[Technical Errata Reported] RFC9000 (7861)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 20 March 2024 22:40 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69CAEC14F6AD; Wed, 20 Mar 2024 15:40:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1L45zuRps4P9; Wed, 20 Mar 2024 15:40:42 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98514C14F6B1; Wed, 20 Mar 2024 15:40:42 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 8061E1D51; Wed, 20 Mar 2024 15:40:42 -0700 (PDT)
To: jri.ietf@gmail.com, mt@lowentropy.net, quic-ads@ietf.org, matt.joras@gmail.com, lucas@lucaspardue.com
Subject: [Technical Errata Reported] RFC9000 (7861)
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mbishop@evequefou.be, quic@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240320224042.8061E1D51@rfcpa.amsl.com>
Date: Wed, 20 Mar 2024 15:40:42 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/h6pW144UDQ35kgF3hLwH0_tLkQ8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 22:40:46 -0000
The following errata report has been submitted for RFC9000, "QUIC: A UDP-Based Multiplexed and Secure Transport". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7861 -------------------------------------- Type: Technical Reported by: Mike Bishop <mbishop@evequefou.be> Section: 8.1.2 Original Text ------------- If a server receives a client Initial that contains an invalid Retry token but is otherwise valid... Corrected Text -------------- If a server receives a client Initial containing a valid Retry token that does not authenticate the peer address... Notes ----- Valid tokens MUST be a) integrity-protected (Section 8.1.4) and distinguishable as to purpose (Section 8.1.1), i.e. tokens from a Retry packet vs. tokens from NEW_TOKEN frames. To satisfy address validation, they should enable the server to verify the client's transport address. This text does not specify which form of invalidity is being discussed -- failure of integrity protection or a mismatch between the contents of the token and the client's address. Applying this text to all "invalid" tokens which appear to be Retry tokens does not allow for the scenario where the token was generated by another server / another QUIC implementation and is in fact unreadable. Such tokens, even if they appear to be Retry tokens, are supposed to be handled by the requirements in 8.1.3, i.e. ignore the token and handle the packet as if no token were present. This section should be scoped only to tokens which are correctly formatted and readable by the server, but whose contents are not sufficient to prove the client's transport address is valid. Otherwise, the determination that the token is a Retry token cannot be trusted. (This discrepancy appears in a multi-CDN context, where tokens generated by one CDN will sometimes be received by a different CDN; if these tokens appear to be "invalid Retry tokens", the connection is closed when the token should simply be ignored.) Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9000 (draft-ietf-quic-transport-34) -------------------------------------- Title : QUIC: A UDP-Based Multiplexed and Secure Transport Publication Date : May 2021 Author(s) : J. Iyengar, Ed., M. Thomson, Ed. Category : PROPOSED STANDARD Source : QUIC Stream : IETF Verifying Party : IESG
- [Technical Errata Reported] RFC9000 (7861) RFC Errata System