IETF Logo Mail Archive

Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)

Magnus Westerlund <notifications@github.com> Mon, 18 June 2018 13:27 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2ACC130DE2 for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 06:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzoHbhegBqxO for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 06:27:30 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A22C812F1A5 for <quic-issues@ietf.org>; Mon, 18 Jun 2018 06:27:30 -0700 (PDT)
Date: Mon, 18 Jun 2018 06:27:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529328450; bh=8SSjBdHGRgZvSHoT9HAH9nu1ZBxShJpsOu9EAHZSDHs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hvqEz6auMQPn3C1ua/NwLAWmmmiRJXwIDL2Max125YPDOpuZuCh3wdfVyK4L7uzyR sLH41HSr3q9L21DhCmDVXY4r/3wA9De79RKuXwB8TztMwBfatVJXlG9TVXtK7sSODm 77M5XEMYFjLUuG3wzx5gCySVu5IO2t2gVPvH/0fo=
From: Magnus Westerlund <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abe357520be4f7a39b2d02a6251280be956faa808892cf00000001173f754292a169ce138d6870@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1405/398053419@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1405@github.com>
References: <quicwg/base-drafts/issues/1405@github.com>
Subject: Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b27b342d4b5_7b073faa1435ef781918d8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: gloinul
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/zBeQJ_hj64yurx_L6T9XvEGpWPE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jun 2018 13:27:33 -0000

An important clarification about this attack: The attack on AES-GCM is definitely valid for truncated authentication tags. However, my co-author clarified to me that this is not an issue for untruncated tags. So as long as QUIC uses 128 bit authentication tags for AES-GCM we should have no issue from a cryptographic perspective.

I still think not having any requirement on replay protection at the main protocol level puts a lot of responsibility on the designers of extensions as well as implementers to ensure that things truly are idempotent when sent input. 

@kazuho 

> My understanding is that the following statement in the transport draft section 5 covers this: "All QUIC frames are idempotent. That is, a valid frame does not cause undesirable side effects or errors when received more than once."

This text is only in master and was not in -12, so I didn't see it at the time I wrote the ECN PR. I think the extensibility text probably needs an RFC 2119 requirement on that any new frame types needs to fulfill that requirement. But, to fulfill that for ECN, at least if there are no strict requirement on duplication suppression do requires the ECN specification to change. Either to do receiver side suppression of the ECN field value so that it doesn't matter, or change the encoding so that one handles the duplicated packets correctly. 



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1405#issuecomment-398053419

v2.30.2 | Report a Bug | By Email | System Status