Repeat tokens in all Initial packets #2089
Conversation
The client repeats the token in all Initial packets. Also clarifies that the token is sent in Initial in a few spots. https://www.ietf.org/mail-archive/web/quic/current/msg05071.html
| believes that its point of network attachment has changed since the token was | ||
| last used; that is, if there is a change in its local IP address or network | ||
| interface. A client needs to start the connection process over if it migrates | ||
| prior to completing the handshake. |
There was a problem hiding this comment.
Maybe this is getting ahead of other discussions, but a client SHOULD not repeat also because the server MAY reject repeated tokens.
There was a problem hiding this comment.
I assume that the text from PR #2064 will be inserted after this paragraph. Again, it is the flip side of the "client SHOULD NOT" clause. Client should not reuse the same token for multiple connections, and servers MAY (or SHOULD?) reject connections that attempt to reuse a token.
| SHOULD attempt to validate it, unless it has already completed address | ||
| validation. If the token is invalid then the server SHOULD proceed as if | ||
| the client did not have a validated address, including potentially sending | ||
| a Retry. If the validation succeeds, the server SHOULD then allow the | ||
| handshake to proceed. |
There was a problem hiding this comment.
And here text might be placed on server MAY reject repeat tokens?
There was a problem hiding this comment.
I assume that we will process PR #2064 after this one. I am fine with the text, but I would like something said about server behavior. Client recommendations are mostly enforced when breaking them causes servers to reject packets...
|
|
||
| As long as it is not possible for an attacker to generate a valid token for | ||
| its own address (see {{token-integrity}}) and the client is able to return | ||
| that token, it proves to the server that it received the token. | ||
|
|
There was a problem hiding this comment.
Define "proves". The token mechanism may be vulnerable to replay attacks.
There was a problem hiding this comment.
It only proves that it received it, not when. I think that we can probably defer discussion of the reuse/replay aspects of this.
| address validation in a future connection. The client MUST include the | ||
| token in all Initial packets it sends, unless a Retry replaces the token | ||
| with a newer token. The client MUST NOT use the token provided in a Retry | ||
| for future connections. | ||
|
|
There was a problem hiding this comment.
Yes, "all Initial packets" is what we want. At least it is not ambiguous. There is however a general problem with such recommendations: they are not enforced unless servers behave that way. I would add something at the end:
with a newer token. The client MUST NOT use the token provided in a Retry
for future connections. Servers MAY reject any Initial packet that does not
carry the expected token.
I am not sure about the use of the plural in "future connections". Allowing the same token to be reused in multiple connections is potentially dangerous. But that may be work for another PR.
There was a problem hiding this comment.
Is the desired action "reject" or "ignore/discard"? I would say either is OK, though I might be inclined more toward the latter (on the basis that spoofing implies DoS).
| believes that its point of network attachment has changed since the token was | ||
| last used; that is, if there is a change in its local IP address or network | ||
| interface. A client needs to start the connection process over if it migrates | ||
| prior to completing the handshake. |
There was a problem hiding this comment.
I assume that the text from PR #2064 will be inserted after this paragraph. Again, it is the flip side of the "client SHOULD NOT" clause. Client should not reuse the same token for multiple connections, and servers MAY (or SHOULD?) reject connections that attempt to reuse a token.
|
|
||
| As long as it is not possible for an attacker to generate a valid token for | ||
| its own address (see {{token-integrity}}) and the client is able to return | ||
| that token, it proves to the server that it received the token. | ||
|
|
There was a problem hiding this comment.
It only proves that it received it, not when. I think that we can probably defer discussion of the reuse/replay aspects of this.
| address validation in a future connection. The client MUST include the | ||
| token in all Initial packets it sends, unless a Retry replaces the token | ||
| with a newer token. The client MUST NOT use the token provided in a Retry | ||
| for future connections. | ||
|
|
There was a problem hiding this comment.
Is the desired action "reject" or "ignore/discard"? I would say either is OK, though I might be inclined more toward the latter (on the basis that spoofing implies DoS).
| believes that its point of network attachment has changed since the token was | ||
| last used; that is, if there is a change in its local IP address or network | ||
| interface. A client needs to start the connection process over if it migrates | ||
| prior to completing the handshake. |
| SHOULD attempt to validate it, unless it has already completed address | ||
| validation. If the token is invalid then the server SHOULD proceed as if | ||
| the client did not have a validated address, including potentially sending | ||
| a Retry. If the validation succeeds, the server SHOULD then allow the | ||
| handshake to proceed. |
Co-Authored-By: ianswett <ianswett@users.noreply.github.com>
| can either abort the connection or permit it to proceed. | ||
| token MUST be repeated by the client in all Initial packets it sends after it | ||
| receives the Retry packet. In response to receiving a token in an Initial | ||
| packet, a server can either abort the connection or permit it to proceed. | ||
|
|
There was a problem hiding this comment.
Isn't there a third option to ignore a packet rather then abort or permit to proceed?
There was a problem hiding this comment.
What's the 3rd option?
There was a problem hiding this comment.
The third option is to "drop/ignore". The mentioned options are "abort" and "proceed", but proceed implies the packet is processed.
There was a problem hiding this comment.
SG, changed from receiving to processing, because otherwise I think this sentence is not really correct.
Christian/Martin's suggestion
|
@ianswett, does this fix an issue? |
|
The only issue I'm aware of is the thread I linked to. |
martinthomson
added
design
The client repeats the token in all Initial packets. Also clarifies that the token is sent in Initial in a few spots.
https://www.ietf.org/mail-archive/web/quic/current/msg05071.html