IETF Logo Mail Archive

Re: [quicwg/base-drafts] If you want a Stateless Reset you need to send a much larger packet than before (#2770)

ianswett <notifications@github.com> Fri, 07 June 2019 13:55 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81D712003F for <quic-issues@ietfa.amsl.com>; Fri, 7 Jun 2019 06:55:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.605
X-Spam-Level:
X-Spam-Status: No, score=-6.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSgxqEiYZFh5 for <quic-issues@ietfa.amsl.com>; Fri, 7 Jun 2019 06:55:54 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 343B3120058 for <quic-issues@ietf.org>; Fri, 7 Jun 2019 06:55:54 -0700 (PDT)
Date: Fri, 07 Jun 2019 06:55:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1559915752; bh=5YT2j3B7GL3ZpmEIzibC+FKy/bW6jvUG47+HE1MxOk8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=DJZyU7N+SfbpC3RELCeJ7T9lqsb42T8+ZAraqoG/LrNDjksi+xAmFEusjrEVFy+kH LKOLDsSkjdTW2h1HlZg7zyIUkKAyzG+R4pQHcvPXUyXCvs7M2bFVwWRQnU6qqDeCn9 UzrKyPwrtLIDL2n5QdX4oEgmhBf06etV/rhitTtw=
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4JYAZYVFDGGGVJREV3A6PWREVBNHHBV5FOPQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2770/499894384@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2770@github.com>
References: <quicwg/base-drafts/issues/2770@github.com>
Subject: Re: [quicwg/base-drafts] If you want a Stateless Reset you need to send a much larger packet than before (#2770)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cfa6ce8b40fd_35013f9553ccd9681745e9"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/fbrQxDov4uBA8rF7vKMMmwmf61Y>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 13:55:56 -0000

I remember a few goals for stateless rejects(there are probably more):
 1) Cannot be spoofed
 2) Ideally an active attacker cannot cause a server to generate one for an active connection
 3) Indistinguishable from other traffic
 4) No amplification attacks
 5) No endless loops
 6) Can be sent in response to any packet that can't be associated with an active connection.

We compromised 6 in order to achieve 3 more often.  I think we can tweak the existing design to not compromise 6 and still provide 3.

We can put a bit more burden on the client and add text to indicate that if the client wants a stateless reject that's indistinguishable from other traffic, it needs to send a packet that's at least 1 byte larger than the minimum plausible incoming packet.  In most circumstances, I expect this to naturally occur because the server connection ID will be longer than the client's.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2770#issuecomment-499894384

v2.23.0 | Report a Bug | By Email