IETF Logo Mail Archive

Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)

MikkelFJ <notifications@github.com> Thu, 21 June 2018 06:15 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6294713102A for <quic-issues@ietfa.amsl.com>; Wed, 20 Jun 2018 23:15:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZupGh1Y2J0h0 for <quic-issues@ietfa.amsl.com>; Wed, 20 Jun 2018 23:15:00 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6DBD130EE8 for <quic-issues@ietf.org>; Wed, 20 Jun 2018 23:14:59 -0700 (PDT)
Date: Wed, 20 Jun 2018 23:14:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529561698; bh=L3noGjl4wiJ70yAndeDpcnefl5sMnsTSkx06J+5P5hs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VWMmPVkaV/j15awnUOqPN59ZmK/mVRY7OLYqYSME6iSi7imqzWE+ShKIpcEt/0It0 xQIcBGP1LNt43pKUhRWQXD2xepP0vPQGIM9G+8yRHOPAGN/yOvHUYZBtMz3u/8gPnL 10ps/LAUjesp7T7TqvoeM3OZMeMzR+c6HF1EwBj8=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab8472bf1299ca7ddb7991a1ab8a64e9e902ddff8192cf000000011743046292a169ce13d69366@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1451/398988314@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1451@github.com>
References: <quicwg/base-drafts/issues/1451@github.com>
Subject: Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b2b4262ee387_21a32b2523054f60295263"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/_1te8ggS7Z33yGKuvOhlYEokJD8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 06:15:02 -0000

With the iteration specific NONCE reflected in RETRY, a client can easily drop secondary retry responses to older iterations of retries. But the NONCE does not have be reflected because the response would use a key derived from that NONCE thus failing verification if it doesn't match.

Using packet numbers to count iterations would simplify operations, but are not strictly necessary. I n this form the INITIAL packet must have  packet number that identifies the retry attempt number, starting at 0 and the retry response must reflect that packet number.

Late handshake responses to older iterations may be preferable to new retry responses due to man-on-side races. This can be detected via trial decryption of older NONCE derived keys, but it is simpler if the first server handshake packet number reflects the clients INITIAL packet number.

A NONCE could be generated randomly, or it could be using counter mode encryption such that the INITIAL packet number is an IV encrypting a base NONCE. Using counter mode avoids having to store several NONCE's in case an old handshake is received.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1451#issuecomment-398988314

v2.39.1 | Report a Bug | By Email | System Status