Re: [quicwg/base-drafts] Migration with zero-length CID is inadvisable (#3563)

Eric Kinnear <notifications@github.com> Wed, 15 April 2020 01:05 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CF7D3A141C for <quic-issues@ietfa.amsl.com>; Tue, 14 Apr 2020 18:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.267
X-Spam-Level:
X-Spam-Status: No, score=-3.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w77IcBgRFsam for <quic-issues@ietfa.amsl.com>; Tue, 14 Apr 2020 18:05:17 -0700 (PDT)
Received: from out-12.smtp.github.com (out-12.smtp.github.com [192.30.254.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 015743A141B for <quic-issues@ietf.org>; Tue, 14 Apr 2020 18:05:16 -0700 (PDT)
Received: from github-lowworker-f62aa54.va3-iad.github.net (github-lowworker-f62aa54.va3-iad.github.net [10.48.17.68]) by smtp.github.com (Postfix) with ESMTP id 56A431204E4 for <quic-issues@ietf.org>; Tue, 14 Apr 2020 18:05:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1586912716; bh=cKQXOxwdiP18CeSxyMCxyyg3b1UGeBlkfenxQT6dPfk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BKrQ4X/sB9P1mM2HAkwiBvWaOYeV7jWQD0xvEif7V8J90fWBklYW612YVLXcECgjx 83BowlOTh6jLeJDKR9/XOa31nyW7gNCix1D0jnUZ94z2hbJ9mtharImyInaHvkboMM jg6xfHg9chmKSONqdgNQgSTPcSZeuTS7W6+5GEAs=
Date: Tue, 14 Apr 2020 18:05:16 -0700
From: Eric Kinnear <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2JVD5AU7Y5MIKIQDF4UI7MZEVBNHHCGQM7OQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3563/review/393391099@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3563@github.com>
References: <quicwg/base-drafts/pull/3563@github.com>
Subject: Re: [quicwg/base-drafts] Migration with zero-length CID is inadvisable (#3563)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e965dcc1125e_647c3fb069ccd9644632c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Wc63Dii1cwKnuwyBJNGiHKIAOP8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 01:05:19 -0000

@erickinnear commented on this pull request.



> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using
+the packets' source address, migration might not be successful. Second, if
+such a  peer routes incoming packets by assigning a unique destination address

Tiny nit

```suggestion
such a peer routes incoming packets by assigning a unique destination address
```

> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using

These are both things that _might_ be the case in some situations, but also have situations where they might work. 

That said, it does seem like this first one is a bit different from the second one -- for the first one there's always going to be some risk that your packets don't get to the right place, hence the encouragement to probe the new path first. 

Yes, that could be a server that was supposed to set the TP, but even if it wasn't, having a zero length CID isn't really the thing that says "be careful here", and saying SHOULD NOT migrate in such a case seems a bit excessive. If we want to say "be careful, if someone screwed up their routing for whatever reason (which might correlate more with zero length CIDs) you might not hear anything back" then that's not unreasonable, but I think that's already kind of described in the whole path validation process -- you want to make sure the packets really got to the person with whom you've got a connection.

> @@ -2246,6 +2246,14 @@ that packet numbers cannot be used to correlate activity.  This does not prevent
 other properties of packets, such as timing and size, from being used to
 correlate activity.
 
+An endpoint SHOULD NOT initiate migration with a peer that uses a zero-length
+connection ID, for two reasons. First, if the peer routes incoming packets using
+the packets' source address, migration might not be successful. Second, if
+such a  peer routes incoming packets by assigning a unique destination address
+to the connection, which can be achieved using using the preferred_address
+transport parameter (see {{preferred-address}}), packets sent by this
+endpoint over multiple paths are trivially linkable.

In contrast to my comment on the first part, saying SHOULD NOT do trivially linkable things seems reasonable -- by default, don't, and if you've got some reason to believe that you don't care or can avoid that likability, then that's on you.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3563#pullrequestreview-393391099