GrumpyOldTroll
commented
2 years ago Good point, it's a relatively common point of confusion and could use clearing up.
To answer the question: yes, the design intent is to allow MC_INTEGRITY frames to be carried in a multicast channel. An MC_INTEGRITY frame carried in a channel of course requires its packet to be secured by another MC_INTEGRITY frame that contains its hash that was delivered on a secure channel such as the unicast connection, which would form a merkle tree.
Also note: @squarooticus in https://github.com/GrumpyOldTroll/draft-jholland-quic-multicast/issues/48 wants to tweak the text to permit the secure hash delivery to occur in out-of-band paths like AMBI. I'm not fully convinced that's worth including in this spec, but have deferred judgement on the point for now. And in general I agree with him that it's feasible to use an integrity anchor that comes from outside the current connection in ways that can provide adequate security--my unsureness here is about whether this is a can of worms that's worth leaving open in this doc, and whether it's likely to provoke any needlessly difficult discussions.
LPardue
Section 4.3 says:
My initial comprehension was that MC_INTEGRITY frames are only delivered over the unicast channel, so they are always delivered in packets that have integrity, confidentiality and authenticity.
But this section focuses on integrity, via using the term "integrity-protected path". This makes me wonder whether there is a design intention to allow MC_INTEGRITY frames related to multicast channel A, to be delivered on multicast channel B, as long as the packet containing the MC_INTEGRITY frame has a chain of integrity back to some root (avoiding a bootstrap issue). The document doesn't really go into detail here and I think it would help to be a little clear if such a deployment is intended to be allowed.