IETF Logo Mail Archive

Re: [quicwg/base-drafts] QPACK Auth48 edits (PR #4982)

Mike Bishop <notifications@github.com> Mon, 04 April 2022 21:31 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 819753A1A0E for <quic-issues@ietfa.amsl.com>; Mon, 4 Apr 2022 14:31:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.098
X-Spam-Level:
X-Spam-Status: No, score=-3.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1zAvOHoMndV for <quic-issues@ietfa.amsl.com>; Mon, 4 Apr 2022 14:31:52 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A173A1A00 for <quic-issues@ietf.org>; Mon, 4 Apr 2022 14:31:52 -0700 (PDT)
Received: from github-lowworker-52827f8.ash1-iad.github.net (github-lowworker-52827f8.ash1-iad.github.net [10.56.108.24]) by smtp.github.com (Postfix) with ESMTP id 135C6E150B for <quic-issues@ietf.org>; Mon, 4 Apr 2022 14:31:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1649107911; bh=PC7Z3I+5yizmfeM4Kzc2NME6UMGvKvLxBDTc+/fePw4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AVKaBVBui3ONmHkUGbn5dEjRzXkUoCQ7weWisMiUNP2C/bTNO2b482+EqsRjFmEzU cEDEobeFs/nx7kwzurcRLQmsA013lGFhAIvC3vFJGc5wwAA3tsIM4vqUI4pkRZRvSt idC+us2Bs7aWOGv1jEI+NLu/IACp55HdrevCJegM=
Date: Mon, 04 Apr 2022 14:31:50 -0700
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6FTZE3BG5C2NA5O7WALCLENEVBNHHEOEMUEU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/4982/review/930973915@github.com>
In-Reply-To: <quicwg/base-drafts/pull/4982@github.com>
References: <quicwg/base-drafts/pull/4982@github.com>
Subject: Re: [quicwg/base-drafts] QPACK Auth48 edits (PR #4982)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_624b63c6b5cd3_73a0c6fc4188a0"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/bBCfzYEstFZvlz1uaQpw-vkK60E>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 21:32:05 -0000

@MikeBishop commented on this pull request.



> @@ -657,14 +640,14 @@ HPACK defines string literals to begin on a byte boundary.  They begin with a
 single bit flag, denoted as 'H' in this document (indicating whether the string
 is Huffman-coded), followed by the Length encoded as a 7-bit prefix integer, and
 finally Length bytes of data. When Huffman encoding is enabled, the Huffman
-table from {{Section B of RFC7541}} is used without modification and Length
+table from {{Section B of RFC7541}} is used without modification, and Length

```suggestion
table from {{Section B of RFC7541}} is used without modification and Length
```
Since the Huffman table isn't a parenthetical phrase, I'm not sure adding this comma makes sense.

> @@ -928,9 +911,9 @@ The encoder transforms the Required Insert Count as follows before encoding:
 
 Here `MaxEntries` is the maximum number of entries that the dynamic table can

On lines 912-920, the RFC Editor text output does not have quotes, but (as with the HTTP/3 AUTH48) this appears to be a tooling difference rather than a deliberate change.  The XML matches.

>  individual characters. An attacker can only learn whether a guess is correct or
-not, so is reduced to a brute force guess for the field values associated with a
-given field name.
+not, so it is reduced to a brute-force guess for the field values associated

```suggestion
not, so the attacker is reduced to a brute-force guess for the field values associated
```
The suggested "it" is ambiguous between the attacker and the guess.

> @@ -1395,7 +1378,7 @@ immediately sent due to flow control is not affected by this limit.
 Implementations should limit the size of unsent data, especially on the decoder
 stream where flexibility to choose what to send is limited.  Possible responses
 to an excess of unsent data might include limiting the ability of the peer to
-open new streams, reading only from the encoder stream, or closing the
+open new streams, reading only from the encoder stream or closing the

```suggestion
open new streams, reading only from the encoder stream, or closing the
```
This is a list of three possible mitigations; I believe the Oxford comma is appropriate.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/4982#pullrequestreview-930973915
You are receiving this because you are subscribed to this thread.

Message ID: <quicwg/base-drafts/pull/4982/review/930973915@github.com>

v2.8.7 | Report a Bug | By Email