IETF Logo Mail Archive

Re: [quicwg/base-drafts] Connection migration should be indistinguishable from a new connection (#203)

Martin Thomson <notifications@github.com> Mon, 15 January 2018 23:33 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2ECE12ECBB for <quic-issues@ietfa.amsl.com>; Mon, 15 Jan 2018 15:33:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pP7RlZmr0frc for <quic-issues@ietfa.amsl.com>; Mon, 15 Jan 2018 15:33:01 -0800 (PST)
Received: from o9.sgmail.github.com (o9.sgmail.github.com [167.89.101.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 260FB127863 for <quic-issues@ietf.org>; Mon, 15 Jan 2018 15:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=d+aiNF17utf+FeUwcCOufos+i8Q=; b=U3DKoqB+JkQs3SR7 vtJO4fMrXe7HbI7e8KBCbIMc63FTs2Filcy/nQHJVnEw7CFIMG7xAedfH1B54x1g 7YgrS3XwiN7z6Xm2gePibIn9kynRadl0EYVVoyPWbX0tqZ9+mzbBqlXCytaEUq8j pS/5R/6Sjz9s3DdHuAQDQYalUkw=
Received: by filter1139p1mdw1.sendgrid.net with SMTP id filter1139p1mdw1-3363-5A5D3A2C-3 2018-01-15 23:33:00.192743643 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0018p1iad2.sendgrid.net (SG) with ESMTP id sJWbBRSuTAWxvve0_gbVKg for <quic-issues@ietf.org>; Mon, 15 Jan 2018 23:33:00.198 +0000 (UTC)
Date: Mon, 15 Jan 2018 23:33:00 +0000
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1d4ee1961c14cebd4556a96d83700e7329dfd51b92cf000000011674fc2c92a169ce0c118d76@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/203/357812374@github.com>
In-Reply-To: <quicwg/base-drafts/issues/203@github.com>
References: <quicwg/base-drafts/issues/203@github.com>
Subject: Re: [quicwg/base-drafts] Connection migration should be indistinguishable from a new connection (#203)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a5d3a2c106f5_52db3fb70de34f2887081a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak34VyxbgR0lc5C8AEPhqAJDqNQxcavuK030Am Gd4HceFyheglFzMZVsO67RwJRV2r283oJ3I5zXBvfiESGNowxqelqpjVsUOs1r4TBVJcfFr8U/dKyp 2YXi4B3nXh32eLHdvZOVRNZ2bg90IbAS4m+x5pbwnS48zkC0SXy53gf89u9ztlB+lTpm3ggLGj8+hX c=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/YuiRLEuz9_TphHo4oqEmZodj1go>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 23:33:03 -0000

Leaving aside the migration that happens without the knowledge of the migrating endpoint (like NAT rebinding), this is tricky, if not impossible.  And it's not a property of versions, but of our invariants.

The most obvious problem here is that a handshake uses the long header, which we don't use at any time afterwards.  So we have the migrating endpoint understand the need to make its packets indistinguishable and use the long header when it knows that it has migrated.

Firstly, as Lucas says, it would be trivial for a middlebox to apply the static packet protection keys for that version of QUIC to determine that the packet isn't protected with those keys.  We know from experience with TLS that middleboxes do exactly that sort of thing.

So what do we gain by doing this?  It seems like we just create a bunch of hoops for these middleboxes to jump through, none of which are especially challenging.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/203#issuecomment-357812374

v2.37.1 | Report a Bug | By Email | System Status