[core] Denial of service for clients: draft-ietf-core-too-many-reqs-04
Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 19 October 2018 05:45 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDF4130E2E for <core@ietfa.amsl.com>; Thu, 18 Oct 2018 22:45:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.365
X-Spam-Level:
X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Zeyvg5Eh; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Vh+DW1GO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOv4FzMarIZq for <core@ietfa.amsl.com>; Thu, 18 Oct 2018 22:45:41 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BC73130E3D for <core@ietf.org>; Thu, 18 Oct 2018 22:45:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1539927937; x=1542519937; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=xdPeR9zHs7zC08jAK/fj0jXCxBcGnDh0mW7RtPtOigY=; b=Zeyvg5EhX0sh9VlIDiFpIX4odXWv/NqOerGrEsOq3SlvxXHO5PS/iNej0C01MrOc zY+zhhcS6Drm2o6pWWEqqIERMoVjx/7nqvfMk3Ds0z3Adwwc9F5QVX6EmnZ9QaV4 zd91UeTGeaHurneteVH9Hhlw8KqgkeDHu4IKVZQK9M8=;
X-AuditID: c1b4fb25-a0b8c9e0000018b4-0e-5bc96f818614
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id C1.89.06324.18F69CB5; Fri, 19 Oct 2018 07:45:37 +0200 (CEST)
Received: from ESESSMB501.ericsson.se (153.88.183.162) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 19 Oct 2018 07:44:41 +0200
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 19 Oct 2018 07:44:41 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xdPeR9zHs7zC08jAK/fj0jXCxBcGnDh0mW7RtPtOigY=; b=Vh+DW1GOgOyLsjPIagTAThwOhXpKtxhq0HXnh7Ko6owSSHz3LWlCl8uN4swbDYmB2FQ3F37jd7k3yUKq9kFrvrhVB1Yxr8wKT+y4HXw4DCsB6XewQ6tTeSeglG3xKkwxNa4JaSMhjvms18158W0lYTIHqof4CgC8omDQgeDCk2c=
Received: from VI1PR07MB4717.eurprd07.prod.outlook.com (20.177.54.82) by VI1PR07MB4493.eurprd07.prod.outlook.com (20.177.56.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1250.18; Fri, 19 Oct 2018 05:44:40 +0000
Received: from VI1PR07MB4717.eurprd07.prod.outlook.com ([fe80::8412:d8ae:dfa0:c61f]) by VI1PR07MB4717.eurprd07.prod.outlook.com ([fe80::8412:d8ae:dfa0:c61f%4]) with mapi id 15.20.1273.008; Fri, 19 Oct 2018 05:44:40 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Core <core@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Denial of service for clients: draft-ietf-core-too-many-reqs-04
Thread-Index: AQHUZ27UAMFzPkRpTUWNJsOL7+2ePg==
Date: Fri, 19 Oct 2018 05:44:40 +0000
Message-ID: <1d5f2c7e-1feb-ce57-b130-31b654eb056e@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
x-originating-ip: [89.166.49.243]
x-clientproxiedby: HE1PR05CA0185.eurprd05.prod.outlook.com (2603:10a6:3:f8::33) To VI1PR07MB4717.eurprd07.prod.outlook.com (2603:10a6:803:69::18)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB4493; 6:EwiWZTUhx91PtIMFb8PWPIDfxOMTqCq9a4SVkW1Kcr3e5Nu0PpsQ34qZdsa4PA+JPj9/t+Gosq0b9KYSGJVre1/uxtN2nc1RVO8EQzwjiFam8BbMQcMfFGm04p3/NVYF79bLaIyv7ntwVulYtoMiE4AUYTZpoiW7is4Kcoo03SohK65t+eA4W6/va3Na3lsmfhrzBT1uxVqqg4K6eKrYLgVHAvTJbCfZpO/XsVZJ8SaclqAstXoavK470dE2SqBkcEgYVNm+lBHpNVDOcPmjw6x3vdjP20TelGAKQsoPUimZzn7ov3XXqa1q68J0EILpyKQU0jlv168GTlBRdWF16J3F4VhuentHNZkHJcx8hPG95c3RxOyL5eW33K3tPsPIWCn1FCxAn/l6r+xyURQrnxFSKR3U4k98M2cKX78G3gTnpaCt2NCHXVt7D2Iv5h/RfJ9oWPhDB12Tv3nZrHk26w==; 5:0BCHF2vUsuGmiundYXDCou08EXV6WDNAmxkObq8qSWtjgpMKSeQUrnmp8m6USPKo3eVkl0qUfbtZr7Xl9cQvjxY3AakTZVaqbUoi7h5QGmIkwyTTnbPIW2v2+2MdWes4PRVdjsDnshiSKVzBNG1doSnz4sQiT4t0OumH90ksQt0=; 7:yQPT+A+xW7BqVHvtcTD/PRXmVXkQlbrIOHGeWRsu7O5rELm5Z/+MuGm4RSLHrjeFWcrweo78oEDwVcEihn93kJoTKFijAIsGyQB7DN/MVe/a78UE70ICc0WJXYiEwsYsJgfhiqtzmniJ5j++D5kgSifcR0NbiUMo/YgAq/Wxux8+1SY5fIlvqsAOXTrZqc/ZY2/TF3qzlBpuLSXW6DrIdoXYUR43BvSpZ7kUh1nnIhqLBHfnwCrJPEuHnkd9nICv
x-ms-office365-filtering-correlation-id: 2179a8f7-f20a-4003-9bdf-08d63585f608
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:VI1PR07MB4493;
x-ms-traffictypediagnostic: VI1PR07MB4493:
