Re: [quicwg/base-drafts] Connection ID lengths 1, 2 and 3 bytes can't be encoded (#1570)
Kazuho Oku <notifications@github.com> Wed, 08 August 2018 04:35 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 779DD12F1AB for <quic-issues@ietfa.amsl.com>; Tue, 7 Aug 2018 21:35:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ie0ZaEtsUCwa for <quic-issues@ietfa.amsl.com>; Tue, 7 Aug 2018 21:35:14 -0700 (PDT)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD831286E3 for <quic-issues@ietf.org>; Tue, 7 Aug 2018 21:35:14 -0700 (PDT)
Date: Tue, 07 Aug 2018 21:35:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1533702912; bh=2W09X6fb3l89IobmijDzz1VFd7wFTHCyWN9lkN1TKOU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AcJ/lOfDfofkWe1M9GKhiiFPam/Z3TzXu4y4l29Vp0+Lic5yxBSRPA4b+xZI/cESP 27XQXz32OvAxj6vOa1pBTMaI+U1/ppPKPEQGb7SAO3Jo5VsmRu/OAuv9EzP32S1+Ys CdSNCdqtkKsXRJ9mnXcnFQqFjG++ENfWOsiigF1A=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abb9d3979219b08d8f419e64a0620fa34c8096162392cf000000011782350092a169ce14587666@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1570/411282149@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1570@github.com>
References: <quicwg/base-drafts/issues/1570@github.com>
Subject: Re: [quicwg/base-drafts] Connection ID lengths 1, 2 and 3 bytes can't be encoded (#1570)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b6a7300acc39_1b703ffb908be61c2466a3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/sFD5O1V6Qns3er1C9vskePQS-dc>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2018 04:35:17 -0000
In addition to what @martinthomson has pointed out, I would like to note that it is possible to implement a deterministic approach for shorter CIDs (e.g. 4 octets). One way is to let the endpoint track the CIDs for which it has generated a stateless reset, and rotate the reset key when the size of the tracked CIDs exceeds certain threshold, at the same time enforcing the active clients to switch to new CIDs (so that they can be reset using a stateless reset generated by the new key). You can use a probablistic structure (e.g. bloom filter) to track the CIDs for which stateless resets has been generated. However, my understanding is that such approach does not work well for very short CIDs (e.g. 1 octet), because when under attack, the number space will be consumed by the attacker faster than clients migrate to new CIDs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1570#issuecomment-411282149
- [quicwg/base-drafts] Connection ID lengths 1, 2 a… Marten Seemann
- Re: [quicwg/base-drafts] Connection ID lengths 1,… janaiyengar
- Re: [quicwg/base-drafts] Connection ID lengths 1,… MikkelFJ
- Re: [quicwg/base-drafts] Connection ID lengths 1,… ekr
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Martin Thomson
- Re: [quicwg/base-drafts] Connection ID lengths 1,… MikkelFJ
- Re: [quicwg/base-drafts] Connection ID lengths 1,… janaiyengar
- Re: [quicwg/base-drafts] Connection ID lengths 1,… ekr
- Re: [quicwg/base-drafts] Connection ID lengths 1,… ianswett
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Kazuho Oku
- Re: [quicwg/base-drafts] Connection ID lengths 1,… MikkelFJ
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Martin Thomson
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Kazuho Oku
- Re: [quicwg/base-drafts] Connection ID lengths 1,… MikkelFJ
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Kazuho Oku
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Mike Bishop
- Re: [quicwg/base-drafts] Connection ID lengths 1,… Martin Thomson