IETF Logo Mail Archive

Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Sat, 16 February 2019 08:11 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80B8B129C6A; Sat, 16 Feb 2019 00:11:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DaMkRxxtvMnC; Sat, 16 Feb 2019 00:11:20 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6EF0128766; Sat, 16 Feb 2019 00:11:19 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550304562; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-exchange-diagnostics: x-microsoft-antispam-prvs:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=/hvyIIutT9H2xkHM87p32pr9fBAQ7YdAn/3v/F eYDBU=; b=Rfk0VEyqzccp5aJu2qWOSJxK/2T8Z7M4Rj95WEHt UBQ67pqwRUHYtcB78aJltXXl1ckXD5UD7CnczYBXatTZvWEfQB 5sQ0GAkERAbKcDIUv7LbSYkbLgb9yFDJPCT5c2VqyJSXfHk0sM CmRnj3VcTXFH24lrPEhUAcLRb1XlFlo=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 1096_142e_376f9ef5_625b_4f7d_a526_b0a68cc303b0; Sat, 16 Feb 2019 01:09:22 -0700
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 16 Feb 2019 01:11:06 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Sat, 16 Feb 2019 01:11:06 -0700
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 16 Feb 2019 01:11:05 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB3015.namprd16.prod.outlook.com (20.178.236.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16; Sat, 16 Feb 2019 08:11:02 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183%5]) with mapi id 15.20.1622.018; Sat, 16 Feb 2019 08:11:02 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-dots-signal-channel)
Thread-Index: AdS31vEPJD2qMb3JSyKP8BrrvaReRQNaC3bQAAAsgwAAI1p60A==
Date: Sat, 16 Feb 2019 08:11:02 +0000
Message-ID: <BYAPR16MB279010C73F70DC24809AD521EA610@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <787AE7BB302AE849A7480A190F8B93302EA0EC85@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190215150458.GV56447@kduck.mit.edu>
In-Reply-To: <20190215150458.GV56447@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.171.104.55]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f62e952b-0d9c-41ce-0480-08d693e64ae8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB3015;
x-ms-traffictypediagnostic: BYAPR16MB3015:
x-ms-exchange-purlcount: 3
x-microsoft-exchange-diagnostics: 1;BYAPR16MB3015;23:Cdx+lXNcv6z1W0v18JDNMzuHqF8jVJl78HI5mnxb9S6iX2sfGH2FDKk6sykKFgN0e2FHEV/A8LwyLQO0RgdkIiEbp0w//gnEvib94M3J71rpK02Up7Vf6xO8zz5ReGNPfNtE2SB+HBZ6KMlGuXPYnUOx9DHeX9zk0lu1RFJ1o+YEpTBm1wg0LB+Q4hQV/gzeAKFnKxf6QEqnfoXFMjNhZs7BTfp94SS5H4Tt/+SqFb6O3kM26gZDqyYT7bQmp9eU08JBTbJnT599CFK4KWwF6oCg8q3QoCbqMhXrF5n41z+MyQ4ImLTLf5X9XMHd+pyWVcEPoDQVER8Bd9UTN3ALju531c+mFMWSWpU2I3nWVupmLZyuBGUuS/Vn96hRrS/OfckAQfi7bCoTpDEx0f1r+YinuiNLmYoK+AUynmUE89uOOgtzTCLeYWrlzzZDbA48wonW31ZNOXk0WkrxrtGcQdYRNh1d+nzXNY/GSVRijEhD/16l7qPvlK08tkZe9nsuABJn3IthijUE+6SxJcocqU3xSqSeQ4WFhzdYs6TzjcKsFFb608nMpXEE8dpk2+p6MNrLfgg63rJX2ui9cNvM/OPEXfoqIpVu2hcbu2b+Pw184yTD2XBKJpNAlioH5p1yKSDSCd9Uls9JSDJCjJcl3zIneLAAypZUZRZ0MvbZnQ1kvJsKg+l1UmJ5pelE5QjtcVzA1NByeeBlnX84KEoAY5ZJ12OZJkr6YyBM82QsGbFXZXJcyubPZv3r8JQ5X8Q5PIx14vv1q9niTlnMeeivBkOO4WnT1FTVrcaQ/nmlgouxTLQie31M4/k03JvRYxGVDgl+7+WcZYB1rBH/+mQf+5330YvMfoximlEBt1bgqVUlKeM9fot5P8wSWkOb0D8uJ8N11MTmV45xZ1XGaMUYtpn3i6Oya9YKGbHDG5WTMjqix2cWcjy2TXeuS/q/TzP4r1ffllMpK6Yi2agUIDVPzOexqnos+iP5ZG4+22bRj8xF2Cs3P9ERzlJRrQDZzkwGmn7bgekm9lfuMZjQjP8hN4QUjpLfo5BYFeW1iQqP/XcBUsnCEnOp2WkpQ+hnJbGkbD8PX5piTB5RSxeTeYH+1ydg/HuV470tigqonK9yLpCHrNKxq83vugOv0435fwkzQ1IdDpeZ0wN4PiYG8lC2DnDCy48tVzPCQRWdJ2oIthAKTLBug3SdbPKVb6N6up6u1MA9DDAOCb6DWdw+zG1W0v+h+3hUBSjwPBXnRF8w8v5TlpgdBkIVEMxUeagK8fEv5rU7tiCmPkuScKFwDrl3IeGAQJ/Apu6pTO6hdoH+7ZqVvVbCQB3vKfXcHEiwSdNbcUBY4UnVLvLHnbGQ/10pFjwCU+TEvq6Wp5s4vGH9qUVy+bHKnSnpIegYnZrJq+JNZcrRgUAIJBHNyZLIz3cMlQVAcxM3LPuieC9ezDV73sw9XeBba9Hf+WNGVBu+S6OlzzAdpHKQ27J6ddfmgGFuWA==
x-microsoft-antispam-prvs: <BYAPR16MB3015BD329CBE3D72B8EEDA42EA610@BYAPR16MB3015.namprd16.prod.outlook.com>
x-forefront-prvs: 0950706AC1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(376002)(346002)(39860400002)(32952001)(55784004)(13464003)(189003)(199004)(26005)(86362001)(102836004)(446003)(11346002)(105586002)(486006)(476003)(106356001)(478600001)(186003)(14454004)(72206003)(966005)(6436002)(305945005)(256004)(53936002)(80792005)(5024004)(14444005)(97736004)(2501003)(55016002)(9686003)(6306002)(6246003)(7736002)(8936002)(2171002)(66066001)(74316002)(25786009)(81166006)(8676002)(81156014)(4326008)(229853002)(2906002)(99286004)(3846002)(6116002)(7696005)(53546011)(6506007)(76176011)(33656002)(54906003)(110136005)(71200400001)(68736007)(78486014)(71190400001)(316002)(5660300002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB3015; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 5OT7QmOyMu0bep9VwEXV45vbap49E/vc470cd8/1U8fVAX0yD3vikkZnHH+z5K+Vq+9LxjvJ897QAqQYkDqqBLD35MkAfIrNAz/xTtQFkXMorkeJgbfzZt5hl62SVf4IA3EGKw9gz6nchn2UnC/ycO7qRbuBTurjvBatFbIhY8+UY9PaSR4NzgNOjbQ05WhUf3KAQvqLXb5sdEGap+IdA89+708uhO4AlZwmVlG6hVCxJJAmXP84S7fDSXXBGFoFruHUkhROXZoAhHu/0tZjLSHjQvdiZ4/+QwFiNTZej9PFt2Y6TCS6YWJXbYIkv8xlD4KPYFoXzIvL2CvxGtYMNExA/iZxMVB4oO/rwhJTaFnKTN+tUS8ykmdIyPdvIeHmIGbrhR1mXf4/APs1SU0LI+yz0CheM9l7K6p3pxAnids=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f62e952b-0d9c-41ce-0480-08d693e64ae8
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2019 08:11:02.5842 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB3015
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6484> : inlines <7018> : streams <1813184> : uri <2797121>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/DdDDHOJlSRgt5kWenHm7dubv0DE>
Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2019 08:11:24 -0000

> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>
> Sent: Friday, February 15, 2019 8:35 PM
> To: mohamed.boucadair@orange.com
> Cc: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
> draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> Subject: Re: Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-dots-
> signal-channel)
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Hi Med,
> 
> Short form: I need to think about it harder.  There's some indication that the
> CoAp Message ID is at the wrong level to protect the 0-RTT data, but I'm not
> sure yet.

