Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)
Kazuho Oku <notifications@github.com> Fri, 30 November 2018 02:57 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC46E126BED for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 18:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzGgqBpkHfFM for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 18:57:30 -0800 (PST)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07F5F12008A for <quic-issues@ietf.org>; Thu, 29 Nov 2018 18:57:30 -0800 (PST)
Date: Thu, 29 Nov 2018 18:57:29 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543546649; bh=3co6PflwKqPjBhW/Ficnw0PVNNOwO+lQBQNh9CH6hkM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rFHaHqKDpdKX3AubegWhfGnx8Y56oXa7ervjReO2DxFd1BPvk0pII2oOe/Iypp9NA J01jRtQhYp9refxjZSqxGVVh4mJWyDkezwa6GlbKJan6SBWwymFcuhGdCKB5G8M1PJ 5Yzxx1F1cLOnrCFsCDSP15ZoVi/DW6sWXY4Seq6g=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba134848268890df10e5a63cf37cd71b6a1b253c492cf000000011818691992a169ce1678fc4e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1951/443073733@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1951@github.com>
References: <quicwg/base-drafts/issues/1951@github.com>
Subject: Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c00a7194c82f_56113fa4bded45bc4670a7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/bzorZ1a1csGHq6n6BRF1Lw83VRU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 02:57:32 -0000
I agree that dropping at per-frame basis is more fragile than dropping keys. However, it has the following benefits: * The rule to evade attacks before the Handshake keys are exchanged. Specifically, ignoring unexpected PNs in ACK is a nice-to-have for #2076. * The rules are easier to implement than what we have now in #2053, because the rules can be applied in one-path, rather than in two-pass (i.e. first check that the frames are valid then apply all of them). To put it another way, per-frame rules is something easy to implement, and also is beneficial to evade attacks during the exchange of Initials. And if we use the framework also for ignoring CRYTO frames once the Handshake key is obtained, dropping the Initial keys become unnecessary. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1951#issuecomment-443073733
- [quicwg/base-drafts] For disconnect with Initial … Christian Huitema
- Re: [quicwg/base-drafts] Disconnect with Initial … Christian Huitema
- Re: [quicwg/base-drafts] Disconnect with Initial … ianswett
- Re: [quicwg/base-drafts] Disconnect with Initial … ianswett
- Re: [quicwg/base-drafts] Disconnect with Initial … Christian Huitema
- Re: [quicwg/base-drafts] Disconnect with Initial … Christian Huitema
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … Subodh Iyengar
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … Marten Seemann
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … Marten Seemann
- Re: [quicwg/base-drafts] Disconnect with Initial … ianswett
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … Marten Seemann
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … Marten Seemann
- Re: [quicwg/base-drafts] Disconnect with Initial … Kazuho Oku
- Re: [quicwg/base-drafts] Disconnect with Initial … MikkelFJ
- Re: [quicwg/base-drafts] Disconnect with Initial … Martin Thomson
- Re: [quicwg/base-drafts] Disconnect with Initial … Martin Thomson
- Re: [quicwg/base-drafts] Disconnect with Initial … ekr
- Re: [quicwg/base-drafts] Disconnect with Initial … Martin Thomson