Re: [quicwg/base-drafts] Recommend discarding bad, unauthentication packets (#2141)

MikkelFJ <notifications@github.com> Thu, 13 December 2018 16:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0286D128CFD for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 08:02:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Level:
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EMB1_WLQmBbi for <quic-issues@ietfa.amsl.com>; Thu, 13 Dec 2018 08:02:26 -0800 (PST)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D970128CB7 for <quic-issues@ietf.org>; Thu, 13 Dec 2018 08:02:26 -0800 (PST)
Date: Thu, 13 Dec 2018 08:02:25 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1544716945; bh=dD1vFdKAnNVcoBmHvLJ0zZ1KnK7cgNvG7la9W2jcFq0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BN6L/B0kDUFO2CPOGtrveOgEs2+e/uTBJ1Tu/UerXr53gzCJDZGsPVGPYQh+uhacH NdrMt1IwhGJf6wcBTh/mabG8t15JVtQ6HqiZ+eAXQYIdyxobcYUaxuS7wUVye443rp J/l9j9nxxnI2sjrrudw14Ia2Rx1/ZvVaex9lVRYY=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abac83f56bee9798a067a82f34d65707cf246364fe92cf00000001182a449192a169ce174735aa@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2141/review/184736419@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2141@github.com>
References: <quicwg/base-drafts/pull/2141@github.com>
Subject: Re: [quicwg/base-drafts] Recommend discarding bad, unauthentication packets (#2141)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c12829132be4_2fb13fa5de8d45b43618d3"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/yRzZnColpFukf1AVKx0hZMkluY0>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 16:02:29 -0000

mikkelfj commented on this pull request.



> @@ -1000,6 +1000,12 @@ to more quickly identify when a connection becomes unusable.
 Packets that are matched to an existing connection, but for which the endpoint
 cannot remove packet protection, are discarded.
 
+Invalid packets without packet protection, such as Initial, Retry, or Version
+Negotiation, SHOULD be discarded without altering connection state.  An endpoint

When I say can't close, I mean you should drop packets. Or close if you already affected state as the PR says - even if injection because you can no longer trust yourself - therefore you need to validate carefully before applying state, especially during handshake. You definitely shouldn't try to recover.

That said, perhaps we need to clarify exactly when we switch from dropping to closing. You need to have established a secure line of communication. Bogus TLS can be injection attacks as well as endpoint sourced nonsense.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2141#discussion_r241458778