IETF Logo Mail Archive

Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)

MikkelFJ <notifications@github.com> Fri, 30 November 2018 20:21 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D921130FBE for <quic-issues@ietfa.amsl.com>; Fri, 30 Nov 2018 12:21:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IWalXJqo0MuU for <quic-issues@ietfa.amsl.com>; Fri, 30 Nov 2018 12:21:01 -0800 (PST)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6C69130EB1 for <quic-issues@ietf.org>; Fri, 30 Nov 2018 12:21:01 -0800 (PST)
Date: Fri, 30 Nov 2018 12:21:00 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543609260; bh=5UB97COFlU8zPhRLECeJy6ZICuZf9VcaSdUHUTnUavU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=cDcvtksU7SxUIEDpHowFY8lpkVqhioqnhdE7oc+5LDNUXRQCz8XgsfFc2fW8vGEBx /4gwwskEPqzIp4peeU7pgIRsuwnJ5kBVbTp1nBNfH/jj9rnRg7ZRKkfxvbpL9iOqUD +lHsNcCC3r8GHXd58nRrMn9jG3y3pPpVCMcDlYGc=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc21f964603309a2aba5b24e4062ecfe0498e313392cf0000000118195dac92a169ce1678fc4e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1951/443327768@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1951@github.com>
References: <quicwg/base-drafts/issues/1951@github.com>
Subject: Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c019bac9d6cc_52323f89ffed45b84589a7"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/d7DNVW4G1HnvFtloGn1vDZfsTRw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 20:21:03 -0000


@marten-seemann  wrote:

> I'm not sure if this is true. Consider the case where a packet contains two ACK frames, the first of which is valid, the second one acknowledges an unsent packet. When processing the frames, you'd first happily process (and clean up your history of sent packets), only to encounter the second, invalid frame. What do you do now? You could unwind the effects of the first ACK frame, which at least in my implementation would a huge amount of complexity, or you could ignore the second ACK frame, accepting the fact that you acted upon a packet that was probably sent by an attacker.

Whatever we do, we need to recognise that this particular case can also be an optimistic ACK attack by a valid endpoint that misbehaves. It is more likely to be a misbehaving client though. Therefore, special casing around this needs to close the connection once handshake encryption is online, but not before. That is a fair bit of complexity right there.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1951#issuecomment-443327768

v2.23.0 | Report a Bug | By Email