IETF Logo Mail Archive

Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)

Mike Bishop <notifications@github.com> Mon, 18 June 2018 18:18 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C868130E24 for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 11:18:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bXh8nLGj_cM7 for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 11:18:36 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6648E130E0D for <quic-issues@ietf.org>; Mon, 18 Jun 2018 11:18:36 -0700 (PDT)
Date: Mon, 18 Jun 2018 11:18:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529345915; bh=8I4TrRp5+zkeCkXIFKM/1tAdD7q4HWralNRhRv1VH2o=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Viye+cmYIemsiC5kylEmVzzwVPLyL0KCnt5EYm04MF2j6Ubb9j4xYtqCzv9kpyHwb kzbAtzXtMg4Ll9PDpx28W2Zx/FFux9uJ3LvwVhE/7RmV8OAFdQpVbNAFdaJ+nlepzJ kBZo2ubtC8o0DPw4/FMEX7riweXFNplla9mSNDWU=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab8ab06ba4c028ec07fd33e90384d26e669fd51ac392cf00000001173fb97b92a169ce13d69366@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1451/398147736@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1451@github.com>
References: <quicwg/base-drafts/issues/1451@github.com>
Subject: Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b27f77baa467_32003f7ecbbd8f881146a3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/qZmgXrTVgPoUFYYwHk9HSeWrHcs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jun 2018 18:18:39 -0000

@nibanks, if the DoS device sends two Retry packets, the client would ignore the second:

- Client sends Initial, stored token, SN = 0
- DoS device responds Retry, token A, SN = 1
- DoS device spuriously sends Retry, token B, SN = 1
- Client processes either Retry, sends new Initial with SN = 1 and token A or B
- Client receives other Retry, ignores because SN != 2.
- Server responds to the Initial with SN = 1 with a Retry, SN = 2
- Client processes Retry, sends another Initial with SN = 2, etc.

Ossification is definitely a concern; someone could come to expect that this field is always zero on the client's first packet.  Encryption would be preferable, but the point of this is to avoid doing decryption work on the server until it's reasonably confident that the client is genuine, so that's problematic.

However, GREASE is an option.  Nothing requires this to start at 0/1 -- client could randomize the value on the first Initial, simply checking that the server incremented.  If we permit wrapping when the server increments, all initial values are acceptable.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1451#issuecomment-398147736

v2.29.0 | Report a Bug | By Email | System Status