Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Martin Thomson <notifications@github.com> Thu, 13 June 2019 00:53 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C55120164 for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 17:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.605
X-Spam-Level:
X-Spam-Status: No, score=-6.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GKWVkHYxyvjG for <quic-issues@ietfa.amsl.com>; Wed, 12 Jun 2019 17:53:44 -0700 (PDT)
Received: from out-20.smtp.github.com (out-20.smtp.github.com [192.30.252.203]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F07CF1200A1 for <quic-issues@ietf.org>; Wed, 12 Jun 2019 17:53:43 -0700 (PDT)
Date: Wed, 12 Jun 2019 17:53:43 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1560387223; bh=W/phOJSB959uDhtGFTKkLHpQ8GcNH53HOfdrDpxG1wM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NpgQWnRnz7ZiH7o1ENj8cvXG0/gtw3m8WiIlk/3vyNNo2F0uOm5sVZbBCvmPSDgEv kfAAZVR3H1yWWM/shS4dreP93t9dowE6z2hgG9sqW+ZHK8SIRoGHnb7nNxG9TEuOYT vrP/3mG3t2JlV1zf32uixetbJ7xu1XoFt05gRqDY=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5YSRLB7NVPS4MTGQN3B3IRNEVBNHHBWJFGY4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2785/501507550@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2785@github.com>
References: <quicwg/base-drafts/issues/2785@github.com>
Subject: Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d019e97dc2_1f4a3f94746cd96c873c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/pkDQ90h009gV4epiZgLWrOW0rlA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 00:53:46 -0000
@MikeBishop's analysis is entirely correct. I don't think that we should put in rules to prevent self-harm through idiocy. And this is definitely a case of that. An endpoint that forgets a CID when the associated SRT is active only hurts themselves. The text is sufficient as it stands. A prohibition won't prevent implementations from doing dangerous things. As it stands, you need to take extraordinary steps to put yourself in position to mess this up. The construction @kazuho describes is a totally sensible one, but it is very hard to forget connection IDs with that scheme. More relevant to this, the SRT construction process described in the spec won't have this problem. What exactly do you think this prohibition will achieve? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2785#issuecomment-501507550
- [quicwg/base-drafts] Disallow reuse of stateless … David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… Mike Bishop
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Kazuho Oku
- Re: [quicwg/base-drafts] Disallow reuse of statel… Marten Seemann
- Re: [quicwg/base-drafts] Disallow reuse of statel… MikkelFJ
- Re: [quicwg/base-drafts] Disallow reuse of statel… David Schinazi
- Re: [quicwg/base-drafts] Disallow reuse of statel… MikkelFJ
- Re: [quicwg/base-drafts] Disallow reuse of statel… ianswett
- Re: [quicwg/base-drafts] Disallow reuse of statel… Mike Bishop
- Re: [quicwg/base-drafts] Disallow reuse of statel… Lars Eggert
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson
- Re: [quicwg/base-drafts] Disallow reuse of statel… Martin Thomson