Version Negotiation when Version = 0 #816
Comments
MikeBishop
added
-transport
design
|
We don't need special handling for this. |
|
I agree -- I think this is fine as is. A server will send a VN packet in response to it, or if it's seen in a VN packet, it will simply be ignored. I'll close this, but @MikeBishop please reopen if you think we should discuss this further. |
The origin of this issue is that not all current implementations do send VN in response to version 0, so there is some difference of interpretation in the spec. Maybe we decide that the spec is perfectly clear and any implementation behaving that way simply has a bug -- that's a reasonable position. But I think it's also a reasonable reading of the current spec to ignore or CONNECTION_CLOSE a packet purporting to be in "an invalid version." |
|
I see. You're suggesting that we should articulate one precise behavior in this case. I probably don't really care which one, but I'm fine with that. |
|
OBE. See #827 for a more a request to address the remaining issue (that clients ignore unknown, unexpected, or unsupported versions). |
|
I'd like to reopen this issue, because if two servers support enough versions to produce really large VN packets, then an attacker could get them to continually send VN back and forth. So I think a server should silently drop a version 0 packet that it receives. |
|
Nick, I think that a new issue is appropriate. Ignoring Version Negotiation if you aren't making a connection seems good, obvious even. I would take a PR to clarify that if you have the time. |
mnot
added
the
has-consensus
The version 0x00000000 is reserved to represent an invalid version, but what is the expected behavior when a server receives it? Should it initiate version negotiation, or should it reject the incoming message entirely?The text was updated successfully, but these errors were encountered: