IETF Logo Mail Archive

Re: [quicwg/base-drafts] Handling of corrupt Retry packets (#3014)

Kazuho Oku <notifications@github.com> Fri, 27 September 2019 01:36 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B7B012013C for <quic-issues@ietfa.amsl.com>; Thu, 26 Sep 2019 18:36:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Level:
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oh7FQAOiGdLS for <quic-issues@ietfa.amsl.com>; Thu, 26 Sep 2019 18:36:38 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F81B120020 for <quic-issues@ietf.org>; Thu, 26 Sep 2019 18:36:38 -0700 (PDT)
Date: Thu, 26 Sep 2019 18:36:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1569548197; bh=raxio6SYqe2Mwm2Y9OypdqCqhI5IvOQA52DjdFfVoa4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=S+tcFP/DX8sRZkrYTMJXU6pFZM7JbFxqV6MWfG90VxxDuzK/1JFFxpSKizftLKxkh 1I0hDVJ62JSAPqoWDjJFPUtY3z1vaeGGrffhWMocKdt50aQl7w9XBJOJWLglpSjy5J /8sPmLX3x9nMPU9yYw0SzqbFsbmIhhYhakHSXEoI=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK55B2V5GFVEU2WFN2F3TKNCLEVBNHHB2TYBKQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3014/535746870@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3014@github.com>
References: <quicwg/base-drafts/issues/3014@github.com>
Subject: Re: [quicwg/base-drafts] Handling of corrupt Retry packets (#3014)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d8d67a5cc2b4_29e53fd2364cd96457897"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/iBqnU9DghiTEY7SEdrmtcG5dvhM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 01:36:40 -0000

@ianswett 
> Functionally, a Retry or Initial with no payload should be identical, minus the packet format?
>
> * Both have a Token
> * Both have a way of validating the original CID
> * Both have no other payload

Ah thank you for the clarification. So the idea here is to allow the servers to send tokens in Initial packets (which is currently prohibited), when the payload length is zero.

I agree that that's a possibility, and that we could have taken that path.

OTOH, I am not sure if we should consider that at this late stage, even if we are to authenticate and encrypt the Retry packet. The reasons are:
* Use of the Initial packet does reduce the complexity. It just changes how the clients make the distinction between Initial vs. Retry.
* The existence of PN field is concerning, as the client cannot ACK a Retry.

>From the server's point of view, Retry is an action that happens before a connection is established, and I like the fact that it is given a distinct packet type rather than being defined as a subtype of a packet that could be part of a connection (i.e. carrying PN). And we have enough bits to express the four long header packet types.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3014#issuecomment-535746870

v2.23.0 | Report a Bug | By Email