IETF Logo Mail Archive

[quicwg/base-drafts] allow dropping of Initial packets with invalid reserved bits (#2053)

Marten Seemann <notifications@github.com> Mon, 26 November 2018 10:48 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D966F130F23 for <quic-issues@ietfa.amsl.com>; Mon, 26 Nov 2018 02:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Level:
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZScJJjg0V0A for <quic-issues@ietfa.amsl.com>; Mon, 26 Nov 2018 02:48:38 -0800 (PST)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC734124BAA for <quic-issues@ietf.org>; Mon, 26 Nov 2018 02:48:37 -0800 (PST)
Date: Mon, 26 Nov 2018 02:48:36 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543229316; bh=KDgDUeNNatgZWgcoDk8eZKqJdA9iQPo+c3fMhoyyRuY=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=QzdnzYwsBZR9uYACirAObPZSbss9Wmn//LfKSTql4US3rOHMnxN90vEEEo+7zdL4r wGZTuhriKpXiFl2Uny36ZGFh3qQ0JzWPODdregR5sRdqePbJ4rLwdDuBUXD38LWAFh G3zp9xBboIFW54e09PAq/Ac+vBifQX7zDZnGlr6Y=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1ac1526c6d7e7ea2dcdda62ad59ce943f8b7e6ea92cf000000011813918492a169ce16e78b2d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2053@github.com>
Subject: [quicwg/base-drafts] allow dropping of Initial packets with invalid reserved bits (#2053)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bfbcf84cd5b6_6a703ff600cd45c015202b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Xcw9XH6MaLs_nl4xliWjyjeBnco>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 10:48:40 -0000

This won't give you full protection against injection attacks, but endpoints should at least be allowed to drop packets that are obviously not valid QUIC packets.
You can view, comment on, or merge this pull request online at:

  https://github.com/quicwg/base-drafts/pull/2053

-- Commit Summary --

  * allow dropping of Initial packets with invalid reserved bits

-- File Changes --

    M draft-ietf-quic-transport.md (7)

-- Patch Links --

https://github.com/quicwg/base-drafts/pull/2053.patch
https://github.com/quicwg/base-drafts/pull/2053.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2053

v2.35.0 | Report a Bug | By Email | System Status