IETF Logo Mail Archive

Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)

Martin Thomson <notifications@github.com> Tue, 09 January 2018 08:44 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96421126D74 for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 00:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.028
X-Spam-Level:
X-Spam-Status: No, score=-2.028 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yn-FXSGBi59G for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 00:43:59 -0800 (PST)
Received: from o9.sgmail.github.com (o9.sgmail.github.com [167.89.101.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D497124D85 for <quic-issues@ietf.org>; Tue, 9 Jan 2018 00:43:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=zalmOezoHDNxxj7d6HHxVgDzJow=; b=vU8gUHVwnHfjSogQ l8Rqnv3MgMKRzVFyBW/eFhIQSLWifTPMP29SkR7KSllyGwNyaLdonsPgvkpbFi/P g/HSozdfsc45mMWbDTLcKYz2dqpDtBA7prH1VWcK6L9Ggbs2/7lFo3EK9SOSdJbZ LC7kmUW1SrE2QPXAhQIa3YT/RR0=
Received: by filter0196p1las1.sendgrid.net with SMTP id filter0196p1las1-5564-5A5480CD-10 2018-01-09 08:43:57.510634185 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0022p1iad2.sendgrid.net (SG) with ESMTP id 2SjmHWCSTfyNo5sN2EI0yA for <quic-issues@ietf.org>; Tue, 09 Jan 2018 08:43:57.383 +0000 (UTC)
Date: Tue, 09 Jan 2018 08:43:57 +0000
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab3a053046c507db88dca1f134783bc7bf788f2d7792cf00000001166c42cd92a169ce111afff8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1043/review/87443861@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1043@github.com>
References: <quicwg/base-drafts/pull/1043@github.com>
Subject: Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a5480cd5516a_67a53fee7e700f382443b4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1cZHPl8l+S7Sxmzmzj+e+T9wuns+5eJ03d7a CEl1yBQSkdP3XWAIpBE5LsRH5TXURj0hkQDms4+9do2AacK+n/+ydKRpTiaBEfIjaW44p7BieMlrUB Leplt+m625gHl1DBLqOLTraNk6oDo+kHLDcr5AAP30ngLmU4B7kvKZn160XqFCEMupqD9Sr1OVEGtn c=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/n0e35voZ396UlvMv77rF7b8aDiI>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 08:44:01 -0000

martinthomson commented on this pull request.



> @@ -2377,8 +2386,11 @@ Unlike TCP SACKs, QUIC acknowledgements are irrevocable.  Once a packet has
 been acknowledged, even if it does not appear in a future ACK frame,
 it remains acknowledged.
 
-A client MUST NOT acknowledge Version Negotiation or Retry packets.  These
-packet types contain packet numbers selected by the client, not the server.
+A client MUST NOT acknowledge Version Negotiation or Retry packets.  Version
+Negotiation packets don't contain a packet number and Retry packets include the
+packet number from the Initial packet it responds to.  Rather than relying on
+ACK frames, these packets are implicitly acknowledged by the next Initial packet
+sent by the client.
 

We've discussed this previously.  Retry and Version Negotiation are necessarily smaller than the Initial packet that triggers them.  It would therefore be more efficient for the attacker to send its packets directly toward the victim.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1043#discussion_r160345135

v2.30.2 | Report a Bug | By Email | System Status