Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pad path validation in both directions #4241

Merged
merged 9 commits into from Oct 20, 2020
Merged

Pad path validation in both directions #4241

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c904daf
Pad when validating addresses
martinthomson Oct 16, 2020
d21c32b
A big caveat
martinthomson Oct 16, 2020
2686b0a
Datagrams, not packets
martinthomson Oct 16, 2020
b9bfce8
Revert automated formatting of tables, wrap
martinthomson Oct 16, 2020
b3ce9e6
Pad PATH_RESPONSE too
martinthomson Oct 19, 2020
663465c
Tweaks
martinthomson Oct 19, 2020
80cbb76
Wrap; make the other a SHOULD too
martinthomson Oct 19, 2020
abde090
Peer path validation...
martinthomson Oct 20, 2020
1e95cb2
MUST
martinthomson Oct 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 6 additions & 5 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Expand Up @@ -2218,12 +2218,13 @@ data contained in the PATH_CHALLENGE frame in a PATH_RESPONSE frame. An
endpoint MUST NOT delay transmission of a packet containing a PATH_RESPONSE
frame unless constrained by congestion control.

A PATH_RESPONSE frame SHOULD be sent on the network path where the PATH_CHALLENGE
was received. This ensures the path is functional in both directions. This requirement
MUST NOT be enforced by the endpoint that initiates path validation as that would enable
an attack on migration; see {{off-path-forward}}.
A PATH_RESPONSE frame SHOULD be sent on the network path where the
martinthomson marked this conversation as resolved.
Show resolved Hide resolved
PATH_CHALLENGE was received. This ensures the path is functional in both
directions. This requirement MUST NOT be enforced by the endpoint that
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This justification could be a bit more precise.

This ensures that the peer's path validation succeeds only if the path is functional
in both directions.

initiates path validation as that would enable an attack on migration; see
{{off-path-forward}}.

An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame to at
An endpoint SHOULD expand datagrams that contain a PATH_RESPONSE frame to at
martinthomson marked this conversation as resolved.
Show resolved Hide resolved
least the smallest allowed maximum datagram size of 1200 bytes. This verifies
that the path is able to carry datagrams of this size in both directions.

Expand Down