Path verification contradictions in Connection migration
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 16 May 2018 10:01 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12AB212D967 for <quic@ietfa.amsl.com>; Wed, 16 May 2018 03:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.411
X-Spam-Level:
X-Spam-Status: No, score=-2.411 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCQ-5lBxqycA for <quic@ietfa.amsl.com>; Wed, 16 May 2018 03:01:03 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B2A112D7F2 for <quic@ietf.org>; Wed, 16 May 2018 03:01:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1526464861; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ToH37s//m7b0YCk58JSkfRUSmr+CMQ8uvXeE497ufRY=; b=We8OSZPDoG0qXNLz9XlG5PsLo+XzpAD5E11FlBn4s7RzgoL+ogb5MI7w5Lv+RgbZ 12RkANlBHeegEnS+D9Iu85iOjOaI2grJSOTqyNVhOk1pnfaKmfLaAzvmrdzEValr 6cXcMwHAH6CyWsuTkvWOh4FcXk5Z+sfxJGd1IiHXzvg=;
X-AuditID: c1b4fb3a-5a4b59c000006a47-d8-5afc015df559
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id B7.33.27207.D510CFA5; Wed, 16 May 2018 12:01:01 +0200 (CEST)
Received: from [147.214.161.108] (153.88.183.153) by smtps.internal.ericsson.com (153.88.183.72) with Microsoft SMTP Server (TLS) id 14.3.382.0; Wed, 16 May 2018 12:00:59 +0200
To: IETF QUIC WG <quic@ietf.org>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Subject: Path verification contradictions in Connection migration
Message-ID: <6842c0d0-f186-7043-31d5-c05a0fa4dba9@ericsson.com>
Date: Wed, 16 May 2018 12:00:59 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-Originating-IP: [153.88.183.153]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKLMWRmVeSWpSXmKPExsUyM2K7h24s458ogxNnzC16FnA7MHosWfKT KYAxissmJTUnsyy1SN8ugSvjzfKrTAXPBSuWvj3B2sC4ka+LkZNDQsBE4sT7PewgtpDAEUaJ b590IewtjBIn1gR2MXJwiAgoSKxp4AQJswlYSNz80cgGYgsLOEo0tv9mArF5BewlGj++YgGx WQRUJfbueAg2UlQgRuLH0S4WiBpBiZMzn7CAjGQGqn+wtQwkzCwgL9G8dTYzhC0u0fRlJSvE BdoSDU0drBBXKklcn3edZQIj/ywkk2YhTJqFZNIsJJMWMLKsYhQtTi0uzk03MtJLLcpMLi7O z9PLSy3ZxAgMvINbflvtYDz43PEQowAHoxIPb8Pf31FCrIllxZW5hxglOJiVRHgzeYFCvCmJ lVWpRfnxRaU5qcWHGKU5WJTEeZ3SLKKEBNITS1KzU1MLUotgskwcnFINjCz8cvvYb/TccU0q ORTif0TJ4EnUhhKOO28b+f72LC7/8J61bvnJL4bH2Djk900N4PueFpDglnro5uqergkKVecn nnp16cJFztPFXxfNvMnH1Ja7br4+T2vih+Lv4ceXJb475vQn8ED5q+TUX4v4qzYxtrPn/3T0 bHOoXOpuOT33EKvWG5tfe5RYijMSDbWYi4oTAa4tQ784AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/JugnT_PHOE1rbTQKGXDlildGnTk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 10:01:10 -0000
Hi, I was looking at the connection migration text in transport-11: Section 6.8.2 says: Each endpoint validates its peer's address during connection establishment. Therefore, a migrating endpoint can send to its peer knowing that the peer is willing to receive at the peer's current address. Thus an endpoint can migrate to a new local address without first validating the peer's address. Receiving acknowledgments for data sent on the new path serves as proof of the peer's reachability from the new address. Note that since acknowledgments may be received on any path, return reachability on the new path is not established. To establish return reachability on the new path, an endpoint MAY concurrently initiate path validation Section 6.7 on the new path. Then Section 6.8.3 says: Receiving a packet from a new peer address containing a non-probing frame indicates that the peer has migrated to that address. In response to such a packet, an endpoint MUST start sending subsequent packets to the new peer address and MUST initiate path validation (Section 6.7) to verify the peer's ownership of the unvalidated address. It is especially the Note in 6.8.2 second of above paragraphs that I find contradicting. When the server receives the clients non-probing frames from the client's new address, then the server MUST send the ACK for that packet towards the client's new address. That is at least how I interpret the second in Section 6.8.3 paragraph. Yes, from the server's perspective the serve->client path is unverified. However, I don't understand how the first part of the Note would be possible: "Note that since acknowledgments may be received on any path"? Cheers Magnus Westerlund ---------------------------------------------------------------------- Network Architecture & Protocols, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Path verification contradictions in Connection mi… Magnus Westerlund