Re: [quicwg/base-drafts] CID's should be compared in constant time (#2477)
MikkelFJ <notifications@github.com> Fri, 15 February 2019 19:53 UTC
Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BDA130FAB for <quic-issues@ietfa.amsl.com>; Fri, 15 Feb 2019 11:53:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.597
X-Spam-Level:
X-Spam-Status: No, score=-1.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id og2kaj2ewR0c for <quic-issues@ietfa.amsl.com>; Fri, 15 Feb 2019 11:53:42 -0800 (PST)
Received: from o4.sgmail.github.com (o4.sgmail.github.com [192.254.112.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05820124D68 for <quic-issues@ietf.org>; Fri, 15 Feb 2019 11:53:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=LsecRrX0gpU/MjdHQs/ZmzyOJ6E=; b=V2ils15rqmndEvZ7 aAAUHp204/lnMOVjM3LkG0yk9fIo76rvSpXGChUhJSynWr1TYd/kHvrgVWj/3yrK kFu/wVZNABfQ4LQ2PmshW9bGVpzFz4do0AOhwpi0ArVBuYtTQ9Q4ZAJ6thMj685v PCg8aVfLiDNAH8TBjEuzKKLLFXM=
Received: by filter0089p1iad2.sendgrid.net with SMTP id filter0089p1iad2-17107-5C6718C4-B 2019-02-15 19:53:40.19654362 +0000 UTC m=+862041.099376365
Received: from github-lowworker-1ffe0ab.cp1-iad.github.net (unknown [192.30.252.38]) by ismtpd0001p1iad2.sendgrid.net (SG) with ESMTP id O2VBC-phQmOQSZNptDeg1g for <quic-issues@ietf.org>; Fri, 15 Feb 2019 19:53:40.239 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-1ffe0ab.cp1-iad.github.net (Postfix) with ESMTP id 3F8363805C5 for <quic-issues@ietf.org>; Fri, 15 Feb 2019 11:53:40 -0800 (PST)
Date: Fri, 15 Feb 2019 19:53:40 +0000
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab17b6548184eb0aae123c2376141b68d800e74b2a92cf00000001187edac492a169ce187e182d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2477/464178398@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2477@github.com>
References: <quicwg/base-drafts/issues/2477@github.com>
Subject: Re: [quicwg/base-drafts] CID's should be compared in constant time (#2477)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c6718c43df11_4d663feac6cd45c422949d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0JFkZdosE/jW0nlBDxAO/eVam1apkDo1tE+S w7Kyx5TRwRMtdbm18T0RTj817ZXVaYwUbVbNHnpvN4/wpVj+mRE/sfIan836JGS4A6a2HilXO1+2Xn JwpTQNyo3O4czfVco1pMI3UOaaO42EqAXcqe/VnLxLX7mom6Tgccvd/ghA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/jJUd9oFUSPMJ-sxibdjHrQS1xHE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 19:53:44 -0000
> However, if you have to be on path to observe processing time, this is moot. You don't, because the endpoint cannot know what the correct path is before knowing the CID, assuming there is more than one possible path, as is usually the case. BTW: there could be attacks on middle boxes that learn what valid CID's are, but do not compare these constant time. I'm not sure how effective that would be though. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2477#issuecomment-464178398
- [quicwg/base-drafts] CID's should be compared in … Mike Bishop
- Re: [quicwg/base-drafts] CID's should be compared… Mike Bishop
- Re: [quicwg/base-drafts] CID's should be compared… MikkelFJ
- Re: [quicwg/base-drafts] CID's should be compared… Kazuho Oku
- Re: [quicwg/base-drafts] CID's should be compared… MikkelFJ
- Re: [quicwg/base-drafts] CID's should be compared… Dmitri Tikhonov
- Re: [quicwg/base-drafts] CID's should be compared… Martin Thomson
- Re: [quicwg/base-drafts] CID's should be compared… ianswett
- Re: [quicwg/base-drafts] CID's should be compared… Jana Iyengar
- Re: [quicwg/base-drafts] CID's should be compared… MikkelFJ
- Re: [quicwg/base-drafts] CID's should be compared… Martin Thomson
- Re: [quicwg/base-drafts] CID's should be compared… Martin Thomson