IETF Logo Mail Archive

Re: [quicwg/base-drafts] Clarify Actions on nonzero Reserved Bits (#2280)

martinduke <notifications@github.com> Mon, 31 December 2018 07:07 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B583312872C for <quic-issues@ietfa.amsl.com>; Sun, 30 Dec 2018 23:07:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HtO-tlhhXDHw for <quic-issues@ietfa.amsl.com>; Sun, 30 Dec 2018 23:07:23 -0800 (PST)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3145B1277D2 for <quic-issues@ietf.org>; Sun, 30 Dec 2018 23:07:23 -0800 (PST)
Date: Sun, 30 Dec 2018 23:07:22 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546240042; bh=y51VQ4dFpTdpg4gPWDSWViodmnSMDnz5uli0FxdAv7E=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VwPovy8iApu2yX+IYQyPsmh7jmFfzV3wBPqCGocPCqpD4TaJRYSdnLxWhjg++ys9r VPhuut9bNwhskrzg7VrO/ZX0g0lnyJUrkVrQQpnBpGAfWhXauq2FfSSXUp8bR7VPUt PleeiE0OPbSqPZzttO3vSreUQ344Ugx6jvwhJYHM=
From: martinduke <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab2c4a88ff0c91995c4febca211211452e545c128592cf000000011841822a92a169ce178a377a@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2280/review/188465606@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2280@github.com>
References: <quicwg/base-drafts/pull/2280@github.com>
Subject: Re: [quicwg/base-drafts] Clarify Actions on nonzero Reserved Bits (#2280)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c29c02a33a52_291b3fa3fd8d45c412525d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinduke
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/jnrO91dR-FTcvAwVv6qjOoodYfQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Dec 2018 07:07:25 -0000

martinduke commented on this pull request.



> @@ -3402,9 +3402,10 @@ Reserved Bits (R):
 
 : The next two bits (those with a mask of 0x0c) of byte 0 are reserved.  These
   bits are protected using header protection (see Section 5.4 of {{QUIC-TLS}}).
-  The value included prior to protection MUST be set to 0.  An endpoint MUST
-  treat receipt of a packet that has a non-zero value for these bits after
-  removing protection as a connection error of type PROTOCOL_VIOLATION.
+  The value included prior to protection MUST be set to 0.  An endpoint MUST treat
+  receipt of a packet that has a non-zero value for these bits after removing
+  packet (not just header) protection as a connection error of type

Oof. I didn't recall that section of the TLS draft. Thanks for pointing that out.

There are a couple of dangers here:
1) The implementer will not check "security considerations" in the tls draft when implementing first byte validation in the transport draft.
2) Naively, the implementation will choose to discard the packet and abort the connection after removing header protection, which opens up a DoS vector, even if goes through the motions of decrypting the packet anyway.

This is coming down to an editorial matter, and I agree my sentence is somewhat clunky. I'm open to other wording, but I don't think the current draft is satisfactory.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2280#discussion_r244558351

v2.23.0 | Report a Bug | By Email