IETF Logo Mail Archive

[quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)

Nick Banks <notifications@github.com> Sun, 23 June 2019 15:42 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB2A120122 for <quic-issues@ietfa.amsl.com>; Sun, 23 Jun 2019 08:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.423
X-Spam-Level:
X-Spam-Status: No, score=-8.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.415, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBFZU6QtROSE for <quic-issues@ietfa.amsl.com>; Sun, 23 Jun 2019 08:42:32 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C5FC1200C5 for <quic-issues@ietf.org>; Sun, 23 Jun 2019 08:42:32 -0700 (PDT)
Date: Sun, 23 Jun 2019 08:42:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1561304551; bh=hwMOq/JMEJ/Z0/wZ9Rey7BKIQpF+uDp2+eQHbFWh82s=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=jsyyTeBm63aIfra+AwjumZlOgllTf3eusUGTMRkXiF5EM8oZWOI85wWqUdc0NgL8V Fv3guS81f5LF9BFlYonQYbaNR9iu5ypdRmJZeRbD4otE+H4QdfVnvGywxmI2RJLTMG 9F9vI1vnzkL2Xqu9WZ8REZzI9Ch47WQqgWgPFFiA=
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYSL53WABB4RUPH2W53DTIGPEVBNHHBWZGHNE@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2834@github.com>
Subject: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d0f9de754741_275c3ffc7f6cd96c62456b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/cCBjH3yBcJTOsgkZe0Yd8nTMC1U>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jun 2019 15:42:35 -0000

I discussed this on Slack and opened a related issue on the [QUIC-LB doc](https://github.com/martinduke/draft-duke-quic-load-balancers/issues/43), but I think the real issue needs to be discussed here. The issue here is how a server (it's LB specifically) is supposed to statelessly route Long Header packets. Right now, the client immediately changes the destination CID it puts in its packets to the server chosen CID. This results in all Initial and Handshake packets it sends after the first (successful) flight of packets are received and acknowleded/responded to by the server.

So, practically, that means Long Header packets could have one of two types of CIDs: client chosen or server chosen. To prevent attack vectors from being exposed, the LB practically needs to use different routing logic for each type of CID. We don't want an attacker to explicitly control which backend server it creates a new connection to. The problem arrises because we have no way to differentiate which type of CID is included in the Long Header packets processed by the LB.

**Proposal**: All Long Header packets use the client chosen CID, to allow for consistent routing of these packets.

Now, if we agree that the CID doesn't change until Short Header packets are used, then that means we don't have to use the current implicit mechanism for changing the CID in response to the first server packet received. We can instead exchange it, encrypted with the Handshake keys; possibly a new transport parameter; or just the first NEW_CONNECTION_ID.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2834

v2.23.0 | Report a Bug | By Email