IETF Logo Mail Archive

Re: [quicwg/base-drafts] Mandate the use of short header for stateless reset (#2600)

Jana Iyengar <notifications@github.com> Wed, 10 April 2019 01:11 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D03061200C7 for <quic-issues@ietfa.amsl.com>; Tue, 9 Apr 2019 18:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Level:
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-sgSJWqp7sy for <quic-issues@ietfa.amsl.com>; Tue, 9 Apr 2019 18:11:02 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0165212000F for <quic-issues@ietf.org>; Tue, 9 Apr 2019 18:11:02 -0700 (PDT)
Date: Tue, 09 Apr 2019 18:11:00 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1554858660; bh=tsh7OPjyuTUbSdXVLjrmmsyXGk4xW8jLjvaBLekjapY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=2LoQfL+f414GEzVdl9v+pDNDnZDTUFbHAYXZHJ/tuMKpFaPMj0QXdeBZN4vWdnJ08 Lm9K4AgPjZk5KnYbFDOlJo47vas7MW3SxG0a+uiJMNMt33pqYNbpBy8Ct4Bop1LQAS z8Rqtc4KP41i1B4TseHvfnGeBj1cdJahrqYi/soI=
From: Jana Iyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abd827dcee1ef9f9925a8426893e7e23e2bb40985e92cebaba752492a169ce19b40a7d@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2600/review/224721125@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2600@github.com>
References: <quicwg/base-drafts/pull/2600@github.com>
Subject: Re: [quicwg/base-drafts] Mandate the use of short header for stateless reset (#2600)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cad42a4eb870_13cf3fe6204d45b88119b4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/xNfUItDodwX55Ho6b9PHoLsL8SY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 01:11:04 -0000

janaiyengar commented on this pull request.



> @@ -2391,13 +2391,17 @@ the packet other than the last 16 bytes for carrying data.
 
 ### Detecting a Stateless Reset
 
-An endpoint detects a potential stateless reset when a incoming packet
-with a short header either cannot be associated with a connection,
-cannot be decrypted, or is marked as a duplicate packet.  The endpoint
-then compares the last 16 bytes of the packet with the Stateless Reset
-Token provided by its peer, either in a NEW_CONNECTION_ID frame or
-the server's transport parameters.  If these values are identical,
-the endpoint MUST enter the draining period and not send any further
+An endpoint detects a potential stateless reset when an incoming packet either
+cannot be associated with a connection, cannot be decrypted, or is marked as a
+duplicate packet.  The endpoint MUST then compare the last 16 bytes of the

Why MUST? SHOULD seems adequate here. A strawman argument is that an endpoint might choose to not use this if there are too many connections. I don't have a strong opposition, but I'd like to hear your rationale.

> @@ -2391,13 +2391,17 @@ the packet other than the last 16 bytes for carrying data.
 
 ### Detecting a Stateless Reset
 
-An endpoint detects a potential stateless reset when a incoming packet
-with a short header either cannot be associated with a connection,
-cannot be decrypted, or is marked as a duplicate packet.  The endpoint
-then compares the last 16 bytes of the packet with the Stateless Reset
-Token provided by its peer, either in a NEW_CONNECTION_ID frame or
-the server's transport parameters.  If these values are identical,
-the endpoint MUST enter the draining period and not send any further
+An endpoint detects a potential stateless reset when an incoming packet either
+cannot be associated with a connection, cannot be decrypted, or is marked as a
+duplicate packet.  The endpoint MUST then compare the last 16 bytes of the
+packet with all Stateless Reset Tokens that are associated with connection IDs
+that are currently in use.  This includes Stateless Reset Tokens from

Yeah agreed. You could say something like "candidate connections, such as those on the same IP and port as the received packet."

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2600#pullrequestreview-224721125

v2.23.0 | Report a Bug | By Email