IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)

Kazuho Oku <notifications@github.com> Wed, 27 June 2018 07:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFB2130E47 for <quic-issues@ietfa.amsl.com>; Wed, 27 Jun 2018 00:19:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nudxiOkur57j for <quic-issues@ietfa.amsl.com>; Wed, 27 Jun 2018 00:19:19 -0700 (PDT)
Received: from out-16.smtp.github.com (out-16.smtp.github.com [192.30.254.199]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FD7E130E8D for <quic-issues@ietf.org>; Wed, 27 Jun 2018 00:19:19 -0700 (PDT)
Date: Wed, 27 Jun 2018 00:19:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530083958; bh=L2HU5HG5wRqhkqLSrup2DrLNAKYrfGbHsQVsl08zLMc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AhaGpqzZNvImb4iKusGa7rALzV26tpPK0n5e2uH8xkhLKO4H1x5syN9BjQqeHtOM/ hA5HyiSU0NyHt6YI4sP4641IQi/ns79dQQQgMm0Juu+zSD4Yh6dQ8JG/pc7WJfkXv6 ujMRdglnWwipdv738sMVLQqDoHwlmJx7vlhAuynw=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab157fab0ac69661208c68d647d671d4f0e58dff8292cf00000001174afc7692a169ce140801b8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1486/400568727@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1486@github.com>
References: <quicwg/base-drafts/issues/1486@github.com>
Subject: Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b333a76703ec_c6a2ad40345cf5c176998"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/jjXTbhhdg1rOIE6D99SnhDgtRYs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2018 07:19:21 -0000

> Ahh, though it's only the first one, that might be enough. Not sure how much this matters, but we should do something, even if that is only write this down.

Yes.

Consider you want to build a middlebox that verifies Client Hello. What you might do is:
* precompute AES-CTR for a special 8-octet CID (e.g., 0000000000000000)
* send a Retry packet that contains the special CID in the source CID field and a zero-length token for every Initial packet that does not contain the special CID in the destination CID field

By doing these, a middlebox can skip the cost of AES for decrypting the Initial packet, because the every Initial packet that it forwards will be encrypted using the same bitstream.

I think we should permit the use of zero-length token, because it would be useful for *stateful* path validation.

OTOH, I would like to prevent seeing these kind of hacks being applied by middleboxes (since it is an ossification concern), if the cost of preventing it is marginal. IMO, including initial DCID in TP and requiring the servers to validate the value when possible meets that goal.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1486#issuecomment-400568727

v2.23.0 | Report a Bug | By Email