Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)

ekr <notifications@github.com> Fri, 15 May 2020 20:31 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B1D3A0936 for <quic-issues@ietfa.amsl.com>; Fri, 15 May 2020 13:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.868
X-Spam-Level:
X-Spam-Status: No, score=-1.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.173, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2MJ6PxANrxD for <quic-issues@ietfa.amsl.com>; Fri, 15 May 2020 13:31:48 -0700 (PDT)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2643A0933 for <quic-issues@ietf.org>; Fri, 15 May 2020 13:31:47 -0700 (PDT)
Received: from github-lowworker-d31a065.va3-iad.github.net (github-lowworker-d31a065.va3-iad.github.net [10.48.17.70]) by smtp.github.com (Postfix) with ESMTP id 6A1AFC60742 for <quic-issues@ietf.org>; Fri, 15 May 2020 13:31:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1589574706; bh=vavAfK68YVo3H3Ehfcc+/8KvezELXeWM+Ogj7J+IZzc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ncEil52DZU/h7Fw5ladDOU5eBCIV5aclgtiT/4b6sBMDIi3GGFVmxvBIyK68vYOgC A0fGdjkBh7PS5xbPM3RAL8TqepQWvPEhdeM5NFJoWp1E6q/L09YIPOp0vaEFMsDGdp OSojSNHPHVm6fwDwGa5nzCfg8UMlIPxIWaT+FVvs=
Date: Fri, 15 May 2020 13:31:46 -0700
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK7MTLKLGFGKZW6WGQV4ZLOTFEVBNHHCESD76A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3499/review/408511028@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3499@github.com>
References: <quicwg/base-drafts/pull/3499@github.com>
Subject: Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ebefc325b226_449c3fce794cd95c874b1"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/XH54lL5L3kkOnjL9EehvZKonwC0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 20:31:49 -0000

@ekr approved this pull request.

LGTM

> @@ -1453,11 +1453,11 @@ Source Connection ID values as the client's first Initial packet.
 
 Upon first receiving an Initial or Retry packet from the server, the client uses
 the Source Connection ID supplied by the server as the Destination Connection ID
-for subsequent packets, including all subsequent 0-RTT packets.  This means that
-a client might have to change the connection ID it sets in the Destination
-Connection ID field twice during connection establishment: once in response to a
-Retry, and once in response to an Initial packet from the server. Once a client
-has received an Initial packet from the server, it MUST discard any subsequent
+for subsequent packets, including any 0-RTT packets.  This means that a client
+might have to change the connection ID it sets in the Destination Connection ID
+field twice during connection establishment: once in response to a Retry, and
+once in response to an Initial packet from the server. Once a client has
+received an Initial packet from the server, it MUST discard any subsequent

Perhaps we want to clarify "valid" here just to make sure that people recognize that it has to pass deprotection?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3499#pullrequestreview-408511028