IETF Logo Mail Archive

Re: [quicwg/base-drafts] Defend against endless Stateless Reset ping-pong (#1627)

Kazuho Oku <notifications@github.com> Wed, 01 August 2018 07:18 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FB26130E02 for <quic-issues@ietfa.amsl.com>; Wed, 1 Aug 2018 00:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.109
X-Spam-Level:
X-Spam-Status: No, score=-6.109 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omRBR4Hl1CHs for <quic-issues@ietfa.amsl.com>; Wed, 1 Aug 2018 00:18:04 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B14D512F1A5 for <quic-issues@ietf.org>; Wed, 1 Aug 2018 00:18:04 -0700 (PDT)
Date: Wed, 01 Aug 2018 00:18:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1533107883; bh=jVt2i2Wat3hyrpR1pJ6ur1/KefN+/UeJxVM615kS1V0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ocpiTNTmk2UaU0dnak6WPPMvLhvf6kV824ljM+RZ9y6iYgpLeXkprxvg51CvoSjcn uxPnxQ6XOP+MW+dWuyC3hd0sLm/irXUNv2Bg6OruXXdw00T/qqlwwAc6jKpzTVdVA4 QEhfZrVJT+g34LLQFrv63sPIL7XYGgebha+Y/brU=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abe654b7e2c27a182091243ac60f5ed51f612b073892cf00000001177920ab92a169ce14a6c47a@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1627/review/142252667@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1627@github.com>
References: <quicwg/base-drafts/pull/1627@github.com>
Subject: Re: [quicwg/base-drafts] Defend against endless Stateless Reset ping-pong (#1627)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b615eabda9c7_22743fc3738be61c91570"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/rEitoeTWO3OE328ud_POBgGtCOI>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2018 07:18:08 -0000

kazuho commented on this pull request.



> @@ -2669,7 +2671,36 @@ the same static key (see {{reset-oracle}}).  A connection ID from a connection
 that is reset by revealing the Stateless Reset Token cannot be reused for new
 connections at nodes that share a static key.
 
-Note that Stateless Reset messages do not have any cryptographic protection.
+Note that Stateless Reset packets do not have any cryptographic protection.
+
+
+#### Looping {#reset-looping}
+
+The design of a Stateless Reset is such that it is indistinguishable from a
+valid packet.  This means that a Stateless Reset might trigger the sending of a
+Stateless Reset in response, which could lead to infinite exchanges.  An
+endpoint MUST use any one of the following measures to limit the sending of
+Stateless Reset:
+
+* An endpoint can remember the number of Stateless Reset packets that it has
+  sent and stop generating new Stateless Reset packets once a limit is reached.
+  Using separate limits for different remote addresses will ensure that

Would it make sense to suggest "using separate limits" for different DCIDs of the incoming packets in addition to "remote addresses"?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1627#pullrequestreview-142252667

v2.37.1 | Report a Bug | By Email | System Status