A few cases of use of normative language... #1670
Comments
martinthomson
added
editorial
This is entirely correct. This is based on the expectation that a sender is aware of the source address that is assigned to packets they generate. I realize that certain hosts don't work this way (Windows XP is my last experience of this particular surprising behaviour; folks at Microsoft called it weak host), but the requirement is intentional. If an endpoint can't guarantee this, then it will be exposing itself to linkability in surprising ways.
Yeah, that's a case of overzealous application of 2119.
Yes, but we can't defend against that attack, and don't claim that we do. What this prevents is an attacker bouncing you around. They get one shot. Kazuho has suggested that some implementations might choose to explore the entire state space of packets offered prior to the handshake. That is, forking the stack state in response to each packet received, and only keeping the fork that completes successfully. That view hasn't been very popular, probably because it's pretty complex, so I think that the MUST is appropriate. Anyone choosing to do the other thing isn't likely to be dissuaded by a MUST in a spec. You might argue that this is a SHOULD instead, or that normative language is inappropriate. I don't think that helps, because we would have to consider the alternatives more thoroughly. |
Sec "Connection ID" says
"Each connection ID MUST be used on only one local address."
Not sure if that is a valid MUST because that may not be guaranteed by the lower layer.
Sec "Client Packet Handling" says
"Packets that don't match an existing
connection MAY be discarded."
Why is that a MAY?
Sec "Handling Version Negotiation Packets"
"Similarly, a client MUST ignore a Version Negotiation
packet if it has already received and acted on a Version Negotiation
packet."
Is that correct? An attcker should send an invalid VN packet first. Wouldn't it help to react to at least a few?
The text was updated successfully, but these errors were encountered: