IETF Logo Mail Archive

Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)

Martin Thomson <notifications@github.com> Tue, 09 January 2018 08:42 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08D0124D85 for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 00:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dor7AiRSaxSR for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 00:42:56 -0800 (PST)
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2-ext3.iad.github.net [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB9F1120454 for <quic-issues@ietf.org>; Tue, 9 Jan 2018 00:42:56 -0800 (PST)
Date: Tue, 09 Jan 2018 00:42:56 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1515487376; bh=Wo1aPIGfEtTShFFIig1k/eBgP2TAAzyfGuMafIND4+M=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=GjSb1M6kzuZ10UcuONrhCFSvSEGnOo+1wuhm1Zb2HEY18/1X1Xyxkqgr7sEzAkLIN 4a1TeHZCRirwwgKJMpLecAd+65R1bLcGYlmQ6z8PMdO57Yv7ahYhEExs1pi55L5VqX 23vGIw0w2mPbeo8HDve/E/JKydJcq9J8niy+F6Tc=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab111eec33688d0c6f85384ff234a0bd5489dac22e92cf00000001166c429092a169ce111afff8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1043/review/87443637@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1043@github.com>
References: <quicwg/base-drafts/pull/1043@github.com>
Subject: Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a548090a837_2f502ae20e3baec835057a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/q-gWlOWpzoEMwzQQXahOplDNER8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 08:42:59 -0000

martinthomson commented on this pull request.



> -indistinguishable from random. The packet number gap for a connection
-ID with sequence number is computed by encoding the sequence number
-as a 32-bit integer in big-endian format, and then computing:
-
-~~~
-Gap = HKDF-Expand-Label(packet_number_secret,
-                        "QUIC packet sequence gap", sequence, 4)
-~~~
-
-The output of HKDF-Expand-Label is interpreted as a big-endian
-number. "packet_number_secret" is derived from the TLS key exchange,
-as described in Section 5.6 of {{QUIC-TLS}}.
+connection ID provided by the server.  Using a new connection ID will produce a
+new packet protection key and IV.  New values for obscuring header fields (see
+{{header-obscuring}}) ensure that packet numbers can't be used to link activity
+on paths that use different connection IDs.
 

It can't be optional if it is to be interoperable.

I'm not sure which point Ian was making.  If you lose connection ID and the address tuple changes, you are lost, but either of those can be enough to recover.  The address tuple is only sufficient if the server isn't routing based on connection ID though, and we expect that to be quite common.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1043#discussion_r160344942

v2.30.2 | Report a Bug | By Email | System Status