I don't think Message ID and Token are at a wrong level to protect 0-RTT data, https://tools.ietf.org/html/draft-tschofenig-uta-tls13-profile-01 discusses introducing a new CoAP option "timestamp", which allows the client to attach a timestamp to each CoAP message for the purpose 
of replay detection. 

Cheers,
-Tiru

> 
> Sorry for the delays; this has been a frenetic couple weeks :(
> 
> -Ben
> 
> On Fri, Feb 15, 2019 at 03:01:29PM +0000, mohamed.boucadair@orange.com
> wrote:
> > Hi Ben,
> >
> > What is the status for this one? Are we OK to move forward?
> >
> > Thank you.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : mohamed.boucadair@orange.com
> > > [mailto:mohamed.boucadair@orange.com]
> > > Envoyé : mardi 29 janvier 2019 14:32 À : Benjamin Kaduk Cc : Konda,
> > > Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org;
> > > dots@ietf.org
> > > Objet : Using Early Data in DOTS (RE: [Dots] AD review of
> > > draft-ietf-dots-
> > > signal-channel)
> > >
> > > Hi Ben, all,
> > >
> > > We edited a short draft
> > > (https://tools.ietf.org/html/draft-boucadair-dots-
> > > earlydata-00) to motivate the following text included in the signal
> > > channel
> > > draft:
> > >
> > >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> > >       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
> > >       The DOTS signal channel messages sent as early data by the DOTS
> > >       client are idempotent requests.  As a reminder, Message ID
> > >       (Section 3 of [RFC7252]) is changed each time a new CoAP request
> > >       is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized
> > >       in each CoAP request.  The DOTS server(s) can use Message ID and
> > >       Token in the DOTS signal channel message to detect replay of early
> > >       data, and accept 0-RTT data at most once.  Furthermore, 'mid'
> > >       value is monotonically increased by the DOTS client for each
> > >       mitigation request, attackers replaying mitigation requests with
> > >       lower numeric 'mid' values and overlapping scopes with mitigation
> > >       requests having higher numeric 'mid' values will be rejected
> > >       systematically by the DOTS server.
> > >
> > >       Owing to the aforementioned protections, especially those afforded
> > >       by CoAP deduplication (Section 4.5 of [RFC7252]) and RFC 8446
> > >       anti-replay mechanisms, all DOTS signal channel requests are safe
> > >       to transmit in TLS 1.3 as early data.  Refer to
> > >       [I-D.boucadair-dots-earlydata] for more details.
> > >
> > > This text and also the Designated Expert guidelines are implemented in -28.
> > > These are the two pending issues from your AD review.
> > >
> > > Other edits were also made to record what was agreed on the list.
> > >
> > > We hope this version is now ready to move forward.
> > >
> > > Cheers,
> > > Med
> > >
> > > > > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that
> > > "Application
> > > > > > > > protocols MUST NOT use 0-RTT data without a profile that
> > > > > > > > defines
> > > its
> > > > > use.
> > > > > > > > That profile needs to identify which messages or
> > > > > > > > interactions are
> > > > safe
> > > > > to
> > > > > > > use
> > > > > > > > with 0-RTT and how to handle the situation when the server
> > > > > > > > rejects
> > > 0-
> > > > > RTT
> > > > > > > and
> > > > > > > > falls back to 1-RTT."  So we either need to say which
> > > > > > > > client
> > > requests
> > > > > are
> > > > > > > 0-RTT
> > > > > > > > safe (and why) or