IETF Logo Mail Archive

Re: [quicwg/base-drafts] Connection abort during handshake (#597)

Jānis <notifications@github.com> Wed, 07 June 2017 06:23 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FF2E12EA7F for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 23:23:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.395
X-Spam-Level:
X-Spam-Status: No, score=-8.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmZNUVDZTRF5 for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 23:23:42 -0700 (PDT)
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2-ext2.iad.github.net [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8A48129B63 for <quic-issues@ietf.org>; Tue, 6 Jun 2017 23:23:41 -0700 (PDT)
Date: Tue, 06 Jun 2017 23:23:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1496816620; bh=rQLYpmQ7U2Nvg9w/AObTjpiTq8iyA/6C1eFsbQi1RAU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=mHPTficMN0wPXIl9zx9Viv1pSvfr3appQZpcPn6m9mD0x4fgVNlHbDgXiXm1KLR6q 8y3MnTjt0lEljTRZN+V9bVz4Sla9yAICmcRaNa4UcN3Rx7zS2PR/fwHPnL2RuLbK0A JoljqVBkH0Cz2+IWWzNFWj2iY63Kp0crvRfyBnGY=
From: Jānis <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab89fef91b6e20f2248b57a63e7fc629580ae49ee892cf00000001154f5dec92a169ce0df28989@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/597/306698709@github.com>
In-Reply-To: <quicwg/base-drafts/issues/597@github.com>
References: <quicwg/base-drafts/issues/597@github.com>
Subject: Re: [quicwg/base-drafts] Connection abort during handshake (#597)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59379becda8e4_3d1f3fdb38803c2c303ad"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: chocis
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/kqoX3E4bNklwIjNB1D5RDwwWGNc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 06:23:44 -0000

Well thats why I think this is another reason for using Server Stateless Retry, which returns client's selected random packet number and can be validated by client. It would be hard for attacker to guess that value (2^31).
But protecting against that when server can change CID in ServerCleartext in current design doesn't seem to be possible.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/597#issuecomment-306698709

v2.31.3 | Report a Bug | By Email | System Status