Re: [quicwg/base-drafts] Required state for retaining unacked RETIRE_CONNECTION

Re: [quicwg/base-drafts] Required state for retaining unacked RETIRE_CONNECTION_ID frames is unbound (#3509)

Kazuho Oku <notifications@github.com> Fri, 27 March 2020 00:25 UTC

Date: Thu, 26 Mar 2020 17:25:25 -0700
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK454I4OHKOXSIEVBQ54REUPLEVBNHHCFAMG5E@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3509/604753447@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3509@github.com>
References: <quicwg/base-drafts/issues/3509@github.com>
Subject: Re: [quicwg/base-drafts] Required state for retaining unacked RETIRE_CONNECTION_ID frames is unbound (#3509)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e7d47f5e144_45853ffcd68cd9682366d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/gbNxtut5nyI_sYkne9mCWXk7CDY>

@martinduke 
> in this case isn't the client limited by active_connection_id_limit?

The attack here is that when a malicious client retires a CID to which the server has responded, that server would retire the CID that it has used on that path, and also provide a new CID to the client. But the client never ACKs the RCID frames that the server sends.

As an example, consider the case where a client uses sCID1 on a new path, the server responds on that path using cCID1, the client abandons that path and sends RCID (seq=sCID1). When receiving this RCID frame, the server would send RCID (seq=cCID1), and also send NCID(sCID2). The client intentionally does not ack the packet carrying these frames, but uses sCID2 on a new path, that carries NCID(cCID2), repeating this procedure.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3509#issuecomment-604753447

[quicwg/base-drafts] Required state for retaining… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… Marten Seemann
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Marten Seemann
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Eric Kinnear
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Mike Bishop
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… Mike Bishop
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… Nick Banks
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Marten Seemann
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Nick Banks
Re: [quicwg/base-drafts] Required state for retai… Jana Iyengar
Re: [quicwg/base-drafts] Required state for retai… Marten Seemann
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… ianswett
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… Kazuho Oku
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… martinduke
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson
Re: [quicwg/base-drafts] Required state for retai… Martin Thomson