[core] Request-Tag and Block2 with present but unfragmented payload draft-ietf-core-attacks-on-coap-03.txt

Christian Amsüss <christian@amsuess.com> Thu, 15 June 2023 12:11 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 906C6C14CE2F for <core@ietfa.amsl.com>; Thu, 15 Jun 2023 05:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pvnD4aVekJwu for <core@ietfa.amsl.com>; Thu, 15 Jun 2023 05:11:49 -0700 (PDT)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2707AC14CF12 for <core@ietf.org>; Thu, 15 Jun 2023 05:11:47 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net []) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 35FCBhkL027882 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <core@ietf.org>; Thu, 15 Jun 2023 14:11:44 +0200 (CEST) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host 095129206250.cust.akis.net [] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (hermes.lan []) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 8039922FA0 for <core@ietf.org>; Thu, 15 Jun 2023 14:11:43 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.lan [IPv6:2a02:b18:c13b:8010::32b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 65EB0244D3 for <core@ietf.org>; Thu, 15 Jun 2023 14:11:43 +0200 (CEST)
Received: (nullmailer pid 11262 invoked by uid 1000); Thu, 15 Jun 2023 12:11:43 -0000
Date: Thu, 15 Jun 2023 14:11:43 +0200
From: Christian Amsüss <christian@amsuess.com>
To: core@ietf.org
Message-ID: <ZIr//zwFeql1YYFk@hephaistos.amsuess.com>
References: <168650947092.62266.18419070105597824117@ietfa.amsl.com> <ZIjsKLxLNCIOu70Y@hephaistos.amsuess.com> <050201d99ea3$007bee00$0173ca00$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="hG+mc16YVLbsDb9I"
Content-Disposition: inline
In-Reply-To: <050201d99ea3$007bee00$0173ca00$@jpshallow.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/xol237i7KFXHNLQ1j7rmRUTYDlM>
Subject: [core] Request-Tag and Block2 with present but unfragmented payload draft-ietf-core-attacks-on-coap-03.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2023 12:11:51 -0000

Hi group,

Jon's mail at [1] triggered some re-reading of block-wise transfer, and
made me realize an error in some assumptions underlying 9175: I was
assuming that if the request body fit in a single payload, that payload
would be repeated in the Block2 phase.

Apparantly that is not the case; this also makes me moderately unhappy
with the state of block-wise because it means that a FETCH can not be
processed as statelessly as block-wise promised.

I have no clear plan for mitigation yet; my current assumption is that
while the mechanisms of Request-Tag still work (especially the parts
that enable the Request-Tag to almost never be sent), it would not only
need to apply to all requests where a Block1 is set, but to all that can
possibly have fragmentation on either side. Further consideration
needed; also, I don't yet know whether that will fit the format of an
erratum or will need more.


who is now even more motivated to evolve block-wise to fix current
quirks and have some features of Q-Block without its caveats, but also
doesn't see when that would happen.

[1]: https://mailarchive.ietf.org/arch/msg/core/KKgoaU8B3T8mmtACKCvlx8mKvPw

To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom