IETF Logo Mail Archive

Re: [quicwg/base-drafts] Stateless reset comparisons (constant time/any order/datagram) (#2993)

Jana Iyengar <notifications@github.com> Tue, 15 October 2019 18:00 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D50AA120046 for <quic-issues@ietfa.amsl.com>; Tue, 15 Oct 2019 11:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4SkR0UMULnOF for <quic-issues@ietfa.amsl.com>; Tue, 15 Oct 2019 11:00:51 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5287120020 for <quic-issues@ietf.org>; Tue, 15 Oct 2019 11:00:51 -0700 (PDT)
Date: Tue, 15 Oct 2019 11:00:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1571162450; bh=6fRikJA/1frsxtW0QSBqIVpn2ZYrfN+3GKTvJ8Rgwgk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=dgbdp7mWh90t/Y+Nm3mDI+S8mhYsZrj6B6Q9rte3apg0ee2Ll2IHBZXy0xDImHmGq q9YJxUsAP07iQxyK8f4vQteK2iRd12FVMVfcGTs/vtbTv6hP6yXvDOwbjx5XQewF2z xFWo3KzfrKnzTRfKz4vPD0uVb0cNx5jjVJ/qf0m0=
From: Jana Iyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6LH26URFVWSPWGRPF3WNE6FEVBNHHBZ4IYAM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2993/review/302093897@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2993@github.com>
References: <quicwg/base-drafts/pull/2993@github.com>
Subject: Re: [quicwg/base-drafts] Stateless reset comparisons (constant time/any order/datagram) (#2993)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5da609529a20c_78663fd34b0cd95c442381"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/np2dsAVEseF7l68VFiwkSr0ainY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 18:00:54 -0000

janaiyengar commented on this pull request.



> -An endpoint detects a potential stateless reset when an incoming packet either
-cannot be associated with a connection, cannot be decrypted, or is marked as a
-duplicate packet.  The endpoint MUST then compare the last 16 bytes of the
-packet with all Stateless Reset Tokens that are associated with connection IDs
-that the endpoint recently used to send packets from the IP address and port on
-which the datagram is received.  This includes Stateless Reset Tokens from
-NEW_CONNECTION_ID frames and the server's transport parameters.  An endpoint
-MUST NOT check for any Stateless Reset Tokens associated with connection IDs it
-has not used or for connection IDs that have been retired.
-
-If the last 16 bytes of the packet values are identical to a Stateless Reset
+An endpoint detects a potential stateless reset using the trailing 16 bytes of
+the UDP datagram.  The endpoint compares the last 16 bytes of the datagram with
+all Stateless Reset Tokens that are associated with connection IDs that the
+endpoint recently used to send packets from the IP address and port on which the
+datagram is received.

To detect stateless resets, an endpoint remembers all Stateless Reset Tokens along with the associated connection IDs and the corresponding IP address and port that it recently used to send packets. The endpoint detects a received packet as a stateless reset by comparing the last 16 bytes of a received datagram with Stateless Reset Tokens that are associated with the IP address and port on which the datagram was received.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2993#pullrequestreview-302093897

v2.30.2 | Report a Bug | By Email | System Status