IETF Logo Mail Archive

Re: How does a server identify a new connection?

Dmitri Tikhonov <dtikhonov@litespeedtech.com> Tue, 04 December 2018 13:54 UTC

Return-Path: <dtikhonov@litespeedtech.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85E1130DD5 for <quic@ietfa.amsl.com>; Tue, 4 Dec 2018 05:54:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.36
X-Spam-Level:
X-Spam-Status: No, score=-3.36 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=litespeedtech-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZeX5oXe8yb1o for <quic@ietfa.amsl.com>; Tue, 4 Dec 2018 05:54:51 -0800 (PST)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 182E9126DBF for <quic@ietf.org>; Tue, 4 Dec 2018 05:54:51 -0800 (PST)
Received: by mail-qk1-x72b.google.com with SMTP id d19so9625641qkg.5 for <quic@ietf.org>; Tue, 04 Dec 2018 05:54:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=litespeedtech-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=PfkxBcnHj4y7RL7VIkBWxrq86q3LbgcRkk37xp/LxsU=; b=tZ85buN6nFSCr+MMkrPPQrs+G6tg3HwMhCUGDu+L2xtAW1DDiQT+h5dZCM4qXRguyB mCn6YDHl034DswDgYR8eiR9aX9dS75lUTeb0lPGeXm4wyQixj65xjMntA1TvL8RZO10E eRxvE+JOFUsIofkEo00MZlo8Zm49Uedy5ebbExwhtHV57qIyT0HYURqeHv55JraBftDY WU3CNHGLU/wiplyoetBq1+y6d5I826AsSrA0ZkdIPebHX6q+VuvGGiWlbBU72N9Vc2JM fY1KveR5iCizARKUevZMpYfit5efd6uD/vZZ5JbED4993Y3wwlTCVWH/5sByVc/zgHhv RAkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to:user-agent; bh=PfkxBcnHj4y7RL7VIkBWxrq86q3LbgcRkk37xp/LxsU=; b=Z23RqxV9TRTTkWghGWpZh0UkMJEpVRJvJCyCQbUVSdkXNVaZMsaiKsDKHuoI0cIclh YDvGLJd5trsSCnNVFZk7YAiYLtjSRlE7udPXmAVkABq+yIfOt4vuSM294/PILQcDxB8r b0CKR0pWbG9hLD64UHb80j21QGpn2f2Wzgo1IkWF6s+n5S8sedpFgkerSB+168dhJpub mLxB/m7NznDlSb37ns+VbjW5Bu93L8jUv0fAV3yFXqbG98Ym7JFjQFYSHMn2az42tWqS LrD1EkBdCL69TOG6K2x7dO+pcnOS6S3/4hmg1jYS3+ga6kV7tuCGmU3rYvKlO+i80yc/ GnEA==
X-Gm-Message-State: AA+aEWa0EY25qAIyo2CugHwSWQmhWgevVwtxV733sgKobqsKcmcHbReg hJBsm3tm1hGCqjSvhmPVy3Jn7A==
X-Google-Smtp-Source: AFSGD/WqQjSHZIpNUf/+pRoXVo1W9K2oDSKH6fFiIAU7PsOKCjq3beWcNyPUsIn7Gq1qBzaF0Rvghw==
X-Received: by 2002:ae9:dfc7:: with SMTP id t190mr17893852qkf.43.1543931690265; Tue, 04 Dec 2018 05:54:50 -0800 (PST)
Received: from ubuntu-dmitri (ool-2f1636b6.static.optonline.net. [47.22.54.182]) by smtp.gmail.com with ESMTPSA id q72sm9881702qki.24.2018.12.04.05.54.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 05:54:49 -0800 (PST)
Date: Tue, 04 Dec 2018 08:54:43 -0500
From: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Christian Huitema <huitema@huitema.net>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, chuck_crisler@affirmednetworks.com, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: How does a server identify a new connection?
Message-ID: <20181204135441.GA25658@ubuntu-dmitri>
Mail-Followup-To: Kazuho Oku <kazuhooku@gmail.com>, Christian Huitema <huitema@huitema.net>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, chuck_crisler@affirmednetworks.com, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
References: <CANatvzw6+HKbXqqP_MK1rvF3dSiLryhMRABnxV6VUmdJnNQoKw@mail.gmail.com> <20181203031430.GA29864@ubuntu-dmitri> <CANatvzxicJ2D48cpNJe3Cz8+ju0VJmf25+8NTdjSvJXH8j9bog@mail.gmail.com> <20181203135630.GA8140@ubuntu-dmitri> <CAN1APdd8h0wVSr6kpLXnc7T7O5tbPBbsij9jyV6ooUxMAHg8Xw@mail.gmail.com> <CAN1APdceYdWGGBgBLc-b6+SLP0x_dZHXDhDqq3TCpPmYdbssbA@mail.gmail.com> <5250b1be4c8f450f877f310aff0f0785@affirmednetworks.com> <CAN1APdd7LTk+eaOLg5MF7RL0_uzD2HBEosd1Ruyep-nN=-hBJQ@mail.gmail.com> <35a756a3-89e8-e817-bfd4-615fe6dfa2ba@huitema.net> <CANatvzxPvY7o6+7+nLhNBTXsYX6CnggRN58w7ej+KWeyG0VL0A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANatvzxPvY7o6+7+nLhNBTXsYX6CnggRN58w7ej+KWeyG0VL0A@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Z1XKIwl6XNII1M9mhZYlytz5MwY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2018 13:54:53 -0000

On Tue, Dec 04, 2018 at 10:23:11AM +0900, Kazuho Oku wrote:
> Therefore, man-on-the-side attack-resistant Initial exchange becomes
> practical:
> * if the server considers different initial ClientHellos as belonging
>       to different connections
>
> [...]
>
> First point is what PR #2076 tries to address.

I would like to understand what server is expected to do.  Let's say
it has several connections that have the same SCID/DCID.  Now the
second packet from the client comes in:

    Is the server to try each of its connection candidates in
    turn to see which one successfully decrypts the packet?

  - Dmitri.

v2.23.0 | Report a Bug | By Email