Re: [quicwg/base-drafts] Bound 0-to-1-RTT Transition (#2466)

MikkelFJ <> Wed, 17 April 2019 19:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0412F12039D for <>; Wed, 17 Apr 2019 12:07:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 78crDwWfGvdx for <>; Wed, 17 Apr 2019 12:07:39 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AEE3F120363 for <>; Wed, 17 Apr 2019 12:07:31 -0700 (PDT)
Date: Wed, 17 Apr 2019 12:07:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1555528050; bh=Plx4VGn/JHaae7D/0HljVm64fpfduq5/Hkvtzx2AW0U=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=fI0cE+q0OE+WCBAiqJvUWvv8aepmdbpOgBZBIV4J/UHWn1rLv7aR5cnEpC01Ik1yp NHRDjQUNQeHf6wzgJ8pd9m0r4wna242DqmFCeUrk4rPBkTR6hfN3ovSKIe0NQTptbP Ho98PhKGElfhxOP18D33RLMPJbP2nfzl5UmNmYes=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2466/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Bound 0-to-1-RTT Transition (#2466)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cb77972ab5d3_152f3fc056ecd9601840f4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Apr 2019 19:07:41 -0000

mikkelfj commented on this pull request.

> @@ -2631,7 +2641,10 @@ number 0.  Subsequent packets sent in the same packet number space MUST increase
 the packet number by at least one.
 0-RTT and 1-RTT data exist in the same packet number space to make loss recovery
-algorithms easier to implement between the two packet types.
+algorithms easier to implement between the two packet types.  However, a client
+MUST NOT continue sending 0-RTT packets after beginning to use 1-RTT packets.
+Servers MUST drop 0-RTT packets with greater packet numbers than the lowest
+packet number they have received in a 1-RTT packet.

Nooo: an attacker can replay old 0-RTT packets with higher packet numbers and force a close. The packets MUST be dropped.

However, I don't like the explicit drop requirement. It should happen automatically when the 0-RTT key is dropped. No reason for the server to keep track of packet numbers if the key drop is precise.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: