-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ODCID is a special for validating the server address #4344
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An editorial suggestion, but LGTM
draft-ietf-quic-transport.md
Outdated
least 64 bits of entropy. For the client, the value of the Destination | ||
Connection ID field in its first Initial packet also fulfills this requirement, | ||
such that successfully processing any packet validates the server address. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
least 64 bits of entropy. For the client, the value of the Destination | |
Connection ID field in its first Initial packet also fulfills this requirement, | |
such that successfully processing any packet validates the server address. | |
least 64 bits of entropy. A client can consider the server address validated on | |
successfully processing any packet received from the server, since for | |
encrypting its Initial packets, the server uses the Destination Connection ID | |
field from the client's first Initial packet; see Section 5.2 of {{QUIC-TLS}}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, I might want to reverse this change. It's not just Initial encryption, it's also Retry and Version Negotiation that the ODCID helps with.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for working on the PR. LGTM modulo one minor point below.
draft-ietf-quic-transport.md
Outdated
least 64 bits of entropy. This means that any valid packet received by the | ||
client validates the server address. | ||
least 64 bits of entropy. A client can consider the server address validated on | ||
successfully processing any packet received from the server, since for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than "any packet", I think we might wan to say "Initial packet"? By stating as such, we can be clear that the receipt of Retry packets does not mean that the path has been validated. We do not need to be worried about Handshake or 1-RTT packets because processing an Initial packet is the prerequisite for obtaining keys necessary to decrypt Handshake and 1-RTT packets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So any packet is correct, if we also say "successfully processed". Retry and VN both echo the Destination Connection ID field, and Initial packets use encryption. This is why I think that I will roll back Jana's proposed change - at least partly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@martinthomson Re Retry, I'm not sure if that is the case.
Section 17.2.5.1 specifies that a server MUST NOT echo the value of the DCID field of an Initial packet that it receives. Therefore, for a client, receiving a Retry packet does not mean that the server has received the Initial packet carrying the DCID that the client chose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh right. It's the authentication tag in Retry that provides that proof. Such a complicated, fiddly protocol.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah right. Receipt of Retry packets do validate the address using a different mechanism 🤦
This reverts commit c066481.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM modulo #4344 (comment).
For #4330.