Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)

Mike Bishop <notifications@github.com> Wed, 30 October 2019 19:56 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E77E7120914 for <quic-issues@ietfa.amsl.com>; Wed, 30 Oct 2019 12:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4Aq4sz5X9pY for <quic-issues@ietfa.amsl.com>; Wed, 30 Oct 2019 12:56:56 -0700 (PDT)
Received: from out-22.smtp.github.com (out-22.smtp.github.com [192.30.252.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03B1E120909 for <quic-issues@ietf.org>; Wed, 30 Oct 2019 12:56:56 -0700 (PDT)
Date: Wed, 30 Oct 2019 12:56:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1572465414; bh=AsXijYoZFoVXDaNe4TJKW1Y+blZmPlLIfR+or7Hmx+w=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=C/15IweyNS6OeuAvJfgk4+/sI+CLcxPz/3SYdwByDV8KPrhrSBUqvU5kbf0L74ZYW 9bpNgUj8E42CukHCcyMk2DifBLZENroB9GwTppqE1bRSb8FkDd+xT4Zwq3t5qMBFZe AbUbcgqY5lZrRE0Nm8bsmgJDwRmkl6Y5P+ulswtQ=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK7MN5V7DZK7KDGSILF3Y4VZNEVBNHHB5HRKFQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3166/review/309480916@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3166@github.com>
References: <quicwg/base-drafts/pull/3166@github.com>
Subject: Re: [quicwg/base-drafts] token-based greasing / initial packet protection (#3166)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db9eb06561d6_beb3f9d2accd95c2134de"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/VyBU5hTc0MQtPOKxxLIa3pnKTE4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 19:56:58 -0000

MikeBishop commented on this pull request.

I can see both sides with regard to a fallback path.  A MitM that wanted to force you back to v1 could manufacture a VN packet in response to versions it doesn't understand, swallowing the Initial or the server's actual reply.  Prohibiting fallback means that such a MitM can only prevent connections, not inspect the ClientHello.

That said, I'm dubious that most clients will not fall back at all.  The alternative is falling back to TCP, which is even more inspectable, or total connection failure.  History shows that total connection failure is not an outcome most clients or servers are comfortable with.

I think what we really want is a fallback path where an intermediary's attempt at interference becomes visible; endpoints can decide how to proceed in that situation without the spec telling them.  But then we're back to designing QUIC's version negotiation and downgrade protection mechanism, something we said we weren't going to do in v1.

> @@ -4970,6 +5080,30 @@ The NEW_TOKEN frame is as follows:
 
 NEW_TOKEN frames contain the following fields:
 
+Lifetime:
+
+: Indicates the lifetime of the values contained in this frame in milliseconds.
+  An endpoint MUST NOT use the values provided by this frame, once the time that

```suggestion
  An endpoint MUST NOT use the values provided by this frame once the time that
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3166#pullrequestreview-309480916