IETF Logo Mail Archive

Re: [quicwg/base-drafts] Expand AEAD limits to consider multi-user security. (#3789)

martinduke <notifications@github.com> Tue, 30 June 2020 18:56 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFEFA3A0039 for <quic-issues@ietfa.amsl.com>; Tue, 30 Jun 2020 11:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Level:
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHeMVEQu_4sr for <quic-issues@ietfa.amsl.com>; Tue, 30 Jun 2020 11:56:56 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82B783A003B for <quic-issues@ietf.org>; Tue, 30 Jun 2020 11:56:56 -0700 (PDT)
Received: from github-lowworker-bb778fb.ash1-iad.github.net (github-lowworker-bb778fb.ash1-iad.github.net [10.56.102.56]) by smtp.github.com (Postfix) with ESMTP id D2C90520DB0 for <quic-issues@ietf.org>; Tue, 30 Jun 2020 11:56:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1593543415; bh=4SXU/uZy+xgsqTnxF2/yE8m1wXzDWyg42WLBCFkM3lA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=v4mVfyPaVTJDO6QeLtodMI6igRyAOlbNCaBEGX6OWPbAQq4K/t+7t4FadURAykJDB at9MrNS/fPASU1qLBpirkIftHa/Ywg/jzF1tkVC2CUOTFFyNARQGAagQHP4QczDE67 7tmvrDusJWfji5Lz0WQeJ1e8mbyaRr8ndqDSC3bw=
Date: Tue, 30 Jun 2020 11:56:55 -0700
From: martinduke <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZJC4XGA34LGYULOV55A5V7PEVBNHHCM4U4BA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3789/review/440299792@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3789@github.com>
References: <quicwg/base-drafts/pull/3789@github.com>
Subject: Re: [quicwg/base-drafts] Expand AEAD limits to consider multi-user security. (#3789)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5efb8af7c43e6_7a373f8f30ecd96c1299f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/aF7KuvRm2S4Ubq8SF0agsCjHjyI>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 18:56:58 -0000

@martinduke requested changes on this pull request.



> @@ -1552,30 +1549,40 @@ number of attempts to forge packets. TLS achieves this by closing connections
 after any record fails an authentication check. In comparison, QUIC ignores any
 packet that cannot be authenticated, allowing multiple forgery attempts.
 
-Endpoints MUST count the number of received packets that fail authentication for
-each set of keys.  If the number of packets that fail authentication with the
-same key exceeds a limit that is specific to the AEAD in use, the endpoint MUST
-stop using those keys.  Endpoints MUST initiate a key update before reaching
-this limit.  If a key update is not possible, the endpoint MUST immediately
-close the connection.  Applying a limit reduces the probability that an attacker
-is able to successfully forge a packet; see {{AEBounds}} and {{ROBUST}}.
+Endpoints MUST count the number of encrypted packets for each set of keys. If

Can this clarify who is doing the updating? If I've sent 2^27 or received 2^27 do I initiate?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3789#pullrequestreview-440299792

v2.39.1 | Report a Bug | By Email | System Status