Questions about Version Negotiation Concerning Possible Handshake Interruption

Lingmo Zhu <zlm2006@gmail.com> Fri, 09 February 2018 09:34 UTC

To: "quic@ietf.org" <quic@ietf.org>
From: Lingmo Zhu <zlm2006@gmail.com>
Subject: Questions about Version Negotiation Concerning Possible Handshake Interruption
Message-ID: <1d386744-c46a-842a-b172-24e290e03668@gmail.com>
Date: Fri, 09 Feb 2018 17:34:29 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/iMW2EZjVxYZb7gW7otZDjBuDHhI>
Precedence: list

Hi

I'm new to QUIC and not sure if that could be considered but for Version 
Negotiation with the same connection ID as Initial packet, client should 
choose an acceptable version from the list. What if spoofing from 
something like router happens? Should mitigations be considered, such as 
adding a delay for validated Version Negotiation handling so that 
following handshake packets could be received later and that fake 
Version Negotiation could be ignored?

Such concerning is just come out from DNS hijacking which is partially 
similar, though for QUIC it would only interrupt the handshake. I'm not 
sure but it might be used by downgrade attack in the future. Of course 
I'm new to this field so my opinion would be wrong.

Thanks.

Lingmo Zhu

Questions about Version Negotiation Concerning Po… Lingmo Zhu
Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
Re: Questions about Version Negotiation Concernin… Martin Thomson
Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
Re: Questions about Version Negotiation Concernin… Lingmo Zhu
Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
Re: Questions about Version Negotiation Concernin… Kazuho Oku
Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
Re: Questions about Version Negotiation Concernin… Lingmo Zhu
Re: Questions about Version Negotiation Concernin… Christian Huitema
Re: Questions about Version Negotiation Concernin… alexandre.ferrieux
Re: Questions about Version Negotiation Concernin… Martin Thomson
Re: Questions about Version Negotiation Concernin… Kazuho Oku
Re: Questions about Version Negotiation Concernin… alexandre.ferrieux
Re: Questions about Version Negotiation Concernin… Lingmo Zhu
Malicious Version Negotiation Handling (Was: Ques… Lingmo Zhu
Re: Malicious Version Negotiation Handling (Was: … Mikkel Fahnøe Jørgensen
Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
Re: Malicious Version Negotiation Handling (Was: … Lingmo Zhu
Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
Re: Malicious Version Negotiation Handling (Was: … Subodh Iyengar
Re: Malicious Version Negotiation Handling (Was: … Lingmo Zhu
Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
Re: Malicious Version Negotiation Handling (Was: … Christian Huitema
Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
RE: Malicious Version Negotiation Handling (Was: … Lubashev, Igor
Re: Malicious Version Negotiation Handling (Was: … Christian Huitema
Re: Malicious Version Negotiation Handling (Was: … Mikkel Fahnøe Jørgensen
Re: Malicious Version Negotiation Handling (Was: … Spencer Dawkins at IETF