x-microsoft-antispam-prvs: <VI1PR07MB44931F1DA7C09A79136BD813D0F90@VI1PR07MB4493.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231355)(944501410)(52105095)(10201501046)(3002001)(149066)(150057)(6041310)(20161123560045)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:VI1PR07MB4493; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB4493;
x-forefront-prvs: 0830866D19
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(366004)(376002)(346002)(39860400002)(189003)(199004)(3846002)(105586002)(31686004)(25786009)(478600001)(26005)(106356001)(2616005)(256004)(65956001)(476003)(65806001)(2906002)(31696002)(64126003)(66066001)(102836004)(6116002)(486006)(110136005)(450100002)(14444005)(81166006)(58126008)(8936002)(8676002)(186003)(2900100001)(81156014)(86362001)(14454004)(71200400001)(97736004)(53936002)(305945005)(52116002)(68736007)(71190400001)(65826007)(316002)(7736002)(36756003)(6486002)(6506007)(5250100002)(99286004)(6436002)(6512007)(5660300001)(386003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB4493; H:VI1PR07MB4717.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: gKB1hU1Ojey0JAReOdole0AIi33at3G1z2Z66YzlusH7qG36AeX+AIMZyb/zOw9s4HELwwwbDfTfSj3IyZFXlUVllu7b9zRlAbC7O1DofloK/s0uAmqNn9y2WFMMRmPiPdhHe1GpP+yg30T/OgrxGdhbQ46sir2WfhF9SuNEa9H+rD6SavR6l5Wx/zlYQBO4/DLS8E/NDXuzVyyx9+a0XbG+tFx1kYgBh/DBdGGTQq9jidQvstgPce6IgST+J6UW7wdtdadgOkw3wMyL8C5gsIbGsPYfBgw7H0MUswUqmdcb8u5rzFP3hefKgF36rvyg+zDS7vzaILixnhIUMu3qYyrGWYIC7qPicCZl5IlS0Gc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <69C62B8FE3C48E469B056B4E6D20C5F3@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2179a8f7-f20a-4003-9bdf-08d63585f608
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2018 05:44:40.4673 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4493
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SW0iTYRzGe7+D+zZafS6dfwwLB2JZzSMpKll0sy6kgi6WUm7llzN3sM1j FzXRK23l+dSFVpPKI5hlmC4cWU481FY6JLDlYghpJraKZrXtW9Dd73n+z/u8/F9eChfUkOFU vrqI0arlSlEQj2iTDpceqtBYsuNct3ekmFYH8JRWTx1+FJMYjT+xUyiLl57LKPNLGG3sERlP UdGQWujmlrXMRevRW2414lJAJ8HrSQ9ejXiUgJ5AYOqzB4QbwZ35WYwVRgxaTeOkTxB0LQ6L wz1B7KQeA9PIC4IVHxH0ro0TvuYgOg4aGh9wfBxCJ8Ds5g/k4120BEa/2LwZyutnwpKby0bE oF/v98cJOgr6zRbMx3w6A54sfwryMaKF8H2q1+/jdBgsOjswdgkajKNzOMuhsLL8m/RxKC2F SssWwfqRMLPm8K8DdBPyFtlJtvQcrP+5FSg6CDMLTsRyBFg7agJs4sBGczDLmdBlnSTYolcI bPUekh3EwNBYV+C2Avh671uA02Bl9lkgswe6DY7A4ec4LNS9x2tRfPt/G7V7Hwan98PASCxr S2BqqAmxHAmNNQ5Ou/9hgsHS5iQ6EdmNQnWM7oIqLyFRzGjzL+p0GrVYzRQNIu8XGR/6FfUU 2T4fMyOaQqLt/GKFJVtAykt05SozAgoXhfB7znotfq68/Cqj1eRoi5WMzox2U4QojO9IfpQl oPPkRUwBwxQy2n9TjOKG6xG0SEekdqGqwap33SuW2GyHM970cVQbMTsHnQZr0qXME/Nxj/fd d1wpdVduVm8ljr2ce+daE0VrVmXD4tLracLj1g6l57zig+xyOOQ4DmwLTpc5r3FU04Ibd5ea z0QMVqqny05istVGe1UtOdHbeTP1dLLQsNdcZcAiB1wPRYROIY+PwbU6+V8Hk2MWHgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/zA55NsKCIAn5BX7w1aIpgZ9VPrY>
Subject: [core] Denial of service for clients: draft-ietf-core-too-many-reqs-04
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 05:45:43 -0000
Hi CoRE, I quickly went through draft-ietf-core-too-many-reqs-04. First, could you add a reference for the Max-Age option (Section 5.10.5 of RFC 7252)? I see that the security considerations section mentions that if this response code is used unprotected, a client would have to wait for an extended period of time. Perhaps it could state more explicitly that without any security, an honest client can suffer from a denial of service attack where it is blocked from requesting a resource that it wishes to access. I looked at RFC 7252 and found that an attacker could potentially block a client from requesting resources for 136.1 years by specifying the maximum allowed Max-Age. This would be considered a major denial-of-service for honest clients. Perhaps you would want to go further and say that this response code SHALL/SHOULD be authenticated and integrity protected? --Mohit
- [core] Denial of service for clients: draft-ietf-… Mohit Sethi M
- Re: [core] Denial of service for clients: draft-i… Carsten Bormann
- Re: [core] Denial of service for clients: draft-i… Ari Keränen