Re: [quicwg/base-drafts] Initial size of dynamic table (#1530)

Kazuho Oku <notifications@github.com> Thu, 09 August 2018 22:26 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5EC130DEA for <quic-issues@ietfa.amsl.com>; Thu, 9 Aug 2018 15:26:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vp26V5U6SS9W for <quic-issues@ietfa.amsl.com>; Thu, 9 Aug 2018 15:26:12 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EE8912D949 for <quic-issues@ietf.org>; Thu, 9 Aug 2018 15:26:12 -0700 (PDT)
Date: Thu, 09 Aug 2018 15:26:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1533853571; bh=bHi9H+1Ktvrw9W87gxY8sIgPPXoz0SmzofyauGmZYOI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=i7X5v7tPbf7ut82bAQZj9zdZ13kXAN8z4IGLDuqS8vTKXZmuZgVlTfGt6ZYRmJ7++ SER9SzaYWAKkXqRiNWdWCbpIqHVRuzwwbsQg1SLfj7cnKOSotdFOuSYdvY/jMXyz0l 8fpwkX7yiA/ckLL30W8yrKViHqurDDWGzrkm2w9U=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4aba5f1dad91ccfb0cb134f94f69dc10cccbb23898692cf000000011784818392a169ce1431be2f@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1530/411917732@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1530@github.com>
References: <quicwg/base-drafts/issues/1530@github.com>
Subject: Re: [quicwg/base-drafts] Initial size of dynamic table (#1530)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b6cbf83543fa_12473fe3cbabe624102346"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/heUO9GDHIfkWbILEjHyPGxkBuWA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2018 22:26:15 -0000

Note also that while we have two mechanisms for communicating the states of the previous connection (i.e. TLS session ticket and QUIC token), the latter cannot be used for this purpose because tokens are not protected by the handshake. An attacker can mount a cut-and-paste attack to bind a token obtained from a different connection to the victims handshake.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1530#issuecomment-411917732