Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
Benjamin Kaduk <kaduk@mit.edu> Fri, 15 February 2019 15:05 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3469012D84D; Fri, 15 Feb 2019 07:05:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b25bBT-IypOg; Fri, 15 Feb 2019 07:05:06 -0800 (PST)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05on072d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe50::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28A41124D68; Fri, 15 Feb 2019 07:05:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WWXtzxXewbk8YV6zZEnaQQuNuEX/jV5d9m8Y6AOCBWA=; b=c3Tjeog349fYjpcsddz2xwh4+7cluQ0wTbkBNKB20oNxDkksYVDkD4evgq8howwfGANYbJ44owNg6h9wWNlMNdVP93aqqS1e47otS8yKN6ZlN9SInc2NNY9RATx13a5AipVvMSDug1jebgoW9mu2OsFcCzvT67zvwM6RT82Ars8=
Received: from SN2PR01CA0055.prod.exchangelabs.com (2603:10b6:800::23) by DM6PR01MB4860.prod.exchangelabs.com (2603:10b6:5:6d::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16; Fri, 15 Feb 2019 15:05:03 +0000
Received: from BY2NAM03FT062.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::202) by SN2PR01CA0055.outlook.office365.com (2603:10b6:800::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1622.19 via Frontend Transport; Fri, 15 Feb 2019 15:05:03 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by BY2NAM03FT062.mail.protection.outlook.com (10.152.85.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1580.10 via Frontend Transport; Fri, 15 Feb 2019 15:05:02 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1FF4wmV000731 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Feb 2019 10:05:00 -0500
Date: Fri, 15 Feb 2019 09:04:58 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
CC: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20190215150458.GV56447@kduck.mit.edu>
References: <787AE7BB302AE849A7480A190F8B93302EA0EC85@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(136003)(346002)(396003)(39860400002)(376002)(2980300002)(55784004)(199004)(189003)(229853002)(336012)(26005)(246002)(106002)(75432002)(8676002)(2906002)(186003)(305945005)(6246003)(4326008)(426003)(8936002)(33656002)(316002)(36906005)(1076003)(58126008)(786003)(54906003)(2351001)(476003)(6306002)(126002)(106466001)(14444005)(53416004)(486006)(26826003)(2870700001)(446003)(478600001)(50466002)(356004)(7696005)(47776003)(6916009)(86362001)(76176011)(956004)(88552002)(104016004)(966005)(23756003)(11346002)(55016002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB4860; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9d8e38ff-b2aa-4927-764e-08d69356f670
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060); SRVR:DM6PR01MB4860;
X-MS-TrafficTypeDiagnostic: DM6PR01MB4860:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4860; 20:vAgVHNme7FiO8A5bQB701Og9oWKPa2ep09HfEttl6Ot5otO1++5N+z2wVbDvIWaUMV+tYAl4Io593QUfHFtHGIQXwV2Bv40JEvh+G7tobb1MAQ5pRi8XE0ZC8ZnA6/1O/qKPqqO9JZBs0ihfXjp4FUUmpoAzOFeBX1mnE350eGFE/l8pY4woOg7SktvvDtbw4aZU68QcXgLle0pfc6yT1+Jk5Stcxmtk55c10X3rZq7KSvb6Z6RCDvb8XqrRqVonrlBE8R0rhKw+7KJsRRrI8J7I/R6WkiOALuuVhhuXUKA2PMpuC+SIGipuH5JMYozflXpCFZMCaCDwIf2LjQ/WrublJoLaZ4dq2NhG5xG3IObZfSun13jVOFQOOb1+E7IbuihtD2I4Czr68dwDd7ObLIkcWJNdcyx2b9ivdEElyVDsmB97H34Kjvcm1iWowc4GNnCvdc9/rlr5voO7Wst9Vud+C9mX/ZBRZ82GpuT8cbqsd1aI5El50Dx7O0bg9wvE6DA85smKg/ikLPT68yT8XH8vMoMhnaErnYsnPs6ytmvsiNWkGX8+JYGUs9ck/97Vy+pK0t7slPBfENgng0x8bzFIDQHDFwK30nbSoL1wjro=
X-Microsoft-Antispam-PRVS: <DM6PR01MB486050D976FDB7AB80E798B2A0600@DM6PR01MB4860.prod.exchangelabs.com>
X-Forefront-PRVS: 09497C15EB
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4860; 23:jtYSNXyqefW57/rGNvNNeJa/vRjc8HbLZEPXKxWcDfrykJE6qflRX/uT2MnojG9Lbsagwxj6JWdaWSTmeSMjUQlI6z+9aI/PCN0i2qQ5tcpmbQMgiuWNVVisSCHOw+bpT7xCcwbO3lG6XOhujGIL/xqkmEwqS5wF8NkRdrp+x6QbwDnDTELtACjMQkHEBUNEXKMgorI5qUXGw25w/y7qzqh2utU4IvSYUW5t4L5C9mdcXyg0D/640egSwTKy0KDoOx5E6Mot0jPUy0dbX+pG45AxkvPa0oELyIAEnCkcOqGRv2U0wnUiU5ClCXRPXMOCHiGhLLtwzpL9nik7wYRkCzSU9uFW6hSzWemv3Ev7NI3YDuqbydBP+Er6Pi6fkhf4qchBI9uCJIyeWYLiTPVvat9pbTvtHN0lPeJl1izpJX1bZleTDWI/YUxORd/i7T7kCbO08hsorN/oDY3ILtngJITNSoao+MyMWOZ2wsCBcExSbN/ZODbAqCQG/Mb0EJJni+Ha3+9FrBUn/QOJaWQmLH7SN+xt77OVJ2PwUsu99Fdk6ec6JbOb+WE55pi+Uwk6Ly5ID9gBIuN5iA53HKbpvIsQDX3TEBCAP4Oli9V0l3VE11Hyipywawob4UI+IuFVhFJxpBkd191i+c9qNDfWfrWc7J5kEhvZqtO1zajVwKbIZteAASviKv6GPzFGwAEztI4PCjA/jLflAI5NeapsQLoy92zRhehaNAPZr97qMstKQpXqsOB3/L4sAyO2WvLAlgd9Rp74sVD0aRlsf3fzCOhL4Je/foeUFVLO87Fp4A4YpdEEMUTG1ZlUZlGam+TMPo716txRn7oLxs+c9ZylqXTY/O7aUEqEyWEnPXxhXYud/7W7hqggfDb28z8v/oTGgc7RNt5PzXo4lTAdONvqPxdUDRY1C6zGVWWjbhlh0V10rx60RmlblWHc/nRgwc2b74EdimNe8PfJiwvkhmtxgJjCQ07mEhbgV6TZ8rdjGYTvTr+Fa+Gh7+lQdXGtBGv1WmzMm/MpGMadkL4UqPnx97dpPVquRKd/F5+3+JLrU2rXamlafZMl5ZoGOmWGkROnBDCcX0bl7tH+JlFF0YV/yWBs9+jFZtZPQNMIZKew/dh7LBqAmH7zJgfewsKY7TnE/ZjOnAATWnnMyR4EEeiseJtK3Hax4z9yT0/JhxV+6/lQsYDRxaxD1u1sW2lz8mXN2SnteHlbfvdmpkgKPYxSAJ/LTTdyTSB0KJInyXrtbpc=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: tvuWNiBz9qQoJXgyNj49/uGLJBAWDSLe/WPJznKiop4BByBJOL//K3cZ/ioSnGfMsw16Otg49+DMP1Qj+ybFNc4NDT9HWS+k3+LMKt/RTQbRVqHpU/U2/byoh6t4foA/RFxTEJ6bnUkpWKd9I/Hlf+sfQMGn56Tvt+GOKGEVP2PeXTZpq/QW8S24tpfAWEaLK6odcFSEb0n+K9oFLi4tyFsyO0iVTkE6u6FedyhNLHStM3njyijHKUPFfBrOeJ490Puu6MKb4Oqa8A8tG2VPAAZaDu8dSrTxvf/TNZGAANGhWwRHtcck3TbrUTVlOp6cOOcvVIChdpe7ztRGmAa4UCzehAd1OCW0NUSBzWTsXPc5H+cIgJmZcPGN6C1sFmseHW6O/qILnAqAacqReQy5KAFjbba/nqD1TV+0Uy31GHc=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2019 15:05:02.7137 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9d8e38ff-b2aa-4927-764e-08d69356f670
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB4860
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/2VHzoHqoeg_dJFft3QybnZ2SMIs>
Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 15:05:09 -0000
Hi Med, Short form: I need to think about it harder. There's some indication that the CoAp Message ID is at the wrong level to protect the 0-RTT data, but I'm not sure yet. Sorry for the delays; this has been a frenetic couple weeks :( -Ben On Fri, Feb 15, 2019 at 03:01:29PM +0000, mohamed.boucadair@orange.com wrote: > Hi Ben, > > What is the status for this one? Are we OK to move forward? > > Thank you. > > Cheers, > Med > > > -----Message d'origine----- > > De : mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] > > Envoyé : mardi 29 janvier 2019 14:32 > > À : Benjamin Kaduk > > Cc : Konda, Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org; > > dots@ietf.org > > Objet : Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-dots- > > signal-channel) > > > > Hi Ben, all, > > > > We edited a short draft (https://tools.ietf.org/html/draft-boucadair-dots- > > earlydata-00) to motivate the following text included in the signal channel > > draft: > > > > Section 8 of [RFC8446] discusses some mechanisms to implement to > > limit the impact of replay attacks on 0-RTT data. If the DOTS > > server accepts 0-RTT, it MUST implement one of these mechanisms. > > A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest. > > The DOTS signal channel messages sent as early data by the DOTS > > client are idempotent requests. As a reminder, Message ID > > (Section 3 of [RFC7252]) is changed each time a new CoAP request > > is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized > > in each CoAP request. The DOTS server(s) can use Message