I strongly disagree with the chosen fix to make the counter size
configurable. ChaCha20 is standardized in RFC-7539 with a 32-bit counter
size[1]. Making the counter size configurable has two problems:
1) It is harder to support (as non-standard forms of ChaCha are not
always available)
2) The client has no way to know which counter variant the server
expects, and this needs to be explicitly configured both by the client
and the server, which is really not ideal, and will lead to hard to
diagnose connection problems.
The proper way to fix this is to define a separate encryption plugin
name for the variant with a 64-bit counter, so that client and server
can negotiate the appropriate plugin that is supported.
Alternatively, re-keying could be supported, so that client and server
can change keys during a connection, but this comes with additional
challenges.
Mark
[1]: https://datatracker.ietf.org/doc/html/rfc7539#section-2.4
-------- Original Message --------
Subject: [FirebirdSQL/firebird] Connection hangs after delivery of 2**32
- 1 packets (Issue #7065)
Date: 2021-12-12 18:26
From: Alexander Peshkov <notificati...@github.com>
To: FirebirdSQL/firebird <fireb...@noreply.github.com>
Cc: Subscribed <subscri...@noreply.github.com>
Reply-To: FirebirdSQL/firebird
<reply+abi2z4jtk5w2wedcfem3fi57yii5jevbnhheapw...@reply.github.com>
ChaCha wire encryption, used by default since FB4, is using 32-bit
counter. When counter overflows secure packets delivery becomes
impossible without reconnect.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub [1], or unsubscribe [2].
Triage notifications on the go with GitHub Mobile for iOS [3] or Android
[4].
Links:
------
[1] https://github.com/FirebirdSQL/firebird/issues/7065
[2]
https://github.com/notifications/unsubscribe-auth/ABI2Z4J2M42KMEBDP2KTWQDUQTLNJANCNFSM5J4PIROA
[3]
https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
[4]
https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
