[quicwg/base-drafts] 6f9f8d: Curtail CONNECTION_CLOSE for small Initial

Martin Thomson <noreply@github.com> Mon, 09 December 2019 04:07 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5765A1200CC for <quic-issues@ietfa.amsl.com>; Sun, 8 Dec 2019 20:07:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id o8agCJV94zAs for <quic-issues@ietfa.amsl.com>; Sun, 8 Dec 2019 20:07:39 -0800 (PST)
Received: from out-23.smtp.github.com (out-23.smtp.github.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF94A12004A for <quic-issues@ietf.org>; Sun, 8 Dec 2019 20:07:38 -0800 (PST)
Date: Sun, 08 Dec 2019 20:07:38 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575864458; bh=WeA60Wl75P+1H7lSuAHMh88fVH6Te5O9CW8vpXYQfe8=; h=Date:From:To:Subject:From; b=nVKQ9TTO4Hi+oxbg0drp/SroBSzzHe3Xh0KVc84K9K3kwKCT3+nr06EEyEn/oTtqm modOQUkNTfiRuj5oxcbJrSOwrZxGOlTe5Lx3CUG/IVHql5D89rSViIf+hOc5wpGuAK q2Xi0CiQJMZi4gTEDY/gKn9m9fJFYo5TTJA5SvuY=
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/close-small-initial/000000-6f9f8d@github.com>
Subject: [quicwg/base-drafts] 6f9f8d: Curtail CONNECTION_CLOSE for small Initial
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ksAGg6JlvHdbR_nhY7RbGyK6vN8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 04:07:40 -0000

  Branch: refs/heads/close-small-initial
  Home:   https://github.com/quicwg/base-drafts
  Commit: 6f9f8d7ffca4eed3373bb9f64261f85fd5f76b1a
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2019-12-09 (Mon, 09 Dec 2019)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  Curtail CONNECTION_CLOSE for small Initial

This is trickier than I had imagined.  Sending CONNECTION_CLOSE is
probably fine, but it's harder to do this correctly now.  You can't just
send an unauthenticated CONNECTION_CLOSE because that might disrupt a
real connection.  So there are two goals in tension:

1. Don't kill an active connection (attempt) unnecessarily.

2. Provide feedback about errors.

The observation is that an attacker can disrupt connections by eliciting
a CONNECTION_CLOSE, so feedback naturally leads to an exposure to a DoS
attack.  That's unfortunate, but we have established that we don't care
about DoS by an on-path attacker prior to handshake completion.
Anything we do here has got to be best effort.

DoS prevention would say that you just discard junk, and that is
probably the right answer.  But we have a number of cases where the
robustness of the system depends on getting feedback.

Either way, we agreed to allow CONNECTION_CLOSE in Initial, so the
exposure exists anyway.  So this contains advice.  Maybe too much
advice, but I thought that I'd see what people thought.

Closes #3269.