION_CLOSE is
probably fine, but it&#39;s harder to do this correctly now.  You can&#39;t just
send an unauthenticated CONNECTION_CLOSE because that might disrupt a
real connection.  So there are two goals in tension:

1. Don&#39;t kill an active connection (attempt) unnecessarily.

2. Provide feedback about errors.

The observation is that an attacker can disrupt connections by eliciting
a CONNECTION_CLOSE, so feedback naturally leads to an exposure to a DoS
attack.  That&#39;s unfortunate, but we have established that we don&#39;t care
about DoS by an on-path attacker prior to handshake completion.
Anything we do here has got to be best effort.

DoS prevention would say that you just discard junk, and that is
probably the right answer.  But we have a number of cases where the
robustness of the system depends on getting feedback.

Either way, we agreed to allow CONNECTION_CLOSE in Initial, so the
exposure exists anyway.  So this contains advice.  Maybe too much
advice, but I thought that I&#39;d see what people thought.

Closes #3269.
You can view, comment on, or merge this pull request online at:

  https://github.com/quicwg/base-drafts/pull/3292

-- Commit Summary --

  * Curtail CONNECTION_CLOSE for small Initial

-- File Changes --

    M draft-ietf-quic-transport.md (23)

-- Patch Links --

https://github.com/quicwg/base-drafts/pull/3292.patch
https://github.com/quicwg/base-drafts/pull/3292.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3292