[quicwg/base-drafts] 2fc515: Authenticate connection IDs

Martin Thomson <noreply@github.com> Mon, 18 May 2020 00:53 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6C0B3A00D8 for <quic-issues@ietfa.amsl.com>; Sun, 17 May 2020 17:53:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1toq7eDxCmA for <quic-issues@ietfa.amsl.com>; Sun, 17 May 2020 17:53:54 -0700 (PDT)
Received: from out-9.smtp.github.com (out-9.smtp.github.com [192.30.254.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24C083A00C9 for <quic-issues@ietf.org>; Sun, 17 May 2020 17:53:54 -0700 (PDT)
Received: from github-lowworker-ca5950c.va3-iad.github.net (github-lowworker-ca5950c.va3-iad.github.net [10.48.17.57]) by smtp.github.com (Postfix) with ESMTP id 94CE7260405 for <quic-issues@ietf.org>; Sun, 17 May 2020 17:53:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1589763233; bh=effF8CTgtqqtbZnc53Eraoxeq31Lb40KlZfxw2QFYCg=; h=Date:From:To:Subject:From; b=Xyv9EMq2IgozUXblsq4UwQqno+8CjHyQxLbJgiGKAdibhJ6fp/pe4X0RGQM4b/6G/ qr6FLMeFU04pnpkR8k+TDI/Ay+tTHTnwNFKd9sR0781C4qmghUaH9sqU2Ak9Mbs9Ev dBUThQbcGf6SttoZSfpAEV9vE+sf6Q20aCIAbt7c=
Date: Sun, 17 May 2020 17:53:53 -0700
From: Martin Thomson <noreply@github.com>
To: quic-issues@ietf.org
Message-ID: <quicwg/base-drafts/push/refs/heads/master/9b80e9-e8531a@github.com>
Subject: [quicwg/base-drafts] 2fc515: Authenticate connection IDs
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-Auto-Response-Suppress: All
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/tzyAOdaMWNp_3njPc7eHbPWZjP4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2020 00:53:56 -0000

  Branch: refs/heads/master
  Home:   https://github.com/quicwg/base-drafts
  Commit: 2fc5157ed013ae8f84f17e44409c42be87660feb
      https://github.com/quicwg/base-drafts/commit/2fc5157ed013ae8f84f17e44409c42be87660feb
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-11 (Wed, 11 Mar 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Authenticate connection IDs

This authenticates all of them.

Note that I have chosen to use position in the protocol (Source vs.
Destination) as opposed to who selects the values (client vs. server) as
the means of deciding where each lies.  This avoids regressing an
existing protocol characteristic.

This changes the definition of original_connection_id so that it is
mandatory for the server to include always.  A new
handshake_connection_id (which might be initial_connection_id, but I
think that's confusing) is also mandatory for both roles.  The
retry_connection_id is used when there is a Retry.

This is a granular encoding.  That means some additional bytes for the
types of transport parameters, but not so many as to be intolerable, I
think.  A single transport parameter, or a header on the transport
parameter encoding (as we used to have) might be slightly more
efficient, but offhand I think that the net saving would be at most 2
bytes, so I'm going with simple over small.

Closes #3439.


  Commit: 0560290f9041482293cea9cdd053d326345b735a
      https://github.com/quicwg/base-drafts/commit/0560290f9041482293cea9cdd053d326345b735a
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-11 (Wed, 11 Mar 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Review feedback from David and Martin


  Commit: beba71f8e874d803b9fb712312d62f769988d74d
      https://github.com/quicwg/base-drafts/commit/beba71f8e874d803b9fb712312d62f769988d74d
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-11 (Wed, 11 Mar 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Less text, more cross-reference


  Commit: efb4c78cb4f64b9a926382777700f964ec6c0d61
      https://github.com/quicwg/base-drafts/commit/efb4c78cb4f64b9a926382777700f964ec6c0d61
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-23 (Mon, 23 Mar 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  singular

Co-Authored-By: ianswett <ianswett@users.noreply.github.com>


  Commit: 41928cd80c885542633c0bd9898640850e51c69c
      https://github.com/quicwg/base-drafts/commit/41928cd80c885542633c0bd9898640850e51c69c
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-24 (Tue, 24 Mar 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  complete sentences.

Co-Authored-By: Mike Bishop <mbishop@evequefou.be>


  Commit: f44f24e94b3eae910909cdcc76b738792a6a0105
      https://github.com/quicwg/base-drafts/commit/f44f24e94b3eae910909cdcc76b738792a6a0105
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-03-24 (Tue, 24 Mar 2020)

  Changed paths:
    M .circleci/config.yml
    M .lint.py
    M draft-ietf-quic-http.md
    M draft-ietf-quic-invariants.md
    M draft-ietf-quic-recovery.md
    M draft-ietf-quic-tls.md
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Merge branch 'master' into authenticate-hs-cid


  Commit: c7a236086266f17ba091046840d6e3d1e58251fe
      https://github.com/quicwg/base-drafts/commit/c7a236086266f17ba091046840d6e3d1e58251fe
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-04-09 (Thu, 09 Apr 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Jana's suggestion from review

I'll need to reflow these...

