Analysis of version negotiation
Martin Thomson <mt@lowentropy.net> Wed, 24 March 2021 03:26 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71A773A1F0D for <quic@ietfa.amsl.com>; Tue, 23 Mar 2021 20:26:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=XRz90WiL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TnHG31Cp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqLRXiFivfh9 for <quic@ietfa.amsl.com>; Tue, 23 Mar 2021 20:26:18 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69E03A1F0B for <quic@ietf.org>; Tue, 23 Mar 2021 20:26:18 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id C2C841687 for <quic@ietf.org>; Tue, 23 Mar 2021 23:26:17 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Tue, 23 Mar 2021 23:26:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=E4Th3tb+LQ/5QlAh6vvd3N+b7UPeu4T1ekNO1YtrmHY=; b=XRz90WiL HiYFaPF/Et1QtUd954Mnva7hDcc9vXtjzrLuXDthNO0YFJTO3c6ieAQ55CEaGaNQ Pf7JKr87OfFWxCy6IuF0UsUy95Hgl8xr/uhUhi57CQVNypkftqI6/Ml3CiYRn4HK Lee5Dh3edqkLsgLOWR4+xLt/Q4HWwA7t3jFln4/fglftcEvBcbJW4RAuPlksrGMH pL1njQ7EtglAKAeK7vSItJD0XZno0qOtJEoAUHW72WdJEt5t+0lPUUc5JL1bj0Zs Ypt4bLtnO08/B1+TnyIEvLjYsi7KA2iTjec9Xmd+MWM6y88aJtrzN6Ftt3VUHvh8 gMNLcNQRWW026w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=E4Th3tb+LQ/5QlAh6vvd3N+b7UPeu 4T1ekNO1YtrmHY=; b=TnHG31CpiOjDeRJYpSfC1n29GOZ7deFd7fp7b9H26U/Hi 6ulGSB0jy7fSt1RdFpW8ANpVqlB25F3XK+xPPDlXPEGUddnYcBeLV9SQN+dxWaGF uC1FXMNWERECyHihNuvrh11tXg6rx5HNVMX2UHozQG/hHK0my4nlvER71v2UYICE +Kejq/PFyGktRbX4aD8rHYtPYRKTX4HpnoaZ6hD6T54XfmcLJ/ixI2CO7vHp4+fc 76MP9ChuINIn76njgxeuqJwRAyBMYl/yFtpScsKKgmk33sHrOapETfryHjTPQPiW lFV+Vj4m51c4tzYZbYKWQulKZRe3fHNwc1dASBfIg==
X-ME-Sender: <xms:WLFaYNbnL_YzwLvlHW_6Ucxh3EJmBmeR8dlgtz_r_uRnr3m-isx1Xg> <xme:WLFaYEYW7nFI7VgdAA7qBXy5Nj18vqeseCVcqZ79Qxrm701hphroJY3sOpmfyHTab pyleXeysWkJ-NKsR4s>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudegjedgheelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgoufhushhpvggtthffohhmrghinhculdegledmne cujfgurhepofgfggfkfffhvffutgesthdtredtreertdenucfhrhhomhepfdforghrthhi nhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecuggftrf grthhtvghrnhepveeuheefiedukeefkeefjefhleehfeekgeejteeggffglefhtefgtdef geejgeegnecuffhomhgrihhnpehgohhoghhlvgdrtghomhenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhn vght
X-ME-Proxy: <xmx:WLFaYP-3Sp4tonHx4rDULt2tMTMVBhB9Ssknfbr1hkIE1-BtV91sJw> <xmx:WLFaYLrdFo0cCUcwitZfHnk4-O6fz_7oDMC_mTPDo8rf3JsRDJmw2Q> <xmx:WLFaYIpIrY3iZ-I2ClLUXCugLgMGEp8P48H84qoqA7dvAUY_8vTBvA> <xmx:WbFaYF03aXUrxdCy09VFeqQRsABIp2uH9WiFgULUowuszOSZbpX9lg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C0B2E4E0132; Tue, 23 Mar 2021 23:26:16 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-273-g8500d2492d-fm-20210323.002-g8500d249
Mime-Version: 1.0
Message-Id: <267ea876-66d9-40f6-a588-7df127519155@www.fastmail.com>
Date: Wed, 24 Mar 2021 14:25:56 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Analysis of version negotiation
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/jmFaRV5UelEOXE9hiAzApA7HLxU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 03:26:24 -0000
Hey everyone, https://docs.google.com/document/d/1HXu7LoMP8Z30JkHyMOuVOtG5W9AFOQtsL8vuSbFxXUw/edit?usp=sharing is my crude attempt at an analysis of the security of the version negotiation draft, including some suggestions that might make the protocol more efficient. I will you reach your own conclusion, but I found some cuts that can be made in the design. Not as many as I expected originally though. I did just realize that an entire component can come out, but I haven't edited it out yet; I'll leave that in case others disagree with my assessment there. It's long and complicated, sadly. That's the one thing that I might regret most about the decision to defer solving this problem properly in the first place. In any case, I hope that this is a useful contribution to the discussion. Cheers, Martin
- Analysis of version negotiation Martin Thomson
- Re: Analysis of version negotiation Martin Thomson
- Re: Analysis of version negotiation Kazuho Oku