Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

token-based greasing / initial packet protection (downgradable variant) #3178

Closed
wants to merge 33 commits into from
Closed

token-based greasing / initial packet protection (downgradable variant) #3178

wants to merge 33 commits into from

Conversation

kazuho
Copy link
Member

@kazuho kazuho commented Oct 31, 2019
edited
Loading

There seem to be split views on if the greasing should be downgradable.

This PR is a variant of #3166 that allows downgrade.

The design rationale is that a downgrade attack by a middlebox should be detectable, though it reveals the payload of the Initial packet.

The diff between #3166 and this PR is available at https://github.com/kazuho/base-drafts/compare/kazuho/new-token-with-alias..kazuho/new-token-with-alias-downgradable.

kazuho and others added 26 commits October 29, 2019 12:57
@kazuho
first cut
048788c
@kazuho
editorial
5067498
@kazuho
define downgrade prevention
58468c5
@kazuho
clarify the requirement when building a token
42a7387
@kazuho
editorial
81dc3d9
@kazuho
protect token using checksum (reusing text from quicwg#3120 by @David…
2553793 
…Schinazi)
@kazuho
use list for implementation guidance, applying @DavidSchnazi's sugges…
d16700d 
…tions
@kazuho
clarify what can be associated with the token, adopting @MikeBishop's…
06bd108 
… suggestion
@kazuho
s/comprises of/contains/ (@MikeBishop)
6158bd9
@kazuho
use "Long Packet Type" (@DavidSchinazi)
7eded0a
@kazuho
swap reserved bits and packet type modifier (suggested by @martinthomson
0720ef3 
)
@kazuho
long packet types when encoded in a long header packet is an XOR (@ma…
14469be 
…rtinthomson)
@kazuho
clarify how a server can opt-out
4e95ee6
@kazuho
Revert "protect token using checksum (reusing text from quicwg#3120 by
bacab50 
…@DavidSchinazi)"

This reverts commit 2553793.
@kazuho
no more downgrade
d9ec324
@kazuho
server always announce (though it can effectively opt-out)
3f4e7cc
@kazuho
delete VERSION_NEGOTIATION_ERROR (once again)
69d9969
@kazuho
clarify how to handle Retry, as well as stating that a fixed mapping …
373257b 
…bet. versions and salts is better than nothing
@kazuho
add Lifetime field
94a5a1b
@kazuho @MikeBishop
Update draft-ietf-quic-transport.md
5f853ad 
Co-Authored-By: Mike Bishop <mbishop@evequefou.be>
@kazuho
@MikeBishop's suggestions; quicwg#3166 (comment)
75735e0
@kazuho
oops, amend the previous commit
44c2b1d
@kazuho
fix typo, emphasize that this is just an example
d557fb7
@kazuho
Rephrase as "seeding"; The default of "alternative" being the standar…
7d0fa47 
…d values has been confusing
@kazuho
define the downgrade process; that lets the server detect downgrade a…
0807702 
…ttack
@kazuho
wordwrap
dbac831
@kazuho kazuho mentioned this pull request Oct 31, 2019
Closed
kazuho and others added 3 commits October 31, 2019 17:27
@kazuho @mikkelfj
Update draft-ietf-quic-transport.md
3caa73e 
Co-Authored-By: MikkelFJ <mikkelfj@gmail.com>
@kazuho @mikkelfj
Update draft-ietf-quic-transport.md
ead19c0 
Co-Authored-By: MikkelFJ <mikkelfj@gmail.com>
@kazuho @mikkelfj
Update draft-ietf-quic-transport.md
bd45b37 
Co-Authored-By: MikkelFJ <mikkelfj@gmail.com>
@martinthomson
Copy link
Member

OBE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kazuho @martinthomson @MikeBishop