Co-Authored-By: Jana Iyengar <jri.ietf@gmail.com>


  Commit: 6f5e5478139beb1f0d187c2ea58a7449098e7711
      https://github.com/quicwg/base-drafts/commit/6f5e5478139beb1f0d187c2ea58a7449098e7711
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-04-09 (Thu, 09 Apr 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Reformat


  Commit: 8cec1c293b280b20329837cf4528187480986ba3
      https://github.com/quicwg/base-drafts/commit/8cec1c293b280b20329837cf4528187480986ba3
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-04-09 (Thu, 09 Apr 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Rename to initial_connection_id


  Commit: b0ef978e1e2451acc6db7857698b141c4e7cad29
      https://github.com/quicwg/base-drafts/commit/b0ef978e1e2451acc6db7857698b141c4e7cad29
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-04-09 (Thu, 09 Apr 2020)

  Changed paths:
    M draft-ietf-quic-http.md
    M draft-ietf-quic-recovery.md

  Log Message:
  -----------
  Merge branch 'master' into authenticate-hs-cid


  Commit: e2f2b33800cb09add5e185e09f1512ef71e86099
      https://github.com/quicwg/base-drafts/commit/e2f2b33800cb09add5e185e09f1512ef71e86099
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-04-14 (Tue, 14 Apr 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Restore active_connection_id_limit


  Commit: e30cf5fc52da2f7958901fbdf5bcbec920a60d71
      https://github.com/quicwg/base-drafts/commit/e30cf5fc52da2f7958901fbdf5bcbec920a60d71
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-11 (Mon, 11 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Editorial comments thanks to @DavidSchinazi

There are a bunch of things here, but mostly this is just a
transcription of the helpful suggestions.

I have also renamed the parameters.


  Commit: 81bcdb67d85d953aca7ae378b1f2e4c6a4744578
      https://github.com/quicwg/base-drafts/commit/81bcdb67d85d953aca7ae378b1f2e4c6a4744578
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-http.md
    M draft-ietf-quic-invariants.md
    M draft-ietf-quic-qpack.md
    M draft-ietf-quic-recovery.md
    M draft-ietf-quic-tls.md
    M draft-ietf-quic-transport.md
    R workflow.xml

  Log Message:
  -----------
  Merge branch 'master' into authenticate-hs-cid


  Commit: 740cd920d57433273a5dbc74b7fb9a276f6c84bc
      https://github.com/quicwg/base-drafts/commit/740cd920d57433273a5dbc74b7fb9a276f6c84bc
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Add a picture

This new figure shows the complete set of messages that determine the
connection ID that each peer uses.  The explanation describes how the
connection IDs in those messages are included in transport parameters.

Hopefully this aids in understanding how this is put together.  It's not
complicated, but it's not necessarily clear from reading a set of rules
that this is the case.


  Commit: 6c046207932beb402d293fc5b2c37180995e0dba
      https://github.com/quicwg/base-drafts/commit/6c046207932beb402d293fc5b2c37180995e0dba
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-invariants.md
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Merge branch 'master' into authenticate-hs-cid


  Commit: 6ae7f18bfb4052e352d91c2f95715867b41d2582
      https://github.com/quicwg/base-drafts/commit/6ae7f18bfb4052e352d91c2f95715867b41d2582
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Use a more generic reference


  Commit: fee4020ce6d9aaa9bbee74a51424701ca98bbf44
      https://github.com/quicwg/base-drafts/commit/fee4020ce6d9aaa9bbee74a51424701ca98bbf44
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Correct a few more errors


  Commit: 27dfb6973f76c27fee090c001b6f82427b463806
      https://github.com/quicwg/base-drafts/commit/27dfb6973f76c27fee090c001b6f82427b463806
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-12 (Tue, 12 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Fewer words


  Commit: 62103ceb9ff5b87b2717bea1af6ff64cff1a989e
      https://github.com/quicwg/base-drafts/commit/62103ceb9ff5b87b2717bea1af6ff64cff1a989e
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-18 (Mon, 18 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Only valid packets change this state

Co-authored-by: ekr <ekr@rtfm.com>


  Commit: e8531a05f0aa5fb25d3686695600c291cb2d737f
      https://github.com/quicwg/base-drafts/commit/e8531a05f0aa5fb25d3686695600c291cb2d737f
  Author: Martin Thomson <mt@lowentropy.net>
  Date:   2020-05-18 (Mon, 18 May 2020)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Merge pull request #3499 from quicwg/authenticate-hs-cid

Authenticate connection IDs


Compare: https://github.com/quicwg/base-drafts/compare/9b80e966caf6...e8531a05f0aa