IETF Logo Mail Archive

Re: Version Ossification: Intended Scope for QUICv1

"Martin Thomson" <mt@lowentropy.net> Tue, 05 November 2019 01:58 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAB3912000F for <quic@ietfa.amsl.com>; Mon, 4 Nov 2019 17:58:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gfgUjtNT; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=yFgNJbe0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mf7q1n9O2XVj for <quic@ietfa.amsl.com>; Mon, 4 Nov 2019 17:58:28 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 989DD12003E for <quic@ietf.org>; Mon, 4 Nov 2019 17:58:28 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id D33C622017; Mon, 4 Nov 2019 20:58:27 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Mon, 04 Nov 2019 20:58:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm3; bh=n7S6rtgjmQSpL1vVFzzLqtHNoP01 Y/OyjE/sIYU4vf0=; b=gfgUjtNTkXXXVCkQ7SSd09/MAyskDzZI/gu15aX4w43P u/JxiZcR23ZHPhnNXCMmFCQ81JKgWbz3VCnliyt3r2FqTIRa9tXjii+CwShjV3Nw ja1OEB6NmKuROEJW+FXar4MJ18hTQB81zxRrB+lKVxq6gtN1wmVL5zKA97aaS4Ly ZEwsCm/uXzF22fg0c8fMO8lGiqH3CSPEmUU+paekXOCAEdgovte3/a44R/+AmO5P FjyNUJlKSURjaIWPYZ/sPIF/iS7Lljohul90thdt5MkHN/bbtT05/nfUhpJj+cbO DwScwnMBQBnQ6E9M6ti3N/jy8XOH1nHh26IO+o3hIA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=n7S6rt gjmQSpL1vVFzzLqtHNoP01Y/OyjE/sIYU4vf0=; b=yFgNJbe0OkjVLUYqDoO7Ck RU3LMr2LGfGSyLlAH45lGDSg0QHD3zgdSZr44nKl3j1Ct9OjZ2w6+Hnah5TgH8c/ rM/gLaQ+ZQgqmkvhsKQqiangx3I0w/Kzq4r+Pna+ARVGBSmRXa/mIe2HXDMPhSVv iuCYvXc5l4KPIS8vLPPO2TtQx4pRp7wIC8YixLtU6w7q93X1+tNwvT7LszAZOL3i IyyqLFDOvGNQBijDaagncwkLusq4I37Z23pssvwJ9t+EhoRmrQbX3zC2wrkNj86/ cMbOKyNah1Y5VEBSff81tuoU8ew5KXITEz0n/qUTdHz/vJs2hFQqTWLxlP6mWYGA ==
X-ME-Sender: <xms:Q9fAXZ7cfn4oU0xZ43z0xDG37zoVgyPJ79A9wSEXMdtVNrhnTGL2dw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddugedggeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecurf grrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtnecuvehl uhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:Q9fAXSAJXqJsfp2WHyBazG35a3K-GaKBWmwyrDywWdtputBJj6ASvA> <xmx:Q9fAXV29RvIQpYDYaeANorRUkIvajSL7yYXXNRvhVmfdetufOKrwpg> <xmx:Q9fAXR_uQe7Z3WqulsAKDkbmT42n2BmjRh0nrKzGaX9k2n_hoG6aXw> <xmx:Q9fAXb9tGnNs-ct1va_5qqv7M0d7yecE_sGVoXMYuQ8hx67CegJVmA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 723C0E00A3; Mon, 4 Nov 2019 20:58:27 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-509-ge3ec61c-fmstable-20191030v1
Mime-Version: 1.0
Message-Id: <d5c3b4d3-2202-41d7-9ebe-3541ceec1b78@www.fastmail.com>
In-Reply-To: <CACpbDcci5R7Szti7LbpH7GEm9jT2fP_Jz99Mx-bBcSe8RT43cQ@mail.gmail.com>
References: <CAPDSy+6E79OySoOLbJ8eWp0J-+3yeB5iGvj6sW19bEDn_V7-NA@mail.gmail.com> <CANatvzzaWFgrvnaV=VeZRAVvxqSBeMSZT5aMUu7-Vh9raeZJFw@mail.gmail.com> <BN6PR2201MB1700184D81061E2CBFD77BFBDA620@BN6PR2201MB1700.namprd22.prod.outlook.com> <e24ecddd-139d-4669-be96-b3de57557c4e@www.fastmail.com> <CACpbDcci5R7Szti7LbpH7GEm9jT2fP_Jz99Mx-bBcSe8RT43cQ@mail.gmail.com>
Date: Tue, 05 Nov 2019 12:58:08 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Jana Iyengar <jri.ietf@gmail.com>
Cc: QUIC WG <quic@ietf.org>
Subject: Re: Version Ossification: Intended Scope for QUICv1
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/uNVtwE6ymBx-h17w55RUAzXERbc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 01:58:30 -0000

On Tue, Nov 5, 2019, at 12:23, Jana Iyengar wrote:
> On Sun, Nov 3, 2019 at 1:46 PM Martin Thomson <mt@lowentropy.net> wrote:
> > Why can't servers just bake the "keys" into binaries? I mean, that's not something that is likely to get lost. And it isn't really the case that keys need to be secret, they just have to change often enough to frustrate attempts to fixate on them.
> 
> This is a fine idea, but how does it change anything? Whenever the keys 
> are rotated at the server, you would still have to deal with old 
> versions appearing at the server, no?

I'm assuming that you can a) limit the time over which a token could appear, b) use a key identifier so that keys can be changed, and c) keep old keys in the code until the associated tokens are all expired.

v2.23.0 | Report a Bug | By Email