IETF Logo Mail Archive

Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)

Mike Bishop <notifications@github.com> Mon, 24 June 2019 22:47 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5AF41200EC for <quic-issues@ietfa.amsl.com>; Mon, 24 Jun 2019 15:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVjbNvM9BLN7 for <quic-issues@ietfa.amsl.com>; Mon, 24 Jun 2019 15:47:26 -0700 (PDT)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87D65120122 for <quic-issues@ietf.org>; Mon, 24 Jun 2019 15:47:26 -0700 (PDT)
Date: Mon, 24 Jun 2019 15:47:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1561416445; bh=eRHsO8cve32k50gn19Rag4e4L0vl4cd6VT6tefIbCd0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NFs9VsZNxSAUYAj/IOb2jO3tOB79jYvCY4yccvdemDk8eGF8gy2JSaviJo2BsT1a2 QyOKPFG3cuOPhPrH6yq4Ri+8TvCr2+mbuL4j2IdtxNpqbSS5luYxwDYo2lH3DxBggr PgUurFFc5FVGx/L34txG50pW/xS0/QX76GDznW/w=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2MF43N73TDVGX7SZF3D2CX3EVBNHHBWZGHNE@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2834/505209548@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2834@github.com>
References: <quicwg/base-drafts/issues/2834@github.com>
Subject: Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d1152fdb72f6_3d733f973a0cd96878490"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/WU3qKITC08-o5zqVyOw5jLg-8LU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 22:47:29 -0000

I think the different viewpoints here implicitly assume different properties of the CID.

- If server-generated CIDs are easy for the server to recognize, but hard for an attacker to duplicate, then @kazuho's design makes perfect sense -- check whether the CID in an Initial is yours, and route based on it if so.
- If they're either difficult to verify or easy to forge, then you should only route based on CID if you retain enough state / embed enough state in the token to recognize when the client has switched to your CID and assume anything else is client-generated and untrustworthy.

Handshake packets can't be sent until you've seen the server's Initial, which means that Handshake *can* always carry the server's selected CID, but we could decide otherwise without breakage.  0-RTT packets have to start with the ODCID, and they could change or not.  Initial packets after the first round trip could change or not.

My inclination is that server infrastructure SHOULD NOT route based on the CID in an Initial or 0-RTT packet, even if the client has switched to the one you gave it; you also SHOULD NOT route based on CID for a version you don't understand.  In that case, it really doesn't matter whether the client switches upon receipt of your Initial.  They can start using the server's CID in Handshake and short-header packets.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2834#issuecomment-505209548

v2.23.0 | Report a Bug | By Email