ID and > > Token in the DOTS signal channel message to detect replay of early > > data, and accept 0-RTT data at most once. Furthermore, 'mid' > > value is monotonically increased by the DOTS client for each > > mitigation request, attackers replaying mitigation requests with > > lower numeric 'mid' values and overlapping scopes with mitigation > > requests having higher numeric 'mid' values will be rejected > > systematically by the DOTS server. > > > > Owing to the aforementioned protections, especially those afforded > > by CoAP deduplication (Section 4.5 of [RFC7252]) and RFC 8446 > > anti-replay mechanisms, all DOTS signal channel requests are safe > > to transmit in TLS 1.3 as early data. Refer to > > [I-D.boucadair-dots-earlydata] for more details. > > > > This text and also the Designated Expert guidelines are implemented in -28. > > These are the two pending issues from your AD review. > > > > Other edits were also made to record what was agreed on the list. > > > > We hope this version is now ready to move forward. > > > > Cheers, > > Med > > > > > > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that > > "Application > > > > > > > protocols MUST NOT use 0-RTT data without a profile that defines > > its > > > > use. > > > > > > > That profile needs to identify which messages or interactions are > > > safe > > > > to > > > > > > use > > > > > > > with 0-RTT and how to handle the situation when the server rejects > > 0- > > > > RTT > > > > > > and > > > > > > > falls back to 1-RTT." So we either need to say which client > > requests > > > > are > > > > > > 0-RTT > > > > > > > safe (and why) or defer that profile to another document. draft- > > > ietf- > > > > > > dnsop- > > > > > > > session-signal is perhaps an example of a document that specifies > > > which > > > > > > > messages are/aren't allowed in early data. > > > > > > > (draft-ietf-acme-acme is another, but an uninteresting one, since > > > they > > > > make > > > > > > > every request include a single-use nonce, and all messages are 0- > > RTT > > > > safe.) > > > > > > > Our use of increasing 'mid' values may help here, in terms of > > > allowing > > > > > > DELETEs > > > > > > > to be safe, but I'd have to think a little more to be sure that > > > > requesting > > > > > > > mitigation would be safe. (On first glance the session-managemnet > > > bits > > > > > > would > > > > > > > not be safe, but I may be missing something.) > > > > > > > > > > > > The draft only uses idempotent requests (GET, PUT and DELETE), and > > CoAP > > > > is > > > > > > capable of detecting message duplication (see > > > > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both confirmable > > > and > > > > > > non-confirmable messages. > > > > > > [1] An attacker replaying DELETE will not have any adverse impact, > > > 2.02 > > > > > > (Deleted) Response Code is returned even if the mitigation request > > does > > > > not > > > > > > exist. > > > > > > [2] The techniques discussed in Section 8 of RFC8446 should suffice > > to > > > > handle > > > > > > anti-replay (e.g. an attacker replaying a 0-RTT data carrying an old > > > > > > mitigation request replaced by a new mitigation scope). > > > > > > > > > > > > > > > > [Med] FWIW, we do already have this text in the draft: > > > > > > > > > > Section 8 of [RFC8446] discusses some mechanisms to implement to > > > > > limit the impact of replay attacks on 0-RTT data. If the DOTS > > > > > server accepts 0-RTT, it MUST implement one of these mechanisms
- [Dots] Using Early Data in DOTS (RE: AD review of… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair