IETF Logo Mail Archive

Re: [quicwg/base-drafts] Disable Migration field in SPA (#3898)

Kazuho Oku <notifications@github.com> Mon, 13 July 2020 21:52 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C77463A0C93 for <quic-issues@ietfa.amsl.com>; Mon, 13 Jul 2020 14:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.101
X-Spam-Level:
X-Spam-Status: No, score=-3.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Evhh26EQDF7Q for <quic-issues@ietfa.amsl.com>; Mon, 13 Jul 2020 14:52:07 -0700 (PDT)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C68D3A0C8F for <quic-issues@ietf.org>; Mon, 13 Jul 2020 14:52:07 -0700 (PDT)
Received: from github-lowworker-c73936b.ash1-iad.github.net (github-lowworker-c73936b.ash1-iad.github.net [10.56.112.13]) by smtp.github.com (Postfix) with ESMTP id 677C4A1F4D for <quic-issues@ietf.org>; Mon, 13 Jul 2020 14:52:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594677126; bh=6vMA7ApEC5QE2TyGjadukHp+jVYQGbIrvojKC5TPxdw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=f7/dSWq3iObXpM3qPX8j38q/mUmOcK2cIVaaoOYNUmSfa3+4+VCM/P9QzfOVNdmrG 2RPHb4eEHQ4LGjIA9SlyUURdaOyTu6LwIDI9nVjNmK7mCpTF17TfBIyoKHqzjR3+gj pOVgpTG51zbRVirZa8hLamdQWBVHRZoC5tqZnyTs=
Date: Mon, 13 Jul 2020 14:52:06 -0700
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6MP2ULHHOY2UJBIA55DC4INEVBNHHCOG62GU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3898/review/447635683@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3898@github.com>
References: <quicwg/base-drafts/pull/3898@github.com>
Subject: Re: [quicwg/base-drafts] Disable Migration field in SPA (#3898)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f0cd78658bf6_62e03fdeddecd9602312e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/X8uCesRls1ZetzuuKygTDA4mgLA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 21:52:09 -0000

@kazuho commented on this pull request.

Thank you for working on the PR. I like the idea of adding a field to the SPA transport parameter. Looks good modulo the point below.

> @@ -2178,12 +2180,16 @@ before the handshake is confirmed, as defined in section 4.1.2 of {{QUIC-TLS}}.
 
 If the peer sent the disable_active_migration transport parameter, an endpoint
 also MUST NOT send packets (including probing packets; see {{probing}}) from a
-different local address to the address the peer used during the handshake. An
-endpoint that has sent this transport parameter, but detects that a peer has
-nonetheless migrated to a different remote address MUST either drop the incoming
-packets on that path without generating a stateless reset or proceed with path
-validation and allow the peer to migrate. Generating a stateless reset or
-closing the connection would allow third parties in the network to cause
+different local address to the address the peer used during the handshake. If
+the server sets the Disable Migration field in the preferred_address transport
+parameter, the client MUST NOT send packets from a different local address to
+the server's preferred address.

I think it might make sense to drop this MUST NOT as a whole:
* What if SPA includes an address of a different address family than the original address? The client has to use a different local address.
* A QUIC stack might be letting the operating system select the outgoing address, by skipping the call to `bind`, and letting `connect` select the *source* address. I do not think we'd want to forbid such QUIC stacks not supporting SPA.

FWIW, I do not think there is a big problem in client switching to a different address when migrating the preferred address with migration disabled. If the path is established, then there's no problem. If the path fails to establish, endpoints can continue talking on the original path.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3898#pullrequestreview-447635683

v2.23.0 | Report a Bug | By Email