ICID or OCID? #2926

mikkelfj · 2019-07-23T10:40:22Z

End of section 18, transport

A client MUST NOT include an original connection ID, a stateless reset token, or a preferred address. A server MUST treat receipt of any of these transport parameters as a connection error of type TRANSPORT_PARAMETER_ERROR.

It seems the term is "initial connection ID" not "original connection ID", at least I can't find it defined anywhere in transport.

MikeBishop · 2019-08-13T15:27:09Z

Two different things, but you're probably right that they should both be explicitly defined:

The "Original destination connection ID" is the DCID used in the client's very first Initial packet. If the server responded with a Retry, the server needs to:
- include the ODCID in the Retry packet to verify the Retry packet came from something on-path
- include the ODCID in the eventual handshake's transport parameters to verify that the Retry packet originated from the server or something cooperating with it, not a MITM
The "Initial connection ID" is the DCID used in the client's Initial packet to which the server responded with an Initial. This CID determines the keys used for Initial packets throughout the handshake. (But see Do Initial secrets change after Retry packet? #2823.) This CID might have been server-chosen (from a Retry) or client-chosen (no Retry).

If there's no Retry packet, they refer to the same CID, but I don't think there's a reference to the ODCID outside the context of a Retry.

martinthomson · 2019-10-22T22:24:44Z

I think that we already concluded this in #3011.

MikeBishop · 2019-10-24T19:42:48Z

This is a separate issue, about definition of these terms; #3011 is about whether these need to be separate concepts depending on the outcome of other issues.

@mikkelfj notes that the term "original connection ID" appears only to say that a client MUST NOT send one, and that literal string appears nowhere else in the document except the changelog. This refers to the transport parameter original_connection_id, whose definition matches the description of the "Original Destination Connection ID" field in Retry and references Retry, but doesn't use that term.

I'd suggest using the names of the prohibited TPs in stating the client restriction, and referencing the "Original Destination Connection ID" field by name from the TP definition.

mnot added -transport editorial An issue that does not affect the design of the protocol; does not require consensus. labels Aug 6, 2019

mnot added this to Editorial Issues in Late Stage Processing Aug 6, 2019

MikeBishop mentioned this issue Aug 13, 2019

Initial secrets do not change after Retry #2878

Closed

mikkelfj mentioned this issue Sep 10, 2019

Original/Initial Connection ID #3011

Closed

martinthomson closed this as completed Oct 22, 2019

Late Stage Processing automation moved this from Editorial Issues to Text Incorporated Oct 22, 2019

MikeBishop reopened this Oct 24, 2019

Late Stage Processing automation moved this from Text Incorporated to Triage Oct 24, 2019

MikeBishop mentioned this issue Oct 24, 2019

Explicit linkages for ODCID/OCID TP #3149

Merged

mnot moved this from Triage to Editorial Issues in Late Stage Processing Oct 27, 2019

martinthomson closed this as completed in #3149 Oct 29, 2019

Late Stage Processing automation moved this from Editorial Issues to Text Incorporated Oct 29, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ICID or OCID? #2926

ICID or OCID? #2926

mikkelfj commented Jul 23, 2019

MikeBishop commented Aug 13, 2019

martinthomson commented Oct 22, 2019

MikeBishop commented Oct 24, 2019

ICID or OCID? #2926

ICID or OCID? #2926

Comments

mikkelfj commented Jul 23, 2019

MikeBishop commented Aug 13, 2019

martinthomson commented Oct 22, 2019

MikeBishop commented Oct 24, 2019