IETF Logo Mail Archive

Re: [quicwg/base-drafts] Endpoints cannot verify padding (#4253)

Kazuho Oku <notifications@github.com> Tue, 20 October 2020 10:48 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 819033A112D for <quic-issues@ietfa.amsl.com>; Tue, 20 Oct 2020 03:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.101
X-Spam-Level:
X-Spam-Status: No, score=-3.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8J4LrcaJxY8 for <quic-issues@ietfa.amsl.com>; Tue, 20 Oct 2020 03:48:36 -0700 (PDT)
Received: from out-17.smtp.github.com (out-17.smtp.github.com [192.30.252.200]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F52F3A0AB9 for <quic-issues@ietf.org>; Tue, 20 Oct 2020 03:48:36 -0700 (PDT)
Received: from github.com (hubbernetes-node-2bb7979.va3-iad.github.net [10.48.100.62]) by smtp.github.com (Postfix) with ESMTPA id 4435F5C0EFF for <quic-issues@ietf.org>; Tue, 20 Oct 2020 03:48:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1603190915; bh=gdMeq3/qIaZtnHq0FA+ffOigbo0ipshIXS2pMJz0W4Q=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=oTw2qii0L4zyYL6K1XE047oxYr1eVkPuS8thQCr5aqhgpXCJigq5rrm9inYJfMTc6 sxPU8z8JAE6ytDSBX4uwgDfY4lA1L0rxhMlf4qATNedh1RKZIDDyuZHOJX8uzbnA9g 9qohG2EINz1woKj1avNlAC1UT5WTstGKlhXHBfnI=
Date: Tue, 20 Oct 2020 03:48:35 -0700
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK547MWVGC5MISYV2UN5TKQYHEVBNHHCWOBQMQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/4253/712764115@github.com>
In-Reply-To: <quicwg/base-drafts/issues/4253@github.com>
References: <quicwg/base-drafts/issues/4253@github.com>
Subject: Re: [quicwg/base-drafts] Endpoints cannot verify padding (#4253)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f8ec08340088_5e19b4843f6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Y_5izVrDWaWU8nJgQpvn5xMnTf4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 10:48:39 -0000

@martinthomson @gloinul I totally agree that this has to stop. I'm sorry to have missed this point when working on #4188; I realized the problem when I was wondering about the MUST vs. SHOULD discussion in #4241.

That said, I do think that it would be a good idea to adopt the proposal in this issue.

Let me go through the facts first. They are:
* An encrypted transport has to discard unauthenticated signals to prevent MOTS attackers from disrupting the connection.
* The size of the datagram is an unauthenticated signal throughout the lifetime of the connection. As noted above, this is the case for 1-RTT packets after handshake confirmation too.

Due to these facts, "MUST NOT close, can discard" is a principle that we've always had. The reason we hadn't written it down is because we used to have only one requirement regarding datagram length, that correctly follow the principle, stating that "servers MUST discard non-full-sized datagrams containing Initial packets."

But now that we have emerging consensus that datagrams carrying PATH_CHALLENGE / PATH_RESPONSE MUST be padded to full size (#4241), we need to write down that the receiver cannot enforce that.

Realizing that, I started to wonder if the "MAY close" rule that we added in #4188 has been correct.

As @janaiyengar points out, #4188 is a change that has not shipped yet. It's a recent change due to an issue discovered during *this* IETF last call. I do not think we have official consensus yet.

Therefore, I tend to think there would be less confusion if the next draft would contain:
* servers MUST pad datagrams carrying ack-eleciting Initial packets (the basis of #4188)
* endpoints MUST pad datagrams carrying PATH_CHALLENGE / PATH_RESPONSE frames (#4241)
* endpoints MUST NOT close a connection when receiving datagrams with size requirements (#4254)

rather than having two different of rules for handling small-sized datagrams, of which one does not follow the principle.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/4253#issuecomment-712764115

v2.23.0 | Report a Bug | By Email