From c571ed1433345de41b9cf0a0fc150edefa80f667 Mon Sep 17 00:00:00 2001 From: Gorry Fairhurst Date: Wed, 23 Sep 2020 17:59:13 +0100 Subject: [PATCH 1/3] Update draft-ietf-quic-transport.md Proposal to clarify "stream fragmentation" --- draft-ietf-quic-transport.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index ff89247633..d808fe5bf6 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -6636,14 +6636,15 @@ restricting the length of time an endpoint is allowed to stay connected. ## Stream Fragmentation and Reassembly Attacks -An adversarial sender might intentionally send fragments of stream data in an -attempt to cause disproportionate receive buffer memory commitment and/or -creation of a large and inefficient data structure. +An adversarial sender might intentionally omit to send portions of the stream data, causing the +receiver to commit resources for the omitted data, this could cause a disproportionate receive buffer memory commitment and/or creation of a large and inefficient data structure. An adversarial receiver might intentionally not acknowledge packets containing stream data in an attempt to force the sender to store the unacknowledged stream data for retransmission. +Note that stream fragmentation is unrelated to IP fragmentation. + The attack on receivers is mitigated if flow control windows correspond to available memory. However, some receivers will over-commit memory and advertise flow control offsets in the aggregate that exceed actual available From 2e2378426dae0c78d3505e3e0b4ca599e1dc7a7f Mon Sep 17 00:00:00 2001 From: Jana Iyengar Date: Wed, 23 Sep 2020 18:00:38 -0700 Subject: [PATCH 2/3] formatting --- draft-ietf-quic-transport.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index d808fe5bf6..c34c4464a5 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -6636,8 +6636,10 @@ restricting the length of time an endpoint is allowed to stay connected. ## Stream Fragmentation and Reassembly Attacks -An adversarial sender might intentionally omit to send portions of the stream data, causing the -receiver to commit resources for the omitted data, this could cause a disproportionate receive buffer memory commitment and/or creation of a large and inefficient data structure. +An adversarial sender might intentionally omit to send portions of the stream +data, causing the receiver to commit resources for the omitted data. This could +cause a disproportionate receive buffer memory commitment and/or the creation of +a large and inefficient data structure at the receiver. An adversarial receiver might intentionally not acknowledge packets containing stream data in an attempt to force the sender to store the unacknowledged stream From ace13896f08da46b5d76ee5c6bc43c5605da5b50 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 25 Sep 2020 08:28:12 +1000 Subject: [PATCH 3/3] Let's not use omit and IP fragmentation is irrelevant here Co-authored-by: ianswett --- draft-ietf-quic-transport.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index c34c4464a5..2ce71d6732 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -6636,8 +6636,8 @@ restricting the length of time an endpoint is allowed to stay connected. ## Stream Fragmentation and Reassembly Attacks -An adversarial sender might intentionally omit to send portions of the stream -data, causing the receiver to commit resources for the omitted data. This could +An adversarial sender might intentionally not send portions of the stream data, +causing the receiver to commit resources for the unsent data. This could cause a disproportionate receive buffer memory commitment and/or the creation of a large and inefficient data structure at the receiver. @@ -6645,8 +6645,6 @@ An adversarial receiver might intentionally not acknowledge packets containing stream data in an attempt to force the sender to store the unacknowledged stream data for retransmission. -Note that stream fragmentation is unrelated to IP fragmentation. - The attack on receivers is mitigated if flow control windows correspond to available memory. However, some receivers will over-commit memory and advertise flow control offsets in the aggregate that exceed actual available