Re: [quicwg/base-drafts] Linkability with preferred_address usage (#3559)

Mike Bishop <notifications@github.com> Tue, 31 March 2020 19:59 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAF003A2ABB for <quic-issues@ietfa.amsl.com>; Tue, 31 Mar 2020 12:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=0.7, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXE_w5GsslFN for <quic-issues@ietfa.amsl.com>; Tue, 31 Mar 2020 12:59:45 -0700 (PDT)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFF233A2AB9 for <quic-issues@ietf.org>; Tue, 31 Mar 2020 12:59:44 -0700 (PDT)
Received: from github-lowworker-f1f7af9.ash1-iad.github.net (github-lowworker-f1f7af9.ash1-iad.github.net [10.56.111.13]) by smtp.github.com (Postfix) with ESMTP id E57872C0D46 for <quic-issues@ietf.org>; Tue, 31 Mar 2020 12:59:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1585684782; bh=Gy+FC0UxH+muqSxFvYai9p2KcGy99biZgewBlIFwXOQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MncEZaQYBvxO9U1vtZ84Usl4eDR+6A7hXob5fY3TRUg5l9xx4rgvnEL62L778kbcD 5YIcfKJnqTwyTmuZNkDqPL6okW1FDJmx9urgx+N/0J72p6IzOQWnKMuztfP5wD4kAY Ysd0wdOLT7yRrYxp96l5/r8OgzB7IG1a9HGT6f/A=
Date: Tue, 31 Mar 2020 12:59:42 -0700
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK3ABOV7NCV3QXJVVAN4R6BC5EVBNHHCGNJGZU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3559/606843287@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3559@github.com>
References: <quicwg/base-drafts/issues/3559@github.com>
Subject: Re: [quicwg/base-drafts] Linkability with preferred_address usage (#3559)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e83a12ed5a2e_574c3ff06d4cd9641277cb"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/oxiDwRnWe0lQuHmBQS2ZjxcSRB0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 19:59:47 -0000

A server that wants to defeat linkability always can.  Using `preferred_address`, a server could easily enough issue each client its own IPv6 address or, even with IPv4, a unique ephemeral port.  Even without it, a server could issue trivially linkable CIDs, disclose its CID key, etc.  So the goal is to reduce the chances that this happens accidentally, not to prevent it entirely.

We already decided not to prohibit active migration in the presence of zero-length CIDs, IIRC.  Given that, I think this is just a textual warning to be cautious in this circumstance.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3559#issuecomment-606843287