Re: [quicwg/base-drafts] Migration with zero-length CID is inadvisable (#3563)

[Eric Kinnear <notifications@github.com>]

@erickinnear commented on this pull request.



> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using
+the packets' source address, migration might not be successful. Second, if
+such a  peer routes incoming packets by assigning a unique destination address

Tiny nit

```suggestion
such a peer routes incoming packets by assigning a unique destination address
```

> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using

These are both things that _might_ be the case in some situations, but also have situations where they might work. 

That said, it does seem like this first one is a bit different from the second one -- for the first one there's always going to be some risk that your packets don't get to the right place, hence the encouragement to probe the new path first. 

Yes, that could be a server that was supposed to set the TP, but even if it wasn't, having a zero length CID isn't really the thing that says "be careful here", and saying SHOULD NOT migrate in such a case seems a bit excessive. If we want to say "be careful, if someone screwed up their routing for whatever reason (which might correlate more with zero length CIDs) you might not hear anything back" then that's not unreasonable, but I think that's already kind of described in the whole path validation process -- you want to make sure the packets really got to the person with whom you've got a connection.

> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using
+the packets' source address, migration might not be successful. Second, if
+such a  peer routes incoming packets by assigning a unique destination address
+to the connection, which can be achieved using using the preferred_address
+transport parameter (see {{preferred-address}}), packets sent by this
+endpoint over multiple paths are trivially linkable.

In contrast to my comment on the first part, saying SHOULD NOT do trivially linkable things seems reasonable -- by default, don't, and if you've got some reason to believe that you don't care or can avoid that likability, then that's on you.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3563#pullrequestreview-393391099