Re: [quicwg/base-drafts] Optimistic ACKs and PFS in security considerations (#2160)
ekr <notifications@github.com> Thu, 13 December 2018 21:03 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF33D130E9D for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 13:03:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHBdhbIzmNx5 for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 13:03:01 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C21E130E9B for <quic-issues@ietf.org>; Thu, 13 Dec 2018 13:03:01 -0800 (PST)
Date: Thu, 13 Dec 2018 13:03:00 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1544734980; bh=LFBMxs2bL4iao3DdRSAtFnbOAnLC3IsO26KpCq3USn8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=QZsepjG84M3WXpRrTcjwk5RlZIOTd4he9+6rDQx+uuB4X4nvKQdDKU+c+iEl3STk7 J8fjUC8Q0n7gM1HrpgA9y3znokzH84wx8b2u55pJ6VCedN/CAySee0KYkjsPSCGhQk rJXOyGW/I8tZ9C/hvA6pC/jUulIUttb7FJyBICz0=
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab46a7589f08c4056277b4a1c1719916842b5ebfb292cf00000001182a8b0492a169ce174c0819@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2160/447119622@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2160@github.com>
References: <quicwg/base-drafts/issues/2160@github.com>
Subject: Re: [quicwg/base-drafts] Optimistic ACKs and PFS in security considerations (#2160)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c12c90428cc3_51163fbe1d6d45b433694"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/d6JDIYvLRFWmlBlMWfwEt1_bGM4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 21:03:03 -0000
``` The second mitigation is that the server can require that acknowledgments for sent packets match the encryption level of the sent packet. This mitigation is useful if the connection has an ephemeral forward-secure key that is generated and used for every new connection. If a packet sent is protected with a forward-secure key, then any acknowledgments that are received for them MUST also be forward-secure protected. Since the attacker will not have the forward-secure key, the attacker will not be able to generate forward-secure protected packets with ACK frames. ``` I don't understand what this means. Forward-security doesn't matter here because you always get fresh keys for each connection and if you don't see SH, you can't send packets. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2160#issuecomment-447119622
- [quicwg/base-drafts] Optimistic ACKs and PFS in s… ekr
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … ekr
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … MikkelFJ
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … Martin Thomson
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … janaiyengar
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … janaiyengar
- Re: [quicwg/base-drafts] Optimistic ACKs and PFS … janaiyengar