IETF Logo Mail Archive

Re: [quicwg/base-drafts] Let Endpoints Ignore invalid Initial Packets (#1819)

MikkelFJ <notifications@github.com> Thu, 18 October 2018 21:19 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7895130E67 for <quic-issues@ietfa.amsl.com>; Thu, 18 Oct 2018 14:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.064
X-Spam-Level:
X-Spam-Status: No, score=-3.064 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b6xRSsOv4ixK for <quic-issues@ietfa.amsl.com>; Thu, 18 Oct 2018 14:19:38 -0700 (PDT)
Received: from o9.sgmail.github.com (o9.sgmail.github.com [167.89.101.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3358412F1AC for <quic-issues@ietf.org>; Thu, 18 Oct 2018 14:19:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=W8wxeBIaSAZQlysT+bs+vHmY4x8=; b=cNJa5ZdxIy5UeOzx yFMkX6A10N6lEmcp9a7jCyVhrRbvIJV2K5xQkeCAOSGUEqlRZGem7uIAZkPvQjxl mqyJNChEn8gHctNSBNqhKattInTPZw3CEZSUQAoWNUV5ApHXhPZpRhQV9nuCjbPu y5r7ZHVbEHOaS82Gnc3FwLZ91xM=
Received: by filter1044p1las1.sendgrid.net with SMTP id filter1044p1las1-19286-5BC8F876-4 2018-10-18 21:17:42.152515261 +0000 UTC m=+3577.479066737
Received: from github-lowworker-3c598a3.cp1-iad.github.net (unknown [192.30.252.43]) by ismtpd0024p1iad2.sendgrid.net (SG) with ESMTP id -Yzu4H1zRXyJx4MQAISJTA for <quic-issues@ietf.org>; Thu, 18 Oct 2018 21:17:42.071 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-3c598a3.cp1-iad.github.net (Postfix) with ESMTP id EE311A802C5 for <quic-issues@ietf.org>; Thu, 18 Oct 2018 14:17:41 -0700 (PDT)
Date: Thu, 18 Oct 2018 21:17:42 +0000
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9855833c539b1fc43b2802bdc4dc8c8dd839d08292cf0000000117e0ba7592a169ce15cbb1a4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1819/review/166298026@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1819@github.com>
References: <quicwg/base-drafts/pull/1819@github.com>
Subject: Re: [quicwg/base-drafts] Let Endpoints Ignore invalid Initial Packets (#1819)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bc8f875e264c_53c03fd47dcd45c422006e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0Y+cqbyDok7WzYaLYocO0TO2S/eCQ9LBjE8U 0iFN5ail+ePfX74I2K6qW4cRUINCirZBdaDWC72bLgIcZ6Av0xhbaEOuHCW3abi8bQ9j8rAEcyyiNX f7RZ8hKWsDcXlTay+y8bbSP8yXYy/USCmnCiF2xAN39e3nUCAtazxp8e+A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/_361KCBfn5qbuLaEtwy5sTnUL6U>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 21:19:40 -0000

mikkelfj commented on this pull request.



> @@ -736,6 +733,18 @@ and will contain a CRYPTO frame with an offset matching the size of the CRYPTO
 frame sent in the first Initial packet.  Cryptographic handshake messages
 subsequent to the first do not need to fit within a single UDP datagram.
 
+### Handling of Fatal Initial Packets
+
+The contents of some Initial packets may, according to this specification, force
+connection termination. For example, they might contain forbidden frame types
+or a CONNECTION_CLOSE frame. As Initial packets are not protected, these could
+indicate injection attacks to terminate the connection.
+
+Endpoints MAY treat the receipt of such packets as a connection error, drop them

So why is there such resistance against implicit ACKs in handshake, when the solve a concrete problem, as opposed to a being a whacky optimization?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1819#discussion_r226467403

v2.23.0 | Report a Bug | By Email