RE: Connection IDs
Mike Bishop <mbishop@evequefou.be> Wed, 07 March 2018 20:35 UTC
Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37FA1129C6B for <quic@ietfa.amsl.com>; Wed, 7 Mar 2018 12:35:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlonTLY8_3lw for <quic@ietfa.amsl.com>; Wed, 7 Mar 2018 12:35:27 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0106.outbound.protection.outlook.com [104.47.37.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18590126B6D for <quic@ietf.org>; Wed, 7 Mar 2018 12:35:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WUKX+z+SsU8pRuQBbH1oBTbbj0f7/VdZ3gb9zcqRM50=; b=mtatXjktYiMZTqUhH48kTLqfz/cHXoekvpFRprEJiMotHrKGyaIzJvu76Aj4XtCBh8Txhwe+kwXFv4ma/5fW3AVgz78z9JlPXmtHWCIS+1x1YGm7rhNzuEzcRiiCkMXul5AGuJKizWCNdILiw1w4OJVtDw1giBdxgkviMSUYHiU=
Received: from SN1PR08MB1854.namprd08.prod.outlook.com (10.169.39.8) by SN1PR08MB1693.namprd08.prod.outlook.com (10.162.133.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 7 Mar 2018 20:35:22 +0000
Received: from SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9]) by SN1PR08MB1854.namprd08.prod.outlook.com ([fe80::b057:7190:752f:8cb9%13]) with mapi id 15.20.0548.016; Wed, 7 Mar 2018 20:35:22 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Subodh Iyengar <subodh@fb.com>, Martin Thomson <martin.thomson@gmail.com>, Jana Iyengar <jri.ietf@gmail.com>
CC: Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>
Subject: RE: Connection IDs
Thread-Topic: Connection IDs
Thread-Index: AQHTtCUWJQiKbou2DEOKhpOYpJ49XqPBnREAgAAPfICAALkxgIAC1QgAgAACE4CAAAFmEA==
Date: Wed, 07 Mar 2018 20:35:22 +0000
Message-ID: <SN1PR08MB1854C45248CD637877C50FACDAD80@SN1PR08MB1854.namprd08.prod.outlook.com>
References: <CABkgnnVSCnmzjWOZwQM+ctTxFXVzsVYe6Q3Zzk4yj3LNTYUtHw@mail.gmail.com> <CAOdDvNo9qmZqmEXBGM4bM6q3EO1FGuUxLSSWsVhNEYsn5u9puQ@mail.gmail.com> <CAKcm_gMR070JUegQbDw--RNr+0XYiBMwaTM3MBmqUo21u922TQ@mail.gmail.com> <CACpbDccpuNWnX=Y+gKaPxLEjUOnvu+hr9FqH+R6ZspwOfUq-qg@mail.gmail.com>, <CABkgnnUPJYG-QE4qxfOd-6AoHHgxVq4K=EyRfoxkcvdDF=oaZA@mail.gmail.com> <MWHPR15MB18215C39DCB3DC5398778EC6B6D80@MWHPR15MB1821.namprd15.prod.outlook.com>
In-Reply-To: <MWHPR15MB18215C39DCB3DC5398778EC6B6D80@MWHPR15MB1821.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [72.246.199.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN1PR08MB1693; 7:Wf32u9BfQYky3G55zfzutMv2gryyMZ2I/6cNNFaJt0Dyyrh9IfDAPr87apj8e/JPFrdEfswQp6pbj+wIFAe+XNCt2/+rgbK3RsR15GJBlzU3/V7JZHF9zLUwQ8IFIUImrYm4oxRffrnnE0s/Xmv/gDALBbt2JnKRdmaQzvb4eAKmaqwJ+YYhk00jJuykNillJJm3C7Tp+wsNQ2A+yuxqXaVRgoecKelqqSFKvRDbqZDuVgBlv/bT6ZUyM5IAvVaS
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 30c950b7-073d-4950-5cc5-08d5846af31d
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:SN1PR08MB1693;
x-ms-traffictypediagnostic: SN1PR08MB1693:
x-microsoft-antispam-prvs: <SN1PR08MB1693E573699F96D171F009F1DAD80@SN1PR08MB1693.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(10436049006162)(166708455590820)(85827821059158)(211936372134217)(153496737603132)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231220)(944501244)(52105095)(3002001)(10201501046)(6041288)(2016111802025)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(6072148)(6043046)(201708071742011); SRVR:SN1PR08MB1693; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1693;
x-forefront-prvs: 0604AFA86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39830400003)(366004)(39380400002)(189003)(199004)(3660700001)(478600001)(97736004)(7696005)(39060400002)(106356001)(575784001)(86362001)(102836004)(6246003)(74316002)(316002)(2906002)(33656002)(6436002)(68736007)(3846002)(59450400001)(14454004)(6116002)(790700001)(105586002)(53936002)(55016002)(236005)(9686003)(606006)(5250100002)(54896002)(19609705001)(76176011)(6306002)(53546011)(6506007)(966005)(7736002)(3480700004)(93886005)(66066001)(8936002)(2950100002)(3280700002)(54906003)(8676002)(4326008)(186003)(2900100001)(25786009)(229853002)(26005)(110136005)(221733001)(7116003)(81156014)(5660300001)(74482002)(81166006)(99286004); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR08MB1693; H:SN1PR08MB1854.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 4scgGA6B1DyWnJnEdPpXdPxIQbY5+UKhqvoWChJPiGba6W1jLg8VRn4hKvkyO9FEP3GdaM9OnnAyBzkj46i7vdPbT13BHbJIgQXboZgV0T5EpMW6C17mXmurXmwIxtO1TvOeXcR0eTSJ9/8mcvR6vX0LEJrzdEbGNhSPdYwnbW79KFlVb3xDnhmUwln8OYDwZhI6m/51ms7FkGgX7e6Ik2QpIUHEkOLbl7HI3G/cctbJBAhxbXaOw15oaGHttt3cZtvKh6jI4UtDkhxz91rqtRoHa1XAnLAiTwowrgXfDZ/Dj+zqGIT+x4sy6oeg0vkLG6xwYi0llTBxjYPLyPkPkw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR08MB1854C45248CD637877C50FACDAD80SN1PR08MB1854namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 30c950b7-073d-4950-5cc5-08d5846af31d
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2018 20:35:22.1418 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1693
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/pn1y12WLVeNX0Sq2kb69xYqpmJU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 20:35:30 -0000
I think Christian's concerns were addressed. Language was added to require that if you see a CID change, you also need to move to the next CID you have available. An issue was opened to track the "what if you run out?" question. There was briefly language added saying that if you see the peer change addresses without changing CIDs, you should change CIDs for them. However, if we do that, an on-path attacker can start rewriting source addresses on packets to drain your pool of allocated CIDs and force you into the newly-opened issue. However, Christian should confirm whether these resolve his concerns. From: QUIC [mailto:quic-bounces@ietf.org] On Behalf Of Subodh Iyengar Sent: Wednesday, March 7, 2018 12:26 PM To: Martin Thomson <martin.thomson@gmail.com>; Jana Iyengar <jri.ietf@gmail.com> Cc: Ian Swett <ianswett@google.com>; IETF QUIC WG <quic@ietf.org>; Patrick McManus <pmcmanus@mozilla.com> Subject: Re: Connection IDs Unsurprisingly I am positive on the direction of this as well and the PR looks good to me Note: I do not work for mozilla or google :), but was a part of the connid design IIRC there was one unresolved question by Christian about both clients and servers needing to change the connids to enforce linkability, was that resolved? Subodh ________________________________ From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> on behalf of Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> Sent: Wednesday, March 7, 2018 12:19:02 PM To: Jana Iyengar Cc: IETF QUIC WG; Patrick McManus; Ian Swett Subject: Re: Connection IDs Just to add to this and bring this list up to speed... Ian opened https://github.com/quicwg/base-drafts/issue/1166 which suggests moving the Version field into a fixed location. To that end: https://github.com/quicwg/base-drafts/pull/1167 Does anyone have anything more to add (perhaps someone who does not work for Mozilla or Google) here? The feedback I've received is overwhelmingly positive thus far and my hope is to merge this ahead of the editors starting an extended editing session next week. On Tue, Mar 6, 2018 at 12:04 PM, Jana Iyengar <jri.ietf@gmail.com<mailto:jri.ietf@gmail.com>> wrote: > +1 to this is the direction we're all converging on. > > On Mon, Mar 5, 2018 at 6:01 AM, Ian Swett > <ianswett=40google.com@dmarc.ietf.org<mailto:ianswett=40google.com@dmarc.ietf.org>> wrote: >> >> Agreed, I unsurprisingly think this is the right direction. >> >> >> On Mon, Mar 5, 2018 at 8:05 AM Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>> >> wrote: >>> >>> big picture this is good. >>> >>> On Sun, Mar 4, 2018 at 8:54 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> >>> wrote: >>>> >>>> I've written up a PR that enacts the changes suggested by the design >>>> team [1]. >>>> >>>> https://github.com/quicwg/base-drafts/pull/1151 >>>> >>>> This adds two connection IDs to the long header. An explicit length >>>> is added for each. >>>> >>>> The short header includes the raw connection ID without any C bit or >>>> length. >>>> >>>> I've tried to explain the limitations of the design where they apply. >>>> That includes stateless reset. >>>> >>>> This PR necessarily includes some choices about less critical aspects, >>>> such as how connection ID lengths are encoded. I ask that you try to >>>> separate objections about minor issues like this from more serious >>>> structural concerns. I'm happy to discuss details, but I'm most >>>> interested in whether this is broadly the right direction first. >>>> >>>> Cheers, >>>> Martin >>>> >>>> p.s., happy draft submission deadline day >>>> >>>> [1] >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_quic_l-5Fb1NnBmQpQGCxCfQteOMkft-2DlE&d=DwIBaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=tfbg3BLo-IK9aUKrHNiK-A7EBi5XuVtoq9cZsYYBwbA&s=50Q1gLhlSOcRuTmcpkgAnBusZim2NElvKAFN6IIX2Ec&e= >>>> >>> >
- Connection IDs Martin Thomson
- Re: Connection IDs Eric Rescorla
- Re: Connection IDs Patrick McManus
- Re: Connection IDs Ian Swett
- Re: Connection IDs Jana Iyengar
- Re: Connection IDs Martin Thomson
- Re: Connection IDs Subodh Iyengar
- RE: Connection IDs Nick Banks
- RE: Connection IDs Mike Bishop
- RE: Connection IDs Mike Bishop
- Re: Connection IDs Jana Iyengar
- Re: Connection IDs Martin Thomson
- RE: Connection IDs Lubashev, Igor
- Re: Connection IDs Christian Huitema
- Re: Connection IDs Gorry Fairhurst
- Re: Connection IDs Rui Paulo
- Re: Connection IDs Mikkel Fahnøe Jørgensen
- Re: Connection IDs Patrick McManus
- Re: Connection IDs Ian Swett
- Re: Connection IDs Subodh Iyengar
- Re: Connection IDs Jana Iyengar
- Re: Connection IDs Mikkel Fahnøe Jørgensen