IETF Logo Mail Archive

Re: Invariants draft

Martin Thomson <martin.thomson@gmail.com> Wed, 06 December 2017 21:01 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 116701270A3 for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 13:01:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1H8C8uk3u6Td for <quic@ietfa.amsl.com>; Wed, 6 Dec 2017 13:01:55 -0800 (PST)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADA5E126CF9 for <quic@ietf.org>; Wed, 6 Dec 2017 13:01:55 -0800 (PST)
Received: by mail-oi0-x22e.google.com with SMTP id f69so3498997oig.10 for <quic@ietf.org>; Wed, 06 Dec 2017 13:01:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LZP/vBi5XwZBbnqkPcLP73V2MhBy4kOOrC1Y34GE4co=; b=RXpsJHXFn5LdL77BNc7dmKwPaP8IvYadzXJ7e05EW05aNHVPvStveR1qd9gND33Y3e 5XX9Z6pCHXTXkdXN2wXz9vMmnDN8e7htqCdl1SR0AaFjar1X8UPRN6yuiURzk5ktX/uC m2nemKpvvC9Y5gs0ksXqVFdlPxcWAF8MUNhHio8jFpUgJd4aop/RBve8aWMRLYEwUP83 NUKKyja3yaXJCJ/zgeUEMAqSGk1X30VlInNFM2pKyNFWQX2WPGtI+P3SjrQIwgMp10fQ CBVLsVhXTaiq1/QAL/Wx6nPqLQCsfG/7f08ihzLcO2VgfR0BOUqGww+GNNe6FZgfLS5e MBqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LZP/vBi5XwZBbnqkPcLP73V2MhBy4kOOrC1Y34GE4co=; b=Y2mxp1xcrxdVFs4iYFaP16FSj8pYXW4XhjMJ4ZdIS/UpP5LEtrFjHm5iZZHnnKZvZv 3c6skLRELbt/mxN8HgXmDtQuPG8oxaRpioRrtdpEoVq31v7QxA6j2locPIni1BfA36ts A8ehM5JfPsiVZIgS/vVCgW6JsSuio4KmDPeHYSs05/6VFh6DeLP7tlyyb7bHbakYVXy3 UbA81jgFVaKDJ1K0h2BvaUiFhGqs9/xObCrHWuPYhDGAjUCK5syJQ+zGo+Cli+PzkPi2 azMPvz1zDY6JzWp6tFZFK0pZYo+utsuPY+Al4bBdaYPH04UN2ZihRo10w4f9xQE0n+/h zR1A==
X-Gm-Message-State: AJaThX4j93ooYWh4gTxOBxxytnsTdCB8XN2KvJbCCyorIPJKaO1k8iqC hADmUyOdhRt5eF0CNbZ2YcFkBNuYryHTWUif02Y=
X-Google-Smtp-Source: AGs4zMbPEpxdjzkK02jxKtvsWG8gUPcGtMgo06DeP0wJpXgOYDEurXx6G2OFJaHQQVOSTck4asoE10/vZawJ0EsRnXY=
X-Received: by 10.202.166.206 with SMTP id t75mr21327642oij.28.1512594114959; Wed, 06 Dec 2017 13:01:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.8.11 with HTTP; Wed, 6 Dec 2017 13:01:54 -0800 (PST)
In-Reply-To: <CAKKJt-eQJgboaQowAPQ6FZ5fwjg4ROpj77+fe-E4v0NKXgK1nA@mail.gmail.com>
References: <CABkgnnVr7jQ2=fFM+OOgk0-=Fseze8fT3xwWBOj-4CWTOtbq1Q@mail.gmail.com> <6E58094ECC8D8344914996DAD28F1CCD851F75@DGGEMM506-MBS.china.huawei.com> <CAKKJt-eQJgboaQowAPQ6FZ5fwjg4ROpj77+fe-E4v0NKXgK1nA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 07 Dec 2017 08:01:54 +1100
Message-ID: <CABkgnnU0D6r87frvbM+zh02wiEFrQDXzF1mFJhKu1bSGGiXs5g@mail.gmail.com>
Subject: Re: Invariants draft
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: Roni Even <roni.even@huawei.com>, QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/lFCPB_-o0MVye0EdVgcxDJo2Nzs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 21:01:57 -0000

On Thu, Dec 7, 2017 at 6:56 AM, Spencer Dawkins at IETF
<spencerdawkins.ietf@gmail.com> wrote:
> IIUC Roni's suggestion, I'm thinking that it's also worth adding information
> about why these invariants are invariant, in case we ever start arguing
> about taking an invariant away.

I can appreciate the desire for more detail, though the headline is
already there: we want to preserve the ability to deploy a new version
of QUIC.  The piece that is perhaps missing is one that Jana convinced
me to remove, namely the reasons for connection ID being in the draft.
Some of that is in the section on connection ID.

> I can easily imagine that some creative security person will, some day,
> think of some way that one of these invariants can be exploited to tell a
> third party something that the two endpoints didn't intend to share. If
> (when?) that happens, it would be good to have a clear understanding of the
> value of any invariant that's questioned, so we don't have to agree on that
> while we're trying to decide what to do, after an exploit is identified.

I worry less about exploitation of the invariants, but of the
not-invariants that we inadvertently expose by virtue of only
deploying a limited number of versions.  All the stuff in the
appendix, basically.  And that is a list that I wish were shorter.

v2.23.0 | Report a Bug | By Email