[quicwg/base-drafts] The packet number gap is overspecified (#1034)

Christian Huitema <notifications@github.com> Sat, 30 December 2017 20:22 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BCD1205F1 for <quic-issues@ietfa.amsl.com>; Sat, 30 Dec 2017 12:22:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.607
X-Spam-Level:
X-Spam-Status: No, score=-0.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jok4ZWJ3RkLs for <quic-issues@ietfa.amsl.com>; Sat, 30 Dec 2017 12:22:19 -0800 (PST)
Received: from o5.sgmail.github.com (o5.sgmail.github.com [192.254.113.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5C731201F2 for <quic-issues@ietf.org>; Sat, 30 Dec 2017 12:22:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=meFuiuCNJnUqVEmVz+mzOD/rIlU=; b=h4FV27x2YHHbiZX+ cNvJ3iKfWCjDLUzD/izvIc6/GvDMXpTipacDa+Tan8bkHxA5Zko+rfoGvw+RPqEu +mVR/gRLVJmLgbDcid+bu4hOE/5PJfYSkL7aVGSn1LZUpPvzEasWfAGExPQVTBHa 3QXKDzRDyne+UefR+ZutpcAeAv4=
Received: by filter0219p1las1.sendgrid.net with SMTP id filter0219p1las1-9778-5A47F578-15 2017-12-30 20:22:16.16816258 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0015p1iad2.sendgrid.net (SG) with ESMTP id IKx3tF-tSkGJ004_TtdLzA for <quic-issues@ietf.org>; Sat, 30 Dec 2017 20:22:16.117 +0000 (UTC)
Date: Sat, 30 Dec 2017 20:22:16 +0000
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab151caf41f2a1dc812ea80f80d3090df4adb6fe5992cf00000001165fb77892a169ce11002439@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1034@github.com>
Subject: [quicwg/base-drafts] The packet number gap is overspecified (#1034)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a47f578856a_10623fcebbd0ef345037f5"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1kpSsN2yIHQ45VU+kOFn6LoW5rpgDAOQZYDU XCJNf+mSS6SQihd+ywpoCS1S9CZ42qk+g7yFZ7Uy1QD3moK6pGNo/DffWR8uXtAqoPpuWNgC7XKoaB 4sbeKs8aSIT6JW1RNcMsXZ3amwSElV/6ob7/G5slzHT6V1H4MjPgws6hJ6dIOhYudFUpgPX6G2M+XI w=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/yHqjs-JxRy4YLF7PBEQqHVQJzR4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Dec 2017 20:22:20 -0000

The "Packet Number Gap" is currently specified in section 7.7.1.1 of the transport draft. The section correctly states that "In order to avoid linkage, the packet number gap MUST be externally indistinguishable from random." But then, it goes on to present a cryptographic formula:
~~~
Gap = HKDF-Expand-Label(packet_number_secret,
                        "QUIC packet sequence gap", sequence, 4)
~~~
The formula relies on a "packet number secret" derived from the master secret.

This seems seriously over specified. What is exactly the reason to use this derivation, rather than merely drawing a 32 bit random number? Why the complexity of another call to the crypto library, and another secret to maintain in the connection context? Do we expect the receiving end of the connection to verify that the gap has been computed using the proper secret?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1034