IETF Logo Mail Archive

Re: [arch-d] Treating "private" address ranges specially

Christian Huitema <huitema@huitema.net> Thu, 01 April 2021 03:33 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41B1A3A3EB5 for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 20:33:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEZnivo8Kv7x for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 20:33:28 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B8803A3EB3 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 20:33:27 -0700 (PDT)
Received: from xse291.mail2web.com ([66.113.197.37] helo=xse.mail2web.com) by mx134.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1lRo59-000w7t-80 for architecture-discuss@ietf.org; Thu, 01 Apr 2021 05:33:21 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4F9pg00HmTz2dN4 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 20:33:16 -0700 (PDT)
Received: from [10.5.2.17] (helo=xmail07.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1lRo55-0000ew-TI for architecture-discuss@ietf.org; Wed, 31 Mar 2021 20:33:15 -0700
Received: (qmail 7672 invoked from network); 1 Apr 2021 03:33:14 -0000
Received: from unknown (HELO [192.168.1.105]) (Authenticated-user:_huitema@huitema.net@[172.58.43.102]) (envelope-sender <huitema@huitema.net>) by xmail07.myhosting.com (qmail-ldap-1.03) with ESMTPA for <architecture-discuss@ietf.org>; 1 Apr 2021 03:33:14 -0000
To: Martin Thomson <mt@lowentropy.net>, architecture-discuss@ietf.org
References: <4329d51a-d5ba-45b3-9fb0-6795dc6fccd3@www.fastmail.com> <CAMGpriWA4B8AThNKBOHo-bfAdQ2s5iYv8rBOB7X8UVc5GsqENA@mail.gmail.com> <CAMGpriUJkWYPyw7=oAj_GnGu2J14T3=VZYNWPZtAs870P=x0sg@mail.gmail.com> <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com> <CAMGpriU_L8HbLFX_mMBtBXxy=XOc5BAnYgVR9R8TQO=DPvRD_g@mail.gmail.com> <F59E2FC3-19CE-4D14-9F1C-9F7125D89455@mnot.net> <CAMGpriVJCsird15oBfT=gSDTr59_yf9TkLmOSO7a9DGX0VRjOg@mail.gmail.com> <CA+9kkMB2iOA-QaCidJHVN=qqZ8TtPXV=xyfuKh+i44VzZLWG3w@mail.gmail.com> <c88bbb17-4a30-4241-af98-436ddf01ca5c@www.fastmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <2c2367b2-bbe1-7d4d-9edd-c7975420a540@huitema.net>
Date: Wed, 31 Mar 2021 20:33:14 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <c88bbb17-4a30-4241-af98-436ddf01ca5c@www.fastmail.com>
Content-Type: multipart/alternative; boundary="------------F57A0F589425266EB36AF597"
Content-Language: en-US
X-Originating-IP: 66.113.197.37
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5yLNgi2F4M0RbknB3BDmsRxyINTMb4kYMD15j85Ktbckyo/ xMM0hxORRmMMI7DUTwjeY8THlZB91F8zItht0Pwr5g+sHZmT3CLVmxntdIVybVy+BbGrglZA45nG CXVN8lqeyrhzWminYO4gRGXn3bDVBVisGv8MyVI5ms3guyJnGvsZ59zoX/F2OVmfn/ypN1MUOled bu+r9+W9cDXvzL3SDfmI/SU/hyBNwHImG15sstvifT4GqBfEkB7aN5XuM7B02nkLZSrmz+olE44+ sjwESum7gC1WgO/NiysYOr0Zp4PDdWi4V6nXPowtUXJ1bnedw+XGlIW1bb6iLQaqIs5BLfTttFI5 MCNL/izpcNORuAUvossjam0/HVDFzCeLVAjI+ht+2XwDC3Hj+WjRz7dukQbqbub9Z8raDZ3Nd/Bn xCUUNqgu448pzyBzzakp+EE11Iy42FkLdf+cZ0MpjKD7IK/1NH5THMtlYvyHAYGOGqz2oidVuoQM okQutY3pHcCHFzboKDhGx0chVC6Uo5u42dYfx3w0UOSIPFYT7DxPDQ8XciHiWVJe0/nQcdnQAo/R FUqbnIhdxq8hFB+98CBhe+9CsEJJXuZM3f6OQXLd8w0aI0lYszZdHHv7O7tD/W+zoo6HN0gmX1qd UY5I1gsP7yFM015AwIoiYphoS1BbktpYWiHrV3woNSXQFazsCnwrq6Wa2NjpcAZ57EAksITmVKBS Lw97CHD9X4STzOgf/DkzTHmvsrVvdr3kPd6VJxb1hl6LrazrU79sxBMKZKz5N+xaPV6oNm0AvN9X KQ2odUmPOJb0gvKcB65VUL15IzdtALl6tE9e8KCaN2ryngAyLMuuOzJ9M8JhswIt2Z/mHbYUTYLO yIOJf1xK6WJ94JWUyhbmk5dfVtyEqvftSoi7BEhlPsvn43YI7nWcYkz4vjBtUD9+Z7GHz/OHPkRS tyombmeTgFKBgc4kmBS2brus198cbJqk/JfQEZbE2pQGnw==
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/_Cq_dQMvgPMLAfaY1whGbwYNLSo>
Subject: Re: [arch-d] Treating "private" address ranges specially
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 03:33:30 -0000

On 3/31/2021 4:52 PM, Martin Thomson wrote:

> Thanks everyone for the insights.
>
> I'll reply to Ted as he hit the crux of the issue most adroitly...
>
> On Wed, Mar 31, 2021, at 20:07, Ted Hardie wrote:
>> What I think this proposal would actually like to do is to determine
>> whether a resource referenced by a specific web server would also be
>> reachable by that server.
> That's exactly it.
>
> Brian's point about the inherent folly of making such guesses is well taken.
>
> It's quite clear that it is generically bad to make these sorts of inferences from addresses.  That's good information.
>
> The question I'm now interested in answering is whether using these as part of a heuristic in order to limit the scope of a change like the proposed is tolerable.
>
> The goal here is to close off a security loophole in how browser make request for a tiny slice of the total set of requests that are made.  The ultimate goal might be to remove the loopholes uniformly.  However, that would break so much stuff that a change like that would never stick.  This is a more narrowly-scoped approach that tries to identify conditions where the requests are a) more dangerous in general, and b) rare enough that any breaks would not be widely felt.

Martin,

Do you have a description of the type of attacks you are thinking off? I 
understand the general idea of "malicious server somehow gets to use or 
attack internal sites behind the firewall", but a concrete description 
of a couple examples might help. Is it about opening a frame against an 
internal host, or about running javascript and evading the standard 
protections? Is it something like the "request forgery attacks" 
discussed in QUIC?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email