Re: [quicwg/base-drafts] Does a Retry really need to change the CID? (#2837)

Mike Bishop <notifications@github.com> Wed, 07 August 2019 18:46 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61346120602 for <quic-issues@ietfa.amsl.com>; Wed, 7 Aug 2019 11:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Level:
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1GqDJOtEpVjU for <quic-issues@ietfa.amsl.com>; Wed, 7 Aug 2019 11:46:42 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7736D120152 for <quic-issues@ietf.org>; Wed, 7 Aug 2019 11:46:42 -0700 (PDT)
Date: Wed, 07 Aug 2019 11:46:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1565203601; bh=5ux8pXNh38XXkqX3hydckLpwnj6NExlE31ubxQlVBTM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=M7v3wNcv2f05wNXzrl6Ycd7Ey2+91ZewPcVVehPz1ofjQaJ6U0CIFs3d6EDT6Txtx dvaZOvddU1rgIajx3uXphdG3/rbQWe9VqDuJ6hp8rsfzCpCvTqLE3PzHL4KVZyJ9Kf NExXxNO7SQAhFT1XsdVFIfUs0ZmQfrR4/wm2L2nE=
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK77U4RZ3Y25F3YHRHF3LBHRDEVBNHHBW2NK2Q@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2837/519222617@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2837@github.com>
References: <quicwg/base-drafts/issues/2837@github.com>
Subject: Re: [quicwg/base-drafts] Does a Retry really need to change the CID? (#2837)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d4b1c9169ea6_59f03fed1eacd9602913aa"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ygXH9vK6bosWJW73P2FIkU19msY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 18:46:45 -0000

Another reason, I think:  By requiring it to change, the ODCID becomes something that the server can include in the TPs to ensure than an on-path attacker didn't inject a Retry before the Initial reached the server.  It proves that the sender of the Retry was, if not the server itself, affiliated with it.  Otherwise, the ODCID is potentially still in the client's Initial for the server to echo back without coordination.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2837#issuecomment-519222617