Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version Negotiation validation #523

Closed
martinthomson opened this issue May 12, 2017 · 1 comment
Closed

Version Negotiation validation #523

martinthomson opened this issue May 12, 2017 · 1 comment
Labels
-transport design An issue that affects the design of the protocol; resolution requires consensus. has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list.

Comments

@martinthomson
Copy link
Member

@janaiyengar observes,

We haven't nailed down rules for when an endpoint receives a VN with a packet number that does not match any sent packets.

This is true. We should write that down.
@martinthomson martinthomson added design An issue that affects the design of the protocol; resolution requires consensus. -transport labels May 12, 2017
This was referenced May 12, 2017
Closed
Closed
martinthomson added a commit that referenced this issue May 12, 2017
@martinthomson
Increase resilience to spoofed Version Negotiation packets
de69df9 
There's two layers of defense here:

1. Version Negotiation echoes 31-bits of entropy (maybe more if you consider the version to be at all unpredictable, or the client's source address to contain any entropy).

2. If validation fails and version negotiation happened, encourage the client to try again ignoring any Version Negotiation packets that match the failed profile.

Closes #523.
@martinthomson martinthomson mentioned this issue May 12, 2017
Closed
@mnot mnot added this to Handshake in QUIC May 22, 2017
@mnot mnot modified the milestone: First Implementation Draft Jun 6, 2017
@mnot mnot changed the title Define rules for validation of Version Negotiation Version Negotiation validation Jun 21, 2017
martinthomson added a commit that referenced this issue Jun 27, 2017
@martinthomson
Increase resilience to spoofed Version Negotiation packets
4f1b348 
There's two layers of defense here:

1. Version Negotiation echoes 31-bits of entropy (maybe more if you consider the version to be at all unpredictable, or the client's source address to contain any entropy).

2. If validation fails and version negotiation happened, encourage the client to try again ignoring any Version Negotiation packets that match the failed profile.

Closes #523.
@martinthomson martinthomson mentioned this issue Aug 11, 2017
Merged
@martinthomson
Copy link
Member Author

This should have been closed by #724 (but then GitHub doesn't do that if the "closes" clause was added after the PR was created).

@martinthomson martinthomson removed this from Handshake in QUIC Oct 19, 2017
@mnot mnot added the has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list. label Mar 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-transport design An issue that affects the design of the protocol; resolution requires consensus. has-consensus An issue that the Chairs have determined has consensus, by canvassing the mailing list.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinthomson @mnot