Re: [quicwg/base-drafts] Mandate using a new connection ID on migration (#2413)
Mike Bishop <notifications@github.com> Wed, 06 February 2019 19:49 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5972F130F3A for <quic-issues@ietfa.amsl.com>; Wed, 6 Feb 2019 11:49:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.552
X-Spam-Level:
X-Spam-Status: No, score=-12.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOTr0FckjUbA for <quic-issues@ietfa.amsl.com>; Wed, 6 Feb 2019 11:49:18 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07CD3130F29 for <quic-issues@ietf.org>; Wed, 6 Feb 2019 11:49:17 -0800 (PST)
Date: Wed, 06 Feb 2019 11:49:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1549482557; bh=uyAfZV6skK9+bg7FjeHP/8FSJK7LNYEPf00mnDNJBZo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HqSKQGY/GT3LG40+g8yweGVaR2Zeek7pfPiy/5YzLoT+D0yCIk3U+AJif7QeVtnxn mLQNMlS+UDzjlMwrKyYMLXioKMyiARMW+N3fAViEmmHRnuxyP/OWeGMxUFPgYhlgMa aGgQNpQNmXhHN8lE7O40AW8GT0nwcrDbSjUxnMak=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abd5fc15af438a32210be1ae22f328cdd099a6b8a992cf000000011872fc3d92a169ce183ba2c6@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2413/461162070@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2413@github.com>
References: <quicwg/base-drafts/issues/2413@github.com>
Subject: Re: [quicwg/base-drafts] Mandate using a new connection ID on migration (#2413)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5b3a3d50bd9_58823fa5748d45c4697898"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/h1k-VmMUq6r3MZULWcPovmPCXCw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 19:49:20 -0000
The problem with migrating with an empty CID is that the recipient can't identify which connection it should be considered for. It's going to have to do trial decryption with the keys for all current 0LCID connections on that destination port if it wants to permit that. (In fact, I'm fairly sure we previously had text that said if you couldn't match a packet to exactly one connection upon receipt, you had to drop it; that seems to have been removed.) On a NAT rebinding, a server could say that if the IP matches and only the port has changed, it might still match a singular existing connection. That's only safe if the server is using a unique port for each connection, which seems unlikely. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2413#issuecomment-461162070
- [quicwg/base-drafts] Mandate using a new connecti… Martin Thomson
- Re: [quicwg/base-drafts] Mandate using a new conn… Igor Lubashev
- Re: [quicwg/base-drafts] Mandate using a new conn… erickinnear
- Re: [quicwg/base-drafts] Mandate using a new conn… Martin Thomson
- Re: [quicwg/base-drafts] Mandate using a new conn… Igor Lubashev
- Re: [quicwg/base-drafts] Mandate using a new conn… David Schinazi
- Re: [quicwg/base-drafts] Mandate using a new conn… MikkelFJ
- Re: [quicwg/base-drafts] Mandate using a new conn… Mike Bishop
- Re: [quicwg/base-drafts] Mandate using a new conn… MikkelFJ
- Re: [quicwg/base-drafts] Mandate using a new conn… Martin Thomson
- Re: [quicwg/base-drafts] Mandate using a new conn… Martin Thomson
- Re: [quicwg/base-drafts] Mandate using a new conn… Martin Thomson
- Re: [quicwg/base-drafts] Mandate using a new conn… Jana Iyengar
- Re: [quicwg/base-drafts] Mandate using a new conn… Jana Iyengar
- Re: [quicwg/base-drafts] Mandate using a new conn… Martin Thomson