IETF Logo Mail Archive

Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)

Marten Seemann <notifications@github.com> Tue, 09 January 2018 09:41 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29CE91270A0 for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 01:41:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.028
X-Spam-Level:
X-Spam-Status: No, score=-2.028 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6RSICZl7_K2 for <quic-issues@ietfa.amsl.com>; Tue, 9 Jan 2018 01:41:34 -0800 (PST)
Received: from o1.sgmail.github.com (o1.sgmail.github.com [192.254.114.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 732821270AE for <quic-issues@ietf.org>; Tue, 9 Jan 2018 01:41:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=tG3VCmKNcTzDYkR3eXAzsCWb/1Y=; b=gHUouSia8OZJ8BnP clawKD79TL6TRI0yV/Jp2d0NxZb8I4juHiGwNQsMCjZioBii7m0mHMgkYCMF+YJz cNGXDhk+h1t7UxzhQfqzb6Grq66zGAVeuDErT7aa4VF6gJMyPIOcqdH7dyeUPl2e SL6T0Bmj4h2a85kRvSvKvlyNvJo=
Received: by filter0403p1iad2.sendgrid.net with SMTP id filter0403p1iad2-2339-5A548E4A-D 2018-01-09 09:41:30.481900576 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0003p1iad1.sendgrid.net (SG) with ESMTP id qkqAdKcRT1amfl5GfaPXrQ for <quic-issues@ietf.org>; Tue, 09 Jan 2018 09:41:30.247 +0000 (UTC)
Date: Tue, 09 Jan 2018 09:41:30 +0000
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abbfb92657095a38d381b764092f467a8194f4e0d892cf00000001166c504a92a169ce111afff8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1043/review/87457182@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1043@github.com>
References: <quicwg/base-drafts/pull/1043@github.com>
Subject: Re: [quicwg/base-drafts] Mask packet numbers with a per-connection-ID key (#1043)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a548e4a26e99_12182ae0edf52ec478114"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1H/YYbFwQ+fWwA6QBi2AnoQlFiY9mOrnfKan Dbz3wVLHaeqKQZ+A4wJ0ck1fF9yFHvzO1Zczil8piEOCRL2wHH4xHnWreq5d6L8dpYP5qIfOmKoHSm HbPHW77EDNcoPRrQhi8Nixz3nk1F7GDH9qXyQhYtWuCZUxCDk8r13wGEqY2nV/niixJYtsVlXOljYQ k=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/y-5PnHb8HJYU6YTnsWrkOjawyvs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2018 09:41:36 -0000

marten-seemann requested changes on this pull request.



> @@ -707,8 +710,8 @@ packets MUST use connection ID selected by the client.
 The packet number is an integer in the range 0 to 2^62-1. The value is used in
 determining the cryptographic nonce for packet encryption.  Each endpoint
 maintains a separate packet number for sending and receiving.  The packet number
-for sending MUST increase by at least one after sending any packet, unless
-otherwise specified (see {{initial-packet-number}}).
+for sending starts at zero for the first packet set and MUST increase by one
+after sending a packet.

As discussed in #1030, random packet number gaps still need to be permitted to defend against the optimistic ACK attack.
If we want to change the defense against this attack, I'd prefer to discuss this in a separate PR.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1043#pullrequestreview-87457182

v2.30.2 | Report a Bug | By Email | System Status