Re: Asymmetric CIDs

Christian Huitema <huitema@huitema.net> Fri, 16 February 2018 22:10 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2CB1200F1 for <quic@ietfa.amsl.com>; Fri, 16 Feb 2018 14:10:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyhElnG28KYj for <quic@ietfa.amsl.com>; Fri, 16 Feb 2018 14:10:35 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145EA12008A for <quic@ietf.org>; Fri, 16 Feb 2018 14:10:35 -0800 (PST)
Received: from xsmtp02.mail2web.com ([168.144.250.215]) by mx5.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1emoD9-0001MG-Ki for quic@ietf.org; Fri, 16 Feb 2018 23:10:32 +0100
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1emoD3-0006Zt-2g for quic@ietf.org; Fri, 16 Feb 2018 17:10:29 -0500
Received: (qmail 27664 invoked from network); 16 Feb 2018 22:10:22 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.56.42.15]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ekr@rtfm.com>; 16 Feb 2018 22:10:22 -0000
To: Roberto Peon <fenix@fb.com>, Martin Duke <martin.h.duke@gmail.com>
Cc: Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBMVabN9LQ42BxpSwK71hzu_TbzwqhHTJV1uJBKr5g-N3A@mail.gmail.com> <CAKcm_gOvf0N7sq2so38sQaD+2jHGnDpsSQHEwU8HPgSpMJRfzA@mail.gmail.com> <CAM4esxQW1-dVfJSi4zoURNV-7u0EP6h-Xdyx5Wbo0QMdrkLk=w@mail.gmail.com> <AA0705E2-7A79-47DD-846A-C0B74A8A4B24@huitema.net> <D7E469CD-B9D8-41ED-8F5C-9933DCBA90E6@fb.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <4282f0ed-1b0e-3b18-598f-4385481ebd86@huitema.net>
Date: Fri, 16 Feb 2018 14:10:04 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <D7E469CD-B9D8-41ED-8F5C-9933DCBA90E6@fb.com>
Content-Type: multipart/alternative; boundary="------------12AF80F802C4B4267D03B2AD"
Content-Language: en-US
Subject: Re: Asymmetric CIDs
X-Originating-IP: 168.144.250.215
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.24)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5ncpEkrEtdEgkZbOKdC6dWp602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiVizblJ3W8r5WS83P3m1qokdc7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBIHx9JssK7pObMLBvND2dCPvRa7MR4hgRIg8N 1QlY4G7x1YBTEs55LirRLgpsvCFtid7SQi4NE/job5y2wAN3GZxznd8NXwc/vKJtfZaXo5QAJAfA 9MMVcQ9WVjD1q+Rbd9IPG/DQ2p+GU04sTuYFs91jhnM/Mbva2XLV/LIEzaKyLm0zESXAkIAT8ZKA DvsGI5uh86ZVnyOrYkLMWyEaRt9fxN2oReTDHAyOynaY0ClKHhIXfDbmhz3DoftFSAfVIRFsicyJ MEhQFtD8PLoiniWmsFByBoXAuCZEyg59LM81CaOu2xwDQxDsUgSvK+nIDy+yhRvBV7fdCR4x+Vz4 E4FIt+dZfSoAQwUdaubYy98KL9XPdPGScVe8FmIoRTyA3ll/MP5CnqUbQTCeIeRykmj55Nl155o2 Oe/0FuVZZmVzxAG+DjqL5QSEyTpqxgd+hoJiRUJS+7Nru8G8qObMBABriH3x3J15D78KylFpBEO/ SWpFaZhl6XgNy1goGNwkD/7Rwl5fb+U9Gl2IOh9znujQvrMxarlENT5/SCJnk5HQ+XNr4QUyZNz0 uLvRKYxZQqF/LoUsSniF4plClx3amZu7g1G85g3tpmOSnw4/exoERpFEqF2lExBUp1VMiBudqf56 vTMbt2qnAITT5tZcBzF9mE6flINXEXJL2r3PrBjLoydbuOy1i9SfmYgxBbq3mdySlZou9qHIGOZD EEo7O+Pd3ebmKuucUVzXcVqfEwQXQ+sESjyASrM/THMyWUoiolU4x0KD113J1SYnBP2uKg==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/y-LnWIheOjSwpKa7pdve5L0Yi5Q>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 22:10:37 -0000

To be explicit, I am concerned by the following scenario:

1) Client sends a PATH CHALLENGE to server from a new client address
with never-seen-before connection ID, obtained previously in NEW
CONNECTION ID frame from server

2) Server respond by sending reply to new address with
previously-negotiated-and-used CID of client.

3) Instant linkage.

The key is of course that the server picks a different CID to respond to
the migration, normally in a NEW CONNECTION ID frame.


On 2/16/2018 10:25 AM, Roberto Peon wrote:
>
> ++ what Christian says.
> The fact that it now takes two implementations to prevent linkability
> (either side messes it up, and that half-path is exposed, likely
> rendering it all exposed) is a bit sad.
>
> -=R
>
>  
>
>  
>
> *From: *QUIC <quic-bounces@ietf.org> on behalf of Christian Huitema
> <huitema@huitema.net>
> *Date: *Friday, February 16, 2018 at 10:16 AM
> *To: *Martin Duke <martin.h.duke@gmail.com>
> *Cc: *Ian Swett <ianswett@google.com>om>, IETF QUIC WG <quic@ietf.org>rg>,
> Eric Rescorla <ekr@rtfm.com>
> *Subject: *Re: Asymmetric CIDs
>
>  
>
> I like the concept, but I would like to understand how we avoid
> linkability on migration.
>
> -- Christian Huitema 
>