Re: Cookie crumbling in QPACK?
Roberto Peon <fenix@fb.com> Fri, 07 June 2019 17:13 UTC
Return-Path: <prvs=1061be3254=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F62120189 for <quic@ietfa.amsl.com>; Fri, 7 Jun 2019 10:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=S+9s1gSj; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=aNybEHuU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tm1OacK-xSB for <quic@ietfa.amsl.com>; Fri, 7 Jun 2019 10:12:59 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F6D8120178 for <quic@ietf.org>; Fri, 7 Jun 2019 10:12:59 -0700 (PDT)
Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x57HCr38031321; Fri, 7 Jun 2019 10:12:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=weiXMqUM2TmgGgJJcMEP9UT3M8CSm907ZgNYyWK9lGs=; b=S+9s1gSjckMa76o+fy2wMqNOTq2xVXYSrKUZOR74HXkFM4Ok+CHPMZtXL2DZR4wf6kz6 wCzA24+ZotfLwRYUJIcB6s8/8OnEvTaknJC5hthrTFr1BGKsacOZQd5Rk9mUJNOa+Mx6 SEuRFEb8+8ylq/GGgDQQW+gdmdlN9Sf49CI=
Received: from maileast.thefacebook.com ([163.114.130.16]) by mx0a-00082601.pphosted.com with ESMTP id 2syrgw0ufk-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 07 Jun 2019 10:12:59 -0700
Received: from ash-exhub101.TheFacebook.com (2620:10d:c0a8:82::e) by ash-exhub203.TheFacebook.com (2620:10d:c0a8:83::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 7 Jun 2019 10:12:35 -0700
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (100.104.31.183) by o365-in.thefacebook.com (100.104.35.173) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 7 Jun 2019 10:12:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=weiXMqUM2TmgGgJJcMEP9UT3M8CSm907ZgNYyWK9lGs=; b=aNybEHuUSduGoBMrHphDhNliMu2sJ7ac7A8LvwE+QQbDVZHqscmjiKLGVjWMo2Apv4/ytrS+Ul5OBkhSshi1ZWhV2pQeGORU1Xw4jfbFfNKWWU/ApW1dDLqucw5fDFrBiMZbPcROEMzRA5cplcpu6khqv49siYNrDezORcEr/Y8=
Received: from CY4PR15MB1542.namprd15.prod.outlook.com (10.172.160.9) by CY4PR15MB1416.namprd15.prod.outlook.com (10.172.160.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.22; Fri, 7 Jun 2019 17:12:34 +0000
Received: from CY4PR15MB1542.namprd15.prod.outlook.com ([fe80::e0d4:26ff:76c:391a]) by CY4PR15MB1542.namprd15.prod.outlook.com ([fe80::e0d4:26ff:76c:391a%9]) with mapi id 15.20.1943.026; Fri, 7 Jun 2019 17:12:34 +0000
From: Roberto Peon <fenix@fb.com>
To: Ryan Hamilton <rch=40google.com@dmarc.ietf.org>, Alan Frindell <afrind@fb.com>
CC: Bence Béky <bnc=40google.com@dmarc.ietf.org>, "quic@ietf.org" <quic@ietf.org>
Subject: Re: Cookie crumbling in QPACK?
Thread-Topic: Cookie crumbling in QPACK?
Thread-Index: AQHVHMOHXaQrvDMq1Uu88/DpXzDJ26aQXi0AgAAP5YD//4tygA==
Date: Fri, 07 Jun 2019 17:12:34 +0000
Message-ID: <9CF4862E-400A-4338-939A-8C222B73B483@fb.com>
References: <CACMu3tr58b1GPOiq3aAt9PC+VTrm5+G1+KVfKup8VmEDOONKDw@mail.gmail.com> <CACMu3toTXbejBYrbno8yyaQKrPa27a4Gg4XOn+eFbOZH+AqDjQ@mail.gmail.com> <39BCBB46-D35D-44F7-9069-A49BD8CA0C98@fb.com> <CAJ_4DfQQKO=4YFcWuSWKQ_Ru=E5b77MhpjUw=zrZom3pA-Frbw@mail.gmail.com>
In-Reply-To: <CAJ_4DfQQKO=4YFcWuSWKQ_Ru=E5b77MhpjUw=zrZom3pA-Frbw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
x-originating-ip: [2620:10d:c090:200::2:561b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 85b90177-60ff-4f87-c696-08d6eb6b557e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR15MB1416;
x-ms-traffictypediagnostic: CY4PR15MB1416:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <CY4PR15MB14161790C612BBA7E501C74DCD100@CY4PR15MB1416.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0061C35778
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(136003)(39860400002)(396003)(376002)(189003)(199004)(81166006)(6486002)(8676002)(81156014)(82746002)(478600001)(7736002)(6636002)(66946007)(36756003)(86362001)(3480700005)(4744005)(5660300002)(25786009)(229853002)(33656002)(53546011)(54906003)(58126008)(6116002)(6436002)(6512007)(256004)(99286004)(316002)(8936002)(76176011)(71200400001)(2906002)(83716004)(110136005)(2616005)(476003)(66556008)(6506007)(46003)(486006)(4326008)(14454004)(446003)(6246003)(76116006)(11346002)(53936002)(66476007)(73956011)(186003)(66446008)(71190400001)(236005)(6306002)(91956017)(54896002)(102836004)(68736007)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR15MB1416; H:CY4PR15MB1542.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BT1x2tvfXOTEAZ/ND6tkdepPBIxkMkjDyjCPl594F2yv3Wk7CbDWKYk0R3+v4X6uAn3Q17hsOdtz+yyPEPzdo4WrB08X24mTh2ZiOS/MqDE/pO75bEIYTdBUFWvUMTXtGQl89rQsGFGnDW9YVCtIkboWrd5HqmfZf8hUWeqCAovvPMtEuuZ+eAqk8DmSp4ZthUmb8taerg7KMyTne+kVJ+WGApCNI29JzkFeWJ9xwam9iQMj0A/WI5T1xNUAcelSQ3wWuwe+jWalMRqIHlW/6CIlGfyflFOT8ZLpfQRAG++wtVwtH6fqCWuM1VPduWELXI8oNK6dDsRDaM8+mM1uXE+SeoGje1mK+eFzar+379SKLFPPa5SFexfTm0wE3TTlQtT2SWGPIQ1bMRGJKbcCbPwU1v188FdZUbSIfSIYKHU=
Content-Type: multipart/alternative; boundary="_000_9CF4862E400A4338939A8C222B73B483fbcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 85b90177-60ff-4f87-c696-08d6eb6b557e
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2019 17:12:34.6522 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fenix@fb.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR15MB1416
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-06-07_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906070115
X-FB-Internal: deliver
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/JoxPD_BzZqnUfP3cNasgGyKfSow>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 17:13:01 -0000
Normative reference would make a lot of sense, I think. -=R From: QUIC <quic-bounces@ietf.org> on behalf of Ryan Hamilton <rch=40google.com@dmarc.ietf.org> Date: Friday, June 7, 2019 at 10:11 AM To: Alan Frindell <afrind@fb.com> Cc: Bence Béky <bnc=40google.com@dmarc.ietf.org>, "quic@ietf.org" <quic@ietf.org> Subject: Re: Cookie crumbling in QPACK? On Fri, Jun 7, 2019 at 9:13 AM Alan Frindell <afrind@fb.com<mailto:afrind@fb.com>> wrote: It should be as safe for QPACK as it is for HPACK. Since HTTP/2 went out of the way to mention it in the draft, I suppose HTTP/3 should also? Agreed. I think HTTP/3 should either mention it explicitly, or normatively reference 8.1.2.5.
- Cookie crumbling in QPACK? Bence Béky
- Re: Cookie crumbling in QPACK? Alan Frindell
- Re: Cookie crumbling in QPACK? Ryan Hamilton
- Re: Cookie crumbling in QPACK? Roberto Peon
- RE: Cookie crumbling in QPACK? Mike Bishop