Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mike Bishop <notifications@github.com> Wed, 12 June 2019 22:54 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9D5A120128 for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 15:54:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.008
X-Spam-Level:
X-Spam-Status: No, score=-8.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7dbQU0n9uUp for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 15:54:35 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 650E41200F9 for <quic-issues@ietf.org>; Wed, 12 Jun 2019 15:54:35 -0700 (PDT)
Date: Wed, 12 Jun 2019 15:54:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1560380073; bh=Y0dmvfszPv34Anogat/lfXQSQkhvyEfa/eBkEWMUejM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TnBjRPMD5kmWJ+ZjN3Rmr7dwRiy34g/4A4rD6TDYX1NJwMFemIZLL/BltEXO7gIMV Fb2cBBESHFX3FPVweBSk6zgr4kKnD3e5T2mSvqZHN/aSqbAae+36qdETEGYRHwaSJR FedjYm884T4/e2kbfUNsoOmJo/QjWhco1vgfL8XI=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK2WFIZEXRNADMELY7N3B22STEVBNHHBWJFGY4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2785/501483631@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2785@github.com>
References: <quicwg/base-drafts/issues/2785@github.com>
Subject: Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d0182a9b97e4_29423fec652cd968132010"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/YaXCmtKjOy6V-chsDWP-_8ql20w>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 22:54:38 -0000
Essentially, the current text says that you can't _actually_ forget a retired CID until all CIDs with the same SRT have been retired. At that point and not before, you can forget all of them at once. #2769 doesn't change this at all -- doesn't even really make it worse. That PR provides a mechanism for asking a client to retire a certain set of CIDs; if the set only partially overlaps with the set of CIDs covered by an SRT, that mechanism is not terribly useful because you can't actually forget all the CIDs you asked the peer to retire. It could be _very_ useful to ask the peer to retire the last CID in one of these groups because you've got 200 of them you'd really like to clear out. But that doesn't change the core fact: You can't actually forget a retired CID until all CIDs with the same SRT have been retired. If each SRT maps uniquely to a CID, this is a simple requirement to satisfy. If you choose to do something else, that's your problem. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2785#issuecomment-501483631
- [quicwg/base-drafts] Disallow reuse of stateless … David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… Mike Bishop
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… Marten Seemann
- Re: [quicwg/base-drafts] Disallow reuse of statel… MikkelFJ
- Re: [quicwg/base-drafts] Disallow reuse of statel… David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… MikkelFJ
- Re: [quicwg/base-drafts] Disallow reuse of statel… ianswett
- Re: [quicwg/base-drafts] Disallow reuse of statel… Mike Bishop
- Re: [quicwg/base-drafts] Disallow reuse of statel… Lars Eggert
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson