Re: Enforcement of minimum size of the Initial server packets

Christian Huitema <huitema@huitema.net> Tue, 15 December 2020 05:51 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B22C3A0A29 for <quic@ietfa.amsl.com>; Mon, 14 Dec 2020 21:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.011
X-Spam-Level:
X-Spam-Status: No, score=0.011 tagged_above=-999 required=5 tests=[NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UgTdjBhK8_L for <quic@ietfa.amsl.com>; Mon, 14 Dec 2020 21:51:40 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071533A0A21 for <quic@ietf.org>; Mon, 14 Dec 2020 21:51:39 -0800 (PST)
Received: from xse101.mail2web.com ([66.113.196.101] helo=xse.mail2web.com) by mx136.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kp3FH-000KFl-6j for quic@ietf.org; Tue, 15 Dec 2020 06:51:36 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4Cw6ny59LnzTQm for <quic@ietf.org>; Mon, 14 Dec 2020 21:51:34 -0800 (PST)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kp3FG-0002N5-Ja for quic@ietf.org; Mon, 14 Dec 2020 21:51:34 -0800
Received: (qmail 28573 invoked from network); 15 Dec 2020 05:58:47 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.43.253]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 15 Dec 2020 05:58:47 -0000
Subject: Re: Enforcement of minimum size of the Initial server packets
To: Martin Thomson <mt@lowentropy.net>, quic@ietf.org
References: <295cf8bf-ac2b-e116-73b0-c364f3917474@huitema.net> <75a39294-7882-4cec-9f1c-ff665b06cb52@www.fastmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <c1dd6f76-3953-c44b-7dc4-884a689a91dc@huitema.net>
Date: Mon, 14 Dec 2020 21:51:33 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <75a39294-7882-4cec-9f1c-ff665b06cb52@www.fastmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: 66.113.196.101
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.101/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.101/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x6h2yQpzTslcOqazQkKtAFKj/EwzSHE5FGYwwjsNRPCMQk 66Vu1kq88Lj5xK2PZsnmD6wdmZPcItWbGe10hXJtyz/MWLF6jnm7fdxjsJMmvxOMEZrAzcbOYTBU Hb9yjjUYFoLz2NZcguRHblw+ZN9KE5LN1n8YXzQY0mQUNzTGAwCyMkrqOaHyAipaXQfAHlJH3v3Q 7PQeNoNQjwiv3IhNPpDsdaHHqGG7YXgprtn5XLToE7g5LY8o1a6sSJrLl3xdARnv/HGR54G9CHRY hyVqYO/Ae1h1hLGGi4ebv387hThA9A+LrmkGouiRB8qN/5RbHDa6yUUKFnWNneAcuva3BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEJRQ2qC7jjynPIHPNqSn4 QTXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7jZ1h/HfDRQ5Ig8VhPsPE8NQ/T3Op6Um662jkOH4Bxha9PVglyn2M1Ne3VuFRksqHzx FICOvNaKixd/6tiHJgrA2JUne37EdXOqrRyXv4wznjA08FLvVADy8LB0Htmu5lw11lqdy1V/0aEk MCdb3YpWUo4/+EUytKrR9Md9I2Rs12dbay1uBmcjbmCY3bWMBYRPCC/cRgvQKtcrMMueERx3USUv /kqk+HSX8N9n9PvNfFsVYsKIuuJFtFJVVKeiSTeIaIzNoZzswxuMaWjBAlpwQKAF9rx7E/FOOo0H C4C4+PUf9oDBqtClgM5jH/om1Q5UomG0v+rwIiID/kwKc8V5Tj9+FRkaOS/DNjANmb8tO61SbYdY AwdpaVzHW7wHO7YhEWyJzIkwSFAW0Pw8uiKeubcolFl/rX+2ReQklqJDASQX2Id+W5hjJNcdGs0+ iHjXODmj5PX/tZQU3bYnWKpb
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nTgjVgjEZlye0uQ_Y5ZoBk3i8MY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 05:51:41 -0000

On 12/14/2020 9:23 PM, Martin Thomson wrote:

> Enforcement of that sort isn't permitted:
>
>> QUIC sometimes requires datagrams to be no smaller than a certain size; see Section 8.1 as an example. However, the size of a datagram is not authenticated. That is, if an endpoint receives a datagram of a certain size, it cannot know that the sender sent the datagram at the same size. Therefore, an endpoint MUST NOT close a connection when it receives a datagram that does not meet size constraints; the endpoint MAY however discard such datagrams.
> -- https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#section-14-7
>
> When you combine that with not being able to tell (a priori) whether a packet requires padding, that means that clients can't really be expected to enforce this rule.

Agreed. I guess I can write extra code to inspect Initial packets that 
are shorter than the expected size, and then ignore them rather than 
processing them if they contain a frame that requires acknowledgements. 
But that's probably the kind of checks that should only be used when 
debugging...

-- Christian Huitema

>
> On Tue, Dec 15, 2020, at 16:18, Christian Huitema wrote:
>> The transport spec says in section 14.1 that "a server MUST expand the
>> payload of all UDP datagrams carrying ack-eliciting Initial packets to
>> at least the smallest allowed maximum datagram size of 1200 bytes." My
>> question is, how do we expect clients to enforce that? If clients
>> blindly reject server initial packets that are less than 1200 bytes
>> long, they will miss those server initial packets that are not
>> ack-eliciting, such as packets that contains only acknowledgements or
>> connection_close frames. But if clients wait until the packet is parsed
>> to discover that it was ack-eliciting, the only remedy if they find that
>> the packet is too short is to close the connection with protocol
>> violation error. Is that the expected behavior?
>>
>> -- Christian Huitema
>>
>>