Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
Mike Bishop <notifications@github.com> Tue, 12 February 2019 21:32 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4720A130DC2 for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 13:32:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRp1igDF7Alz for <quic-issues@ietfa.amsl.com>; Tue, 12 Feb 2019 13:32:19 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B71A130DC4 for <quic-issues@ietf.org>; Tue, 12 Feb 2019 13:32:19 -0800 (PST)
Date: Tue, 12 Feb 2019 13:32:18 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1550007138; bh=EP0dbeIVErlJH6GfVkoksy+wQkf77U1ovzp9KWwwjLQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=o1y0CYLhZQn8d4W7wytP+Pe/mRJhyGlBqPvGLDc0Rmwk7qBRxgluxXc/0V2X7wBx8 TSlyBB+BGO8H8i0Z+CTcktOMlDfPE683Y3WV9DxwjnX9AKIlBeNfaQBYGkWHG8LUJl Fn9+65zsEzS8PJ87J4waoamz9uuz2ZRk3CMfYiOg=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab5b6d5e0b73052d3c7f26318dfbd9d38713d4a2ef92cf00000001187afd6292a169ce17e9c1c4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2355/review/202914936@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2355@github.com>
References: <quicwg/base-drafts/pull/2355@github.com>
Subject: Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c633b62358ae_32e23fbe7cad45c42786ad"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/aKtD1g74Y2UlaI9jzQiCQve1070>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 21:32:21 -0000
MikeBishop approved this pull request. I'm okay with the text as it stands, but had a few things to consider. > @@ -324,19 +324,15 @@ the connection can usually appear at any encryption level, whereas those associated with transferring data can only appear in the 0-RTT and 1-RTT encryption levels: The beginning of this paragraph (which GitHub won't let me comment on) is no longer true -- there isn't a specific list of frames per encryption level, but a list of exceptions to a general rule. > +MUST describe how the protocol uses 0-RTT and the measures that are employed to +protect against replay attack. Disabling 0-RTT entirely is the most effective +strategy. + +In the core protocol, particular attention needs to be paid to STREAM frames, +which carry application data. If another frame type carries, or could carry, +application semantics, then the risk from replay attack needs to be considered. +For instance, though this is likely to be inadvisable, an application that +attached semantics to increases in flow control credit or stream cancellation +would need to assess whether those uses were vulnerable to replay attack. + +Extensions to QUIC might create an additional exposure to replay attack if they +are used by application protocols. QUIC extensions SHOULD describe how replay +attacks affects their operation. Application protocols MUST either disable +extensions in 0-RTT or provide replay mitigation strategies for any use of the +extension. This last sentence feels a little weird. The application protocol is responsible for rules about transport extensions? I would expect to be able to add support for new extensions to a transport library without needing to rev the application layer, unless the extension is explicitly used by the application layer. It seems like the requirement that extensions describe how replay attacks are mitigated would be sufficient in general, and scope that last requirement to extensions which carry explicit application semantics (e.g. DATAGRAM). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2355#pullrequestreview-202914936
- [quicwg/base-drafts] Allow stream-related frames … Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Marten Seemann
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Kazuho Oku
- Re: [quicwg/base-drafts] Allow stream-related fra… Alessandro Ghedini
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Nick Banks
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… Mike Bishop
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow stream-related fra… ianswett
- Re: [quicwg/base-drafts] Allow stream-related fra… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Jana Iyengar
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Luca Niccolini
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Luca Niccolini
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Marten Seemann
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Kazuho Oku
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… MikkelFJ
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Mike Bishop
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson
- Re: [quicwg/base-drafts] Allow most frames in 0-R… Martin Thomson