Martin Duke's Yes on draft-ietf-quic-tls-33: (with COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Tue, 22 December 2020 23:18 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: quic@ietf.org
Delivered-To: quic@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 54AF93A12C9; Tue, 22 Dec 2020 15:18:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-quic-tls@ietf.org, quic-chairs@ietf.org, quic@ietf.org, quic-chairs@ietf.org, mnot@mnot.net
Subject: Martin Duke's Yes on draft-ietf-quic-tls-33: (with COMMENT)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <160867913882.9107.11037319310588558127@ietfa.amsl.com>
Date: Tue, 22 Dec 2020 15:18:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/iwbmNZKWjElORSDtnUSICkAA65c>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 23:18:59 -0000
Martin Duke has entered the following ballot position for draft-ietf-quic-tls-33: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-quic-tls/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - The third-to-last paragraph of Sec 4.1.3 implies that the transport parameters are not delivered until the handshake is complete. In 8.2 it says that the TPs are "available" but "not fully trusted" before completion. The latter is certainly true; but the server can't send 0.5-RTT packets (e.g. a SETTINGS frame) without any indication of the client transport parameters. I would suggest a clarification in 4.1.3 and letting the language in 8.2 stand. - 5.8 says the ODCID field "mitigates an off-path attacker's ability to inject a Retry". First, in quic-transport you defined an off-path attacker (21.1) as someone who can observe but not alter packets. I don't think that's what you mean here, so please use another a term here or explicitly define what you mean in this document. Come to think of it, there are some inconsistent usages of this term in quic-transport as well (14.2.1,17.2.1, 17.2.2 ) Secondly, it is not clear to me what protection this offers beyond the DCID field in the actual Retry Packet (which corresponds to the SCID of the Initial).
- Martin Duke's Yes on draft-ietf-quic-tls-33: (wit… Martin Duke via Datatracker
- Re: Martin Duke's Yes on draft-ietf-quic-tls-33: … Martin Thomson
- Re: Martin Duke's Yes on draft-ietf-quic-tls-33: … Martin Duke
- Re: Martin Duke's Yes on draft-ietf-quic-tls-33: … Lucas Pardue