From a5c33c8c4578101aa56ce8a57b8fb4c52ea01512 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 23 Jul 2019 09:30:45 -0400 Subject: [PATCH 1/9] Update draft-ietf-quic-transport.md --- draft-ietf-quic-transport.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index e429fee772..8d38a1304d 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2367,7 +2367,7 @@ following layout: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -|0|1| Unpredictable Bits (198..) ... +|0|1| Unpredictable Bits (46 ..) ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + @@ -2389,11 +2389,18 @@ of bytes following it that are set to unpredictable values. The last 16 bytes of the datagram contain a Stateless Reset Token. To entities other than its intended recipient, a stateless reset will appear -to be a packet with a short header. For the packet to appear as valid, the -Unpredictable Bits field needs to include at least 198 bits of data (or 25 -bytes, less the two fixed bits). This is intended to allow for a Destination -Connection ID of the maximum length permitted, with a minimal packet number, and -payload. The Stateless Reset Token corresponds to the minimum expansion of the +to be a packet with a short header. For the stateless reset to appear as a +valid QUIC packet and be smaller than the received packet, the Unpredictable +Bits field needs to include at least 46 bits of data (or 6 bytes, less the +two fixed bits), because packets that are smaller than 21 bytes are never +valid. To ensure the stateless reset packet is not smaller than other +packets received on the connection, the an endpoint SHOULD also ensure the +total packet length is at least the minimum chosen CID length + 19 bytes. +19 bytes allows for 1 type byte, 1 data byte, the 16 byte authentication +tag byte, and the one extra byte lost when the peer sends a smaller +stateless reset than the packet it receives. + +The Stateless Reset Token corresponds to the minimum expansion of the packet protection AEAD. More unpredictable bytes might be necessary if the endpoint could have negotiated a packet protection scheme with a larger minimum AEAD expansion. @@ -2401,7 +2408,7 @@ AEAD expansion. An endpoint SHOULD NOT send a stateless reset that is significantly larger than the packet it receives. Endpoints MUST discard packets that are too small to be valid QUIC packets. With the set of AEAD functions defined in {{QUIC-TLS}}, -packets that are smaller than 21 bytes are never valid. +packets that are smaller than 21 bytes are never valid. When a packet is b Endpoints MUST send stateless reset packets formatted as a packet with a short header. However, endpoints MUST treat any packet ending in a valid stateless From 8988d53d105b1289de644a6b02feadbc0270b90c Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 23 Jul 2019 09:40:30 -0400 Subject: [PATCH 2/9] Update draft-ietf-quic-transport.md --- draft-ietf-quic-transport.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 8d38a1304d..8ced9ca725 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2545,15 +2545,12 @@ separate limits for different remote addresses will ensure that Stateless Reset packets can be used to close connections when other peers or connections have exhausted limits. -Reducing the size of a Stateless Reset below the recommended minimum size of 41 -bytes could mean that the packet could reveal to an observer that it is a -Stateless Reset. Conversely, refusing to send a Stateless Reset in response to -a small packet might result in Stateless Reset not being useful in detecting -cases of broken connections where only very small packets are sent; such -failures might only be detected by other means, such as timers. - -An endpoint can increase the odds that a packet will trigger a Stateless Reset -if it cannot be processed by padding it to at least 42 bytes. +Reducing the size of a Stateless Reset below 41 bytes means that the packet +could reveal to an observer that it is a Stateless Reset, depending upon the +length of the peer's connection IDs. Conversely, refusing to send a Stateless +Reset in response to a small packet might result in Stateless Reset not being +useful in detecting cases of broken connections where only very small packets +are sent; such failures might only be detected by other means, such as timers. # Error Handling {#error-handling} From 3644a037e309bad4897b0ddbbee596096f8004ae Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 23 Jul 2019 09:45:45 -0400 Subject: [PATCH 3/9] David's comments --- draft-ietf-quic-transport.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 8ced9ca725..bc5a8162b3 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2391,14 +2391,13 @@ of the datagram contain a Stateless Reset Token. To entities other than its intended recipient, a stateless reset will appear to be a packet with a short header. For the stateless reset to appear as a valid QUIC packet and be smaller than the received packet, the Unpredictable -Bits field needs to include at least 46 bits of data (or 6 bytes, less the -two fixed bits), because packets that are smaller than 21 bytes are never -valid. To ensure the stateless reset packet is not smaller than other -packets received on the connection, the an endpoint SHOULD also ensure the -total packet length is at least the minimum chosen CID length + 19 bytes. -19 bytes allows for 1 type byte, 1 data byte, the 16 byte authentication -tag byte, and the one extra byte lost when the peer sends a smaller -stateless reset than the packet it receives. +Bits field needs to include at least 48 bits of data (or 6 bytes, less the +two fixed bits). To ensure the stateless reset packet is not smaller than +other packets received on the connection, an endpoint SHOULD also ensure the +total packet length is at least the minimum chosen CID length + 22 bytes. +22 bytes allows for 1 type byte, 4 packet number and data bytes, the +16 byte authentication tag, and the one extra byte to allow the peer to +send a smaller stateless reset than the packet it receives. The Stateless Reset Token corresponds to the minimum expansion of the packet protection AEAD. More unpredictable bytes might be necessary if the From 70bbc1be0d67a35d3077ae8d9e2f9330e35c62e8 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 23 Jul 2019 09:46:15 -0400 Subject: [PATCH 4/9] Update draft-ietf-quic-transport.md Co-Authored-By: Nick Banks --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index bc5a8162b3..dc7cb64d24 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2407,7 +2407,7 @@ AEAD expansion. An endpoint SHOULD NOT send a stateless reset that is significantly larger than the packet it receives. Endpoints MUST discard packets that are too small to be valid QUIC packets. With the set of AEAD functions defined in {{QUIC-TLS}}, -packets that are smaller than 21 bytes are never valid. When a packet is b +packets that are smaller than 21 bytes are never valid. Endpoints MUST send stateless reset packets formatted as a packet with a short header. However, endpoints MUST treat any packet ending in a valid stateless From 92b18b1d63b4c6974fe133f663be50312b78bb79 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 6 Aug 2019 17:52:48 -0400 Subject: [PATCH 5/9] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index dc7cb64d24..9302c500a3 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2391,7 +2391,7 @@ of the datagram contain a Stateless Reset Token. To entities other than its intended recipient, a stateless reset will appear to be a packet with a short header. For the stateless reset to appear as a valid QUIC packet and be smaller than the received packet, the Unpredictable -Bits field needs to include at least 48 bits of data (or 6 bytes, less the +Bits field needs to include at least 46 bits of data (or 6 bytes, less the two fixed bits). To ensure the stateless reset packet is not smaller than other packets received on the connection, an endpoint SHOULD also ensure the total packet length is at least the minimum chosen CID length + 22 bytes. From 812964ad4ffae5f132caf010617b110c76389242 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 6 Aug 2019 17:52:59 -0400 Subject: [PATCH 6/9] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 9302c500a3..b64e8529f1 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2394,7 +2394,7 @@ valid QUIC packet and be smaller than the received packet, the Unpredictable Bits field needs to include at least 46 bits of data (or 6 bytes, less the two fixed bits). To ensure the stateless reset packet is not smaller than other packets received on the connection, an endpoint SHOULD also ensure the -total packet length is at least the minimum chosen CID length + 22 bytes. +total packet length is at least the minimum chosen CID length plus 22 bytes. 22 bytes allows for 1 type byte, 4 packet number and data bytes, the 16 byte authentication tag, and the one extra byte to allow the peer to send a smaller stateless reset than the packet it receives. From abc642bb1837eb7485e07b0420a202c2ea1d79f8 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 6 Aug 2019 17:53:17 -0400 Subject: [PATCH 7/9] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index b64e8529f1..2f77007e2d 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2395,7 +2395,7 @@ Bits field needs to include at least 46 bits of data (or 6 bytes, less the two fixed bits). To ensure the stateless reset packet is not smaller than other packets received on the connection, an endpoint SHOULD also ensure the total packet length is at least the minimum chosen CID length plus 22 bytes. -22 bytes allows for 1 type byte, 4 packet number and data bytes, the +22 bytes allows for 1 type byte, 4 packet number and data bytes, 16 byte authentication tag, and the one extra byte to allow the peer to send a smaller stateless reset than the packet it receives. From f556d0432bdb2418c3daec508c19eb73aae20e35 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 6 Aug 2019 17:53:23 -0400 Subject: [PATCH 8/9] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 2f77007e2d..bb5df0515e 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2396,7 +2396,7 @@ two fixed bits). To ensure the stateless reset packet is not smaller than other packets received on the connection, an endpoint SHOULD also ensure the total packet length is at least the minimum chosen CID length plus 22 bytes. 22 bytes allows for 1 type byte, 4 packet number and data bytes, -16 byte authentication tag, and the one extra byte to allow the peer to +16 bytes for AEAD expansion, and an extra byte to allow the peer to send a smaller stateless reset than the packet it receives. The Stateless Reset Token corresponds to the minimum expansion of the From af2f589dcd5b61a294cbb5b191736345ab9a0a93 Mon Sep 17 00:00:00 2001 From: ianswett Date: Tue, 13 Aug 2019 18:55:06 -0400 Subject: [PATCH 9/9] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index bb5df0515e..71338bf99d 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2367,7 +2367,7 @@ following layout: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -|0|1| Unpredictable Bits (46 ..) ... +|0|1| Unpredictable Bits (38 ..) ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + +