IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)

MikkelFJ <notifications@github.com> Mon, 09 July 2018 20:13 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 705DF130E6C for <quic-issues@ietfa.amsl.com>; Mon, 9 Jul 2018 13:13:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHAgQlIb356C for <quic-issues@ietfa.amsl.com>; Mon, 9 Jul 2018 13:13:19 -0700 (PDT)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816F0130E8C for <quic-issues@ietf.org>; Mon, 9 Jul 2018 13:13:19 -0700 (PDT)
Date: Mon, 09 Jul 2018 13:13:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1531167198; bh=nEPxJ9nnJwNR4nnRTQjSPL+fpk65cXEigFOxPl6J5oc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EWe0GD2mhOYppDjzvJtUQNpypGTp7btvZSh51gkPwFvcv+McapSFklqaRka4olnjC U0etX7rPFiP+Err0mTKIp05fiaU8Y+ZredbgIYRFwQnSV5yUpvr7SRWgRbNqB1lhvG CyxKuAzD+Ju9k5SSVgyQ4Ckdqsqb56JHwYBEJUg4=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1fcedae2cfc0ca53d6c58cfa35cb833b0cec4b7192cf00000001175b83de92a169ce140801b8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1486/403605280@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1486@github.com>
References: <quicwg/base-drafts/issues/1486@github.com>
Subject: Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b43c1de62194_469b3f7ef9692f781402cc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/g-6n7VSHUSUOKi6dGNUD8G8zxME>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 20:13:23 -0000

If the server sent something back encrypted with the initial server secret and verified by the client, then that would also work. But the QUIC TLS doc is hard to read. It is not very clear what kind of key is used in the servers initial response - is that already 1-RTT, or is there a first flight with initial keys. If it is the initial key, then the client can only verify the tag if the ODCID matches. If it is hashed into the 1-RTT context, it doesn't matter.

this makes little sense to me: what key is used after GetHandshake server side?
https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#rfc.section.4.1.3

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1486#issuecomment-403605280

v2.23.0 | Report a Bug | By Email