Re: [quicwg/base-drafts] Connection migration failure mode (#1278)
erickinnear <notifications@github.com> Tue, 06 November 2018 03:14 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED17130DD9 for <quic-issues@ietfa.amsl.com>; Mon, 5 Nov 2018 19:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OOSD-f5GZYyK for <quic-issues@ietfa.amsl.com>; Mon, 5 Nov 2018 19:14:03 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4F6130DD1 for <quic-issues@ietf.org>; Mon, 5 Nov 2018 19:14:02 -0800 (PST)
Date: Mon, 05 Nov 2018 19:14:01 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1541474041; bh=wFqpOsOFE0BbwhsxFcBJHG7piaHQQHcuNQtH3K84+zo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=GMZGnJqM8WFT7ta2CIxyrxY9bwlNB2myDcDXHT+J/Xr8mDTCDxEh0ntUORSsJylrE Vx3WAx83eKzlQUJT9rHjFd8RWLOdI4D4A9Hs8vhHGBYGBD03YDd/eh+gFl400ui5uK pS4JSB6cwDHJqEfTRsL5FZabWJnh5hpKuNLn1n0U=
From: erickinnear <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab3909be27e9756d2022fd9f92d9009b5b7bc650a992cf0000000117f8c8f992a169ce129ff705@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1278/436117121@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1278@github.com>
References: <quicwg/base-drafts/issues/1278@github.com>
Subject: Re: [quicwg/base-drafts] Connection migration failure mode (#1278)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5be106f979455_b7f3fa3676d45bc174554"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/u8O8CUUEwI4uMxwRRVFUMvABwYA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 03:14:05 -0000
One of the things that was really nice about uninitiated migration (such as NAT rebinding) generating PATH_CHALLENGE frames was that the endpoint has a potential indication that something like a rebinding may have occurred. I *think* that we allowed the endpoint to omit PATH_CHALLENGE when switching back to the "old" path for cases like these where a packet may have been raced or otherwise interfered with by an attacker, but perhaps we should always require it, which would cover this case as well. That still doesn't necessarily cover the case where an attacker can race both a path challenge and a path response, but at some point they're on path and forwarding your packets. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1278#issuecomment-436117121
- Re: [quicwg/base-drafts] Connection migration fai… Martin Thomson
- [quicwg/base-drafts] Connection migration failure… Martin Thomson
- Re: [quicwg/base-drafts] Connection migration fai… janaiyengar
- Re: [quicwg/base-drafts] Connection migration fai… Martin Thomson
- Re: [quicwg/base-drafts] Connection migration fai… erickinnear
- Re: [quicwg/base-drafts] Connection migration fai… erickinnear
- Re: [quicwg/base-drafts] Connection migration fai… MikkelFJ
- Re: [quicwg/base-drafts] Connection migration fai… Martin Thomson