Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)

Christian Huitema <notifications@github.com> Fri, 06 March 2020 01:05 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A14E13A0FED for <quic-issues@ietfa.amsl.com>; Thu, 5 Mar 2020 17:05:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.1
X-Spam-Level:
X-Spam-Status: No, score=-3.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRbOUK90eLgx for <quic-issues@ietfa.amsl.com>; Thu, 5 Mar 2020 17:05:45 -0800 (PST)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C8DC3A0FEB for <quic-issues@ietf.org>; Thu, 5 Mar 2020 17:05:45 -0800 (PST)
Received: from github-lowworker-5fb2734.va3-iad.github.net (github-lowworker-5fb2734.va3-iad.github.net [10.48.19.27]) by smtp.github.com (Postfix) with ESMTP id 864F85204F5 for <quic-issues@ietf.org>; Thu, 5 Mar 2020 17:05:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1583456744; bh=VIixIHxrbvzcd1iqvSoEByl1CkrjeOL1OoCKwPwgoDM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=W7e3N/PhOdUesA9XM/ELFP7XhLXXSIgOpIwX2D4Et5tN4mKA/bvj3quyBJ4VMRDpo pghH409j2BctkPyqT46Wrm4BRmshj4AKsK+14GN7a/0KUio9ryhfnHa+37yuN/A9DA iIGVf+1FHgxbePWWTWH4ESvdS1H7lVjAwbzs/VmE=
Date: Thu, 05 Mar 2020 17:05:44 -0800
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK3U7U2IVJKK6KGX2MN4NWBOREVBNHHCESD76A@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3499/review/370021781@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3499@github.com>
References: <quicwg/base-drafts/pull/3499@github.com>
Subject: Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e61a1e8767e3_5b9e3ff7318cd968588b0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/jCSlP0Dum9CykMRb4yS-UcfZ_yo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 01:05:47 -0000

huitema commented on this pull request.

Could we add to this PR a description of the attack, maybe in the security section, and the suggestion that servers may want to tie the retry token to both the ODCID and the server's initial SCID?

>  from the server, it MUST discard any packet it receives with a different Source
 Connection ID.
 
+Each endpoint includes the value of the Source Connection ID from Initial
+packets it sends in the handshake_connection_id transport parameter; see
+{{transport-parameter-definitions}}.  Each endpoint validates that the value
+received from the peer is identical to the value of the transport parameter.
+Absense of the handshake_connection_id transport parameter or a mismatch in
+values MUST be treated as a connection error of type PROTOCOL_VIOLATION.  When
+sending a Retry packet or the first Initial packet, a server MUST select values
+for the Source Connection ID field that differ from the values the client
+includes in the Destination Connection ID field.  These measures ensure that the
+choice of connection ID cannot be influenced by an attacker.
+

I have some difficulty parsing that in the retry scenario. is "the Source Connection ID from Initial
packet" the value found in the retry packet sent by the server, or is the source connection ID in the first initial packet of the server? Currently, there is no requirement that these two be the same value.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3499#pullrequestreview-370021781