IETF Logo Mail Archive

Re: [quicwg/base-drafts] Stateless Reset packet sizes should not depend on the maximum connection ID length (#2869)

ianswett <notifications@github.com> Tue, 02 July 2019 22:51 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A703E120128 for <quic-issues@ietfa.amsl.com>; Tue, 2 Jul 2019 15:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fbUx4RI_L8l7 for <quic-issues@ietfa.amsl.com>; Tue, 2 Jul 2019 15:51:37 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C23701200F6 for <quic-issues@ietf.org>; Tue, 2 Jul 2019 15:51:36 -0700 (PDT)
Date: Tue, 02 Jul 2019 15:51:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1562107895; bh=anhdESLLCTyCqy6tUo89h7Y2Pjx71/KDlSGWbKGQ3AI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wKSbFWfoPaFfpF5JWWn5vo5ziuuoZ09z5MN8Y94oFAiC+ZFhpne1yRSeYaZKO8FT5 gIpJy+9uynWG9De1ipgz1eXseutWMAsTGiSTbqMfhP/w6ueSzCin1KNFTW5b18AgXj vR311Z9NI0afj0ppc2xVH+82S0rwESU9+aAxILB8=
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYSFBTP4AHKHLEK6XN3FEJHPEVBNHHBXHYKMI@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2869/507873146@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2869@github.com>
References: <quicwg/base-drafts/issues/2869@github.com>
Subject: Re: [quicwg/base-drafts] Stateless Reset packet sizes should not depend on the maximum connection ID length (#2869)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d1bdff78b50c_18ba3fdf9c6cd96c15274c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/lpo1bhTZJLF7n4D-JStmaCD0i8c>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 22:51:39 -0000

The goal is not to avoid the attacker dropping the packet(I'm not sure what other type of interference is possible here?).  If they can do that, they can drop all packets and that's likely even worse.  The goal is to ensure the packet can't be reliably identified as a stateless reset, which is a much lower bar.

As I stated on #2770, if the client wants to ensure it's reset is always large enough to be indistinguishable, it needs to send a packet size that's one byte larger than the smallest packet it expects to receive.  Typically, this is a no-op for the client, so compliance is trivial.

No matter what happens, a server may send a stateless reset in response to any QUIC packet that's large enough to be valid, and it's not sensible to try to prevent a server from doing that.

Even if the packet is smaller than other packets, it's just odd, not invalid, as David said.

If we don't do this, I fear clients will increase their effective minimum packet size substantially, which is a cost everyone has to bear, when a large number of clients will use 0 byte CIDs.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2869#issuecomment-507873146

v2.23.0 | Report a Bug | By Email