Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add warning about request forgery and client-side migration #4086

Closed
ekr opened this issue Sep 10, 2020 · 7 comments · Fixed by #4104
Closed

Add warning about request forgery and client-side migration #4086

ekr opened this issue Sep 10, 2020 · 7 comments · Fixed by #4104
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing

Comments

@ekr
Copy link
Collaborator

ekr commented Sep 10, 2020

I find Martin's argument that QUIC servers are able to control their topology well enough to prevent request forgery attacks somewhat persuasive. However:

  1. I think the document should be clearer that if you can't do this you can't deploy QUIC as a server.
  2. We should add text indicating that a candidate extension to allow migration by the client would need to deal with this (likely by adding one of the countermeasures we decided not to ass). This is a very long specification and otherwise the institutional knowledge about this issue is likely to be lost.
@ekr
Copy link
Collaborator Author

ekr commented Sep 10, 2020

If people agree, I can provide PRs for these.

@martinthomson
Copy link
Member

These sound like good additions that I would welcome. (I would write the PR, but I don't trust myself, I'd appreciate you providing text.)

@martinthomson martinthomson added -transport editorial An issue that does not affect the design of the protocol; does not require consensus. labels Sep 10, 2020
@LPardue
Copy link
Member

LPardue commented Sep 10, 2020

Sounds like a good path forward.

@larseggert larseggert added this to Triage in Late Stage Processing via automation Sep 10, 2020
@MikeBishop
Copy link
Contributor

  1. We should add text indicating that a candidate extension to allow migration by the client would need to deal with this (likely by adding one of the countermeasures we decided not to ass). This is a very long specification and otherwise the institutional knowledge about this issue is likely to be lost.

Do you mean migration by the server?

@ekr
Copy link
Collaborator Author

ekr commented Sep 11, 2020 via email

@MikeBishop
Copy link
Contributor

FWIW, when we've talked about a server migration extension before, it was usually in the form of a frame that mimics the preferred_address TP, prompting the client to probe the new address and actually make the change. That approach seems like it limits the attacks to those already possible with SPA, though it broadens the window / number of attempts.

ekr added a commit to ekr/base-drafts that referenced this issue Sep 16, 2020
@ekr
Add warning about request forgery and client-side migration. Fixes qu…
647c68f 
…icwg#4086
@larseggert
Copy link
Member

Could people take a look at the PR? Would like to move this along.

@larseggert larseggert moved this from Triage to Editorial Issues in Late Stage Processing Sep 22, 2020
@martinthomson martinthomson linked a pull request Sep 22, 2020 that will close this issue
Add warning about request forgery and client-side migration. Fixes #4086 #4104
Merged
Late Stage Processing automation moved this from Editorial Issues to Issue Handled Sep 22, 2020
janaiyengar added a commit that referenced this issue Sep 22, 2020
@janaiyengar
Merge pull request #4104 from ekr/forgery_warnings
7886e41 
Add warning about request forgery and client-side migration. Fixes #4086
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing
  
Issue Handled
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add warning about request forgery and client-side migration. Fixes #4086 ekr/base-drafts
5 participants
@martinthomson @larseggert @ekr @MikeBishop @LPardue