IETF Logo Mail Archive

RE: draft-tiesel-quic-unreliable-streams-01 - comments

Roni Even <roni.even@huawei.com> Sun, 05 November 2017 07:32 UTC

Return-Path: <roni.even@huawei.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FD8C13FB5B for <quic@ietfa.amsl.com>; Sun, 5 Nov 2017 00:32:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pWMeZ5qga0m for <quic@ietfa.amsl.com>; Sun, 5 Nov 2017 00:32:37 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71F1913FA6E for <quic@ietf.org>; Sun, 5 Nov 2017 00:32:37 -0700 (PDT)
Received: from 172.18.7.190 (EHLO LHREML713-CAH.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DRZ90124; Sun, 05 Nov 2017 07:32:34 +0000 (GMT)
Received: from DGGEMM402-HUB.china.huawei.com (10.3.20.210) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.361.1; Sun, 5 Nov 2017 07:32:33 +0000
Received: from DGGEMM506-MBX.china.huawei.com ([169.254.3.14]) by DGGEMM402-HUB.china.huawei.com ([10.3.20.210]) with mapi id 14.03.0361.001; Sun, 5 Nov 2017 15:32:28 +0800
From: Roni Even <roni.even@huawei.com>
To: "Philipp S. Tiesel" <phils@in-panik.de>
CC: QUIC WG <quic@ietf.org>
Subject: RE: draft-tiesel-quic-unreliable-streams-01 - comments
Thread-Topic: draft-tiesel-quic-unreliable-streams-01 - comments
Thread-Index: AQHTVBwwoDixcEmLIk67t+44J7ng4KMFZwIg
Date: Sun, 05 Nov 2017 07:32:27 +0000
Message-ID: <6E58094ECC8D8344914996DAD28F1CCD832288@DGGEMM506-MBX.china.huawei.com>
References: <6E58094ECC8D8344914996DAD28F1CCD82A735@DGGEMM506-MBS.china.huawei.com> <FBF9665E-15CE-437B-A575-25AEA7C88073@in-panik.de>
In-Reply-To: <FBF9665E-15CE-437B-A575-25AEA7C88073@in-panik.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.200.202.65]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.59FEBE93.003E, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.14, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 455e522544b23ad160bdb3e6b2c410bd
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/hLxXMaYcqq5qu1ES-7Kwr28gOWg>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2017 07:32:40 -0000


> -----Original Message-----
> From: Philipp S. Tiesel [mailto:phils@in-panik.de]
> Sent: יום ה 02 נובמבר 2017 22:50
> To: Roni Even
> Cc: QUIC WG
> Subject: Re: draft-tiesel-quic-unreliable-streams-01 - comments
> 
> Hi
> 
> > On 1. Nov 2017, at 14:03, Roni Even <roni.even@huawei.com> wrote:
> >
> > Hi,
> >
> > I think support for unreliable streams is important for unidirectional and bi-
> directional streams and even if it is V2 we still need to take support for it into
> account. One use case is RTP over QUIC.
> >
> > Small comments:
> >
> > In section 4.2 “ The loss of such a frame does not introduce state at the
> perceived receiver”. If new streams are opened with higher stream ID,  it
> implicitly opens this one frame stream that was lost in the receiver. I think it
> still requires the sender to send a reliable FIN to close this stream.
> 
> You’re right. I overlooked this. – The draft says:
>   Streams MUST be created in sequential order. Open streams can be used in
>   any order. Streams that are used out of order result in lower-numbered
>   streams in the same direction being counted as open.
> 
> I don’t know the rational behind this, but I think this is, besides the
> complications for unreliable streams, unfortunate:
>  - with unidirectional streams, this looks a little ambiguous.
>  - it prevents the application in encode its own flags within the stream ID.
> 
> Can anyone tell me the reason for this MUST?
> 
> I Put it on the ToDo-List for -02
> 
> > In the security section “ An active, on path attacker can drop selected
> frames “ . What does it mean selected frames, the whole payload is
> encrypted.
> 
> This is a little complicated:
>  - Assume having “stream-as-a-message” streams with two different kins of
> messages sized A,B
>  - Assume each message fits into one packet, but two messages will not fit
>  - Assume one doesn't want to split packets to fill packets to MTU due to
> latency constrains  => If an attacker know the inside protocol, the attacker
> can distinguish from the packet length wether it is an A or B kind message
> 
> To avoid this, one has to pad all packets… I should clarify this.
[Roni Even] I understand this case but what does selected frames mean, I assume that the attacker does not know what is in each stream in order to select a specific one, so why will he just drop one and not the other or why not both?
> 
> AVE!
>   Philipp S. Tiesel / phils…
> --
>    {phils}--->---(phils@in-panik.de)--->---(http://phils.in-panik.de)----,
>       wenn w eine   aube ist dn      man au dran dre en                   |
>            o     Schr        an muss     hc         h   (Kurt Schwitters) |
> :wq!  <----(phone: +49-179-6737439)---<---(jabber: phils@in-panik.de)----'

v2.23.0 | Report a Bug | By Email