ODCID is a special for validating the server address #4344
Conversation
martinthomson
added
editorial
draft-ietf-quic-transport.md
Outdated
| least 64 bits of entropy. For the client, the value of the Destination | ||
| Connection ID field in its first Initial packet also fulfills this requirement, | ||
| such that successfully processing any packet validates the server address. |
There was a problem hiding this comment.
| least 64 bits of entropy. For the client, the value of the Destination | |
| Connection ID field in its first Initial packet also fulfills this requirement, | |
| such that successfully processing any packet validates the server address. | |
| least 64 bits of entropy. A client can consider the server address validated on | |
| successfully processing any packet received from the server, since for | |
| encrypting its Initial packets, the server uses the Destination Connection ID | |
| field from the client's first Initial packet; see Section 5.2 of {{QUIC-TLS}}. |
There was a problem hiding this comment.
Actually, I might want to reverse this change. It's not just Initial encryption, it's also Retry and Version Negotiation that the ODCID helps with.
draft-ietf-quic-transport.md
Outdated
| least 64 bits of entropy. This means that any valid packet received by the | ||
| client validates the server address. | ||
| least 64 bits of entropy. A client can consider the server address validated on | ||
| successfully processing any packet received from the server, since for |
There was a problem hiding this comment.
Rather than "any packet", I think we might wan to say "Initial packet"? By stating as such, we can be clear that the receipt of Retry packets does not mean that the path has been validated. We do not need to be worried about Handshake or 1-RTT packets because processing an Initial packet is the prerequisite for obtaining keys necessary to decrypt Handshake and 1-RTT packets.
There was a problem hiding this comment.
So any packet is correct, if we also say "successfully processed". Retry and VN both echo the Destination Connection ID field, and Initial packets use encryption. This is why I think that I will roll back Jana's proposed change - at least partly.
There was a problem hiding this comment.
@martinthomson Re Retry, I'm not sure if that is the case.
Section 17.2.5.1 specifies that a server MUST NOT echo the value of the DCID field of an Initial packet that it receives. Therefore, for a client, receiving a Retry packet does not mean that the server has received the Initial packet carrying the DCID that the client chose.
There was a problem hiding this comment.
Oh right. It's the authentication tag in Retry that provides that proof. Such a complicated, fiddly protocol.
There was a problem hiding this comment.
Ah right. Receipt of Retry packets do validate the address using a different mechanism 🤦
This reverts commit c066481.
For #4330.