IETF Logo Mail Archive

Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)

Christian Huitema <notifications@github.com> Sat, 03 November 2018 08:54 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04E44124BAA for <quic-issues@ietfa.amsl.com>; Sat, 3 Nov 2018 01:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEo_wZzQahAu for <quic-issues@ietfa.amsl.com>; Sat, 3 Nov 2018 01:54:52 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C8F612426A for <quic-issues@ietf.org>; Sat, 3 Nov 2018 01:54:52 -0700 (PDT)
Date: Sat, 03 Nov 2018 01:54:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1541235290; bh=joz8fwTOm+magJ6h5+M2cfnOUByfntQKVUOiC/lINHk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=PaV19cGoMFufrz88ioPjczsiqMrRcUWSaVQ6DG6eRZugMcn3FlrbQF0biNNUtwoMz hnQtItO7KZCpkuezV9r9LlnqPa97e51SjVcJKcjMdN0RnyH+q3M/VLjR6Hcghex2eQ toRi+YrVWRD57T1cN3T7yFhNk6kg/i1dTU/H99pU=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abf25e8230094e907c2f04d82c53264befafc083e992cf0000000117f5245a92a169ce1678fc4e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1951/435571859@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1951@github.com>
References: <quicwg/base-drafts/issues/1951@github.com>
Subject: Re: [quicwg/base-drafts] Disconnect with Initial Injection (#1951)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bdd625aec7c7_72c03fe4248d45bc136850"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ypvcGntyI33Jyy_9qsgoW2wBlgs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2018 08:54:54 -0000

I think there are two issues that are interacting. We want to limit what the server sends without some continuity test, to prevent amplification attacks. And then we want to prevent injection of initial packets after the handshake key is set, in order to prevent DOS on the connection. The HRR/ServerHello issue is tied to amplification attack prevention. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1951#issuecomment-435571859

v2.34.0 | Report a Bug | By Email | System Status