IETF Logo Mail Archive

Re: [quicwg/base-drafts] Change connection ID with Transport Parameters (#1041)

ianswett <notifications@github.com> Tue, 09 January 2018 15:01 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE39128959 for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 07:01:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOaBLUO72pXi for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 07:01:42 -0800 (PST)
Received: from o3.sgmail.github.com (o3.sgmail.github.com [192.254.112.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6394A126C0F for <quic-issues@ietf.org>; Tue, 9 Jan 2018 07:01:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=V2w5gfd1Fa+KgxEbUPswqSO6zk0=; b=AvpTgObIgR1mV2km bSX2yCIGtUP+MoE9M2D191vUe+o7ywCZL4j3GfbTtT3ygXgG9dlK/9OI0ZMZzIN/ wtpz05KTqpq5k/ui2sI4nTCevTMutX5txOfcjtloo55zN42xztaHbrsygqnYkcUu 8nS1wSCwP6iGSSo3wjrO3pZ/saM=
Received: by filter0359p1las1.sendgrid.net with SMTP id filter0359p1las1-30489-5A54D953-3E 2018-01-09 15:01:39.966196429 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0005p1iad2.sendgrid.net (SG) with ESMTP id CN8u6Wn7QRmetQv8QUdpHw for <quic-issues@ietf.org>; Tue, 09 Jan 2018 15:01:39.817 +0000 (UTC)
Date: Tue, 09 Jan 2018 15:01:40 +0000
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab80a6816651c5fb121d9150a3ead591393521997592cf00000001166c9b5392a169ce111aa501@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1041/c356308755@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1041@github.com>
References: <quicwg/base-drafts/pull/1041@github.com>
Subject: Re: [quicwg/base-drafts] Change connection ID with Transport Parameters (#1041)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a54d953bfbd7_687e2b18fde26ecc167389"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak05CFNTZZaCYQ7qwlJLJ76rJ88AgJ+c2tJKy9 3wM9wP/TkBuAaEwZp5aGh9hJw8QkKHSlYejRBfbsBjwSju9MfKAqDguIEsbOAvwzL3UDNpOyDLoMa/ AkDu+e2WwPmIFBL3KtcA4Zxl+nUwUVRBJ75/ig2jIKXZaRiorK5BKOm1jZ4wXi9PTL6WdjsXfOLFW4 Y=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/q7tcvWyZIc0v48oab6zHkEI8ols>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 15:01:49 -0000

One other concern about NEW_CONNECTION_ID is that the stateless retry is part of the TLS transcript, and so if the server chosen connection ID is in transport params, the handshake will fail at the end if the connection ID is changed.  I'm not sure why an attacker would want to insert a NEW_CONNECTION_ID frame in this context, but I think it would be impossible for the client to detect that it had occurred?

But if that's not an issue or we don't care, then NEW_CONNECTION_ID is workable.

My core goals are to solve the specified issues.  I do think it's better to have the client be the first to use the new connection ID.  The approach of the server suddenly changing the connection ID is very odd and as discussed, causes problems with multiple simultaneous handshakes.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1041#issuecomment-356308755

v2.30.2 | Report a Bug | By Email | System Status