IETF Logo Mail Archive

Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)

MikkelFJ <notifications@github.com> Mon, 30 July 2018 17:20 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84521131124 for <quic-issues@ietfa.amsl.com>; Mon, 30 Jul 2018 10:20:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.009
X-Spam-Level:
X-Spam-Status: No, score=-8.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3lB1-HstvaO for <quic-issues@ietfa.amsl.com>; Mon, 30 Jul 2018 10:20:01 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5101130E76 for <quic-issues@ietf.org>; Mon, 30 Jul 2018 10:20:00 -0700 (PDT)
Date: Mon, 30 Jul 2018 10:20:00 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1532971200; bh=rvi244mINdHmgW4AvFlGG1yRMMjXvQ5WkGALK8rP+PA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=mkUH5QsZ3HDsKZgh8bsOK1C0V7VNTEWBxt6rShV6KGEbiHzV5Hs9HthLmrcDxqNez j3MxGn/iVoThQe0V1gBANQ7jfFXlJS5uCTxkxuSOjkINrPyOzB+B2+uqoDIP9sk6tp ErfntA2ZjTDVaB6oeTBznEbTql7CiaGTiizPpguI=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9dc4fa3d65199f7ce219991e91f910c2a93e8f5892cf0000000117770ac092a169ce140801b8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1486/408941083@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1486@github.com>
References: <quicwg/base-drafts/issues/1486@github.com>
Subject: Re: [quicwg/base-drafts] Client's initial destination CID is unauthenticated (#1486)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b5f48c011928_15293fd6bd6be6202153cd"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/yNlPfgj-YuQtH2kn6E6ucpRqP_g>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 17:20:04 -0000

@ad-l Why do you say the CID it is not authenticated?

In early handshake where AEAD is not safe, the question was if the original CID is authenticated, and we have established that it is, eventually - because if the first packet is forged, the traffic keys come out wrong preventing the connection from being established.

In short headers where full traffic keys are available, the AEAD tag protects the CID, so it cannot change length by anyone on path, except for the end-points with the traffic keys.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1486#issuecomment-408941083

v2.23.0 | Report a Bug | By Email