IETF Logo Mail Archive

Re: Connection IDs

Martin Thomson <martin.thomson@gmail.com> Wed, 07 March 2018 22:37 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DB43126CBF for <quic@ietfa.amsl.com>; Wed, 7 Mar 2018 14:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aycfp2lY7GDa for <quic@ietfa.amsl.com>; Wed, 7 Mar 2018 14:37:44 -0800 (PST)
Received: from mail-ot0-x231.google.com (mail-ot0-x231.google.com [IPv6:2607:f8b0:4003:c0f::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 402C1124B17 for <quic@ietf.org>; Wed, 7 Mar 2018 14:37:44 -0800 (PST)
Received: by mail-ot0-x231.google.com with SMTP id w38so3624596ota.8 for <quic@ietf.org>; Wed, 07 Mar 2018 14:37:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=aOwPrwc/fv8TY9RV4tVd+FvbQL6FPIiLn3ed9Ss6mVc=; b=OCoyYUTX7rRSrHMlZpdkya45fk8xjrYAzN8HtsWJPHWoJZIpRzgWwfTyw40yNCQw0X BJ//QYkaBmPwAiJo0eZQC/kDW5QZwhlIKTSV+Zt7EYVYOVpOHjGiRPjX8MP1xKDQeiJB rGfM5OXLCl9hL98XO0Cuh3YD/bNMkCKshHb8kuHP1pOxGQ/qIhoBV2aB2yttV8L6oKs+ z+g/1u2Gmx9w9Vhz+8JwRCbYVjb46fzR1jmzuW09hXbDh0qEU4nvMorQ7pZHNTdBignm YCSX0N+RXk0f23y9VintvPlpjw5Wdl0T8x2Jx/8G2kzvOlTMMtCokkgg+7URc/Vb7JKj cwNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=aOwPrwc/fv8TY9RV4tVd+FvbQL6FPIiLn3ed9Ss6mVc=; b=bkAMWbBiAqg1kkz6jngec5vWT7eYAgMDPU6LkDIPwIaTvR8+6UorWeWHZH0VvUYvAZ KU5lD37HxRl5Fn/OroPWMqV+XwvO66unTTNDHo31nra6xEEPfMeHR8d0d44+wNobCV51 MbZWIhcQmAQOttw/jiW+pDZk3BfIuoZlfOGzkIObpLXhl9QpjY7TxBv5KtrE5OvECw/E gqUg53fd8P52UGZQ4E83MJjfHJEMc8/E+vduwzEzk4KKU49UQCGXeBFFFa/JzeS2C19n CMLUowz7GYF5YUXRFF7UbGnS0Vm1iKemRnp8pWLeZLAK8HHo5c/HUtXNzWzSiDJop1v+ I7Zg==
X-Gm-Message-State: AElRT7Hx3eKBTY8YT5h29pjRPKSpMtsVQOf7mPKQApPcnYW3Rs/46MAn WZ7WUOXpTuArF3gv9cPpgpYL5/ZkmNkDystIYnU=
X-Google-Smtp-Source: AG47ELvQ3XasgK2FwY6zItEC7CyElzuYds9uxdDccBcUESLHD5GV1lDUotqya+A14WwAE2N2Vru4Br/k4ADCVwNO+iY=
X-Received: by 10.157.12.229 with SMTP id o34mr17542840otd.352.1520462263495; Wed, 07 Mar 2018 14:37:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.16.85 with HTTP; Wed, 7 Mar 2018 14:37:43 -0800 (PST)
In-Reply-To: <CACpbDccER27gggsst4DPf-JhtZNDQGdYMX8neaHVcfR19T3hzA@mail.gmail.com>
References: <CABkgnnVSCnmzjWOZwQM+ctTxFXVzsVYe6Q3Zzk4yj3LNTYUtHw@mail.gmail.com> <CAOdDvNo9qmZqmEXBGM4bM6q3EO1FGuUxLSSWsVhNEYsn5u9puQ@mail.gmail.com> <CAKcm_gMR070JUegQbDw--RNr+0XYiBMwaTM3MBmqUo21u922TQ@mail.gmail.com> <CACpbDccpuNWnX=Y+gKaPxLEjUOnvu+hr9FqH+R6ZspwOfUq-qg@mail.gmail.com> <CABkgnnUPJYG-QE4qxfOd-6AoHHgxVq4K=EyRfoxkcvdDF=oaZA@mail.gmail.com> <MWHPR15MB18215C39DCB3DC5398778EC6B6D80@MWHPR15MB1821.namprd15.prod.outlook.com> <SN1PR08MB1854C45248CD637877C50FACDAD80@SN1PR08MB1854.namprd08.prod.outlook.com> <CACpbDccER27gggsst4DPf-JhtZNDQGdYMX8neaHVcfR19T3hzA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 08 Mar 2018 09:37:43 +1100
Message-ID: <CABkgnnXcuH8tsgSud-3=8-V96NVVUoYFQe1EZJAbLeTJ74fc_A@mail.gmail.com>
Subject: Re: Connection IDs
To: Jana Iyengar <jri.ietf@gmail.com>
Cc: Mike Bishop <mbishop@evequefou.be>, Subodh Iyengar <subodh@fb.com>, Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/RFw4CfJwUSw7YBuy_ZHEffEMaj0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 22:37:46 -0000

Comments are always appreciated :)

On Thu, Mar 8, 2018 at 8:48 AM, Jana Iyengar <jri.ietf@gmail.com> wrote:
> I approved the design earlier and I still approve the design, employer
> notwithstanding :-)
> I have comments, which I've left on the PR.
>
> - jana
>
> On Wed, Mar 7, 2018 at 12:35 PM, Mike Bishop <mbishop@evequefou.be> wrote:
>>
>> I think Christian’s concerns were addressed.  Language was added to
>> require that if you see a CID change, you also need to move to the next CID
>> you have available.  An issue was opened to track the “what if you run out?”
>> question.
>>
>>
>>
>> There was briefly language added saying that if you see the peer change
>> addresses without changing CIDs, you should change CIDs for them.  However,
>> if we do that, an on-path attacker can start rewriting source addresses on
>> packets to drain your pool of allocated CIDs and force you into the
>> newly-opened issue.
>>
>>
>>
>> However, Christian should confirm whether these resolve his concerns.
>>
>>
>>
>> From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Subodh Iyengar
>> Sent: Wednesday, March 7, 2018 12:26 PM
>> To: Martin Thomson <martin.thomson@gmail.com>; Jana Iyengar
>> <jri.ietf@gmail.com>
>> Cc: Ian Swett <ianswett@google.com>; IETF QUIC WG <quic@ietf.org>; Patrick
>> McManus <pmcmanus@mozilla.com>
>> Subject: Re: Connection IDs
>>
>>
>>
>> Unsurprisingly I am positive on the direction of this as well and the PR
>> looks good to me
>>
>>
>>
>> Note: I do not work for mozilla or google :), but was a part of the connid
>> design
>>
>>
>>
>> IIRC there was one unresolved question by Christian about both clients and
>> servers needing to change the connids to enforce linkability, was that
>> resolved?
>>
>>
>>
>> Subodh
>>
>> ________________________________
>>
>> From: QUIC <quic-bounces@ietf.org> on behalf of Martin Thomson
>> <martin.thomson@gmail.com>
>> Sent: Wednesday, March 7, 2018 12:19:02 PM
>> To: Jana Iyengar
>> Cc: IETF QUIC WG; Patrick McManus; Ian Swett
>> Subject: Re: Connection IDs
>>
>>
>>
>> Just to add to this and bring this list up to speed...
>>
>> Ian opened https://github.com/quicwg/base-drafts/issue/1166 which
>> suggests moving the Version field into a fixed location.
>>
>> To that end: https://github.com/quicwg/base-drafts/pull/1167
>>
>> Does anyone have anything more to add (perhaps someone who does not
>> work for Mozilla or Google) here?  The feedback I've received is
>> overwhelmingly positive thus far and my hope is to merge this ahead of
>> the editors starting an extended editing session next week.
>>
>>
>> On Tue, Mar 6, 2018 at 12:04 PM, Jana Iyengar <jri.ietf@gmail.com> wrote:
>> > +1 to this is the direction we're all converging on.
>> >
>> > On Mon, Mar 5, 2018 at 6:01 AM, Ian Swett
>> > <ianswett=40google.com@dmarc.ietf.org> wrote:
>> >>
>> >> Agreed, I unsurprisingly think this is the right direction.
>> >>
>> >>
>> >> On Mon, Mar 5, 2018 at 8:05 AM Patrick McManus <pmcmanus@mozilla.com>
>> >> wrote:
>> >>>
>> >>> big picture this is good.
>> >>>
>> >>> On Sun, Mar 4, 2018 at 8:54 PM, Martin Thomson
>> >>> <martin.thomson@gmail.com>
>> >>> wrote:
>> >>>>
>> >>>> I've written up a PR that enacts the changes suggested by the design
>> >>>> team [1].
>> >>>>
>> >>>> https://github.com/quicwg/base-drafts/pull/1151
>> >>>>
>> >>>> This adds two connection IDs to the long header.  An explicit length
>> >>>> is added for each.
>> >>>>
>> >>>> The short header includes the raw connection ID without any C bit or
>> >>>> length.
>> >>>>
>> >>>> I've tried to explain the limitations of the design where they apply.
>> >>>> That includes stateless reset.
>> >>>>
>> >>>> This PR necessarily includes some choices about less critical
>> >>>> aspects,
>> >>>> such as how connection ID lengths are encoded.  I ask that you try to
>> >>>> separate objections about minor issues like this from more serious
>> >>>> structural concerns.  I'm happy to discuss details, but I'm most
>> >>>> interested in whether this is broadly the right direction first.
>> >>>>
>> >>>> Cheers,
>> >>>> Martin
>> >>>>
>> >>>> p.s., happy draft submission deadline day
>> >>>>
>> >>>> [1]
>> >>>>
>> >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_quic_l-5Fb1NnBmQpQGCxCfQteOMkft-2DlE&d=DwIBaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=tfbg3BLo-IK9aUKrHNiK-A7EBi5XuVtoq9cZsYYBwbA&s=50Q1gLhlSOcRuTmcpkgAnBusZim2NElvKAFN6IIX2Ec&e=
>> >>>>
>> >>>
>> >
>
>

v2.23.0 | Report a Bug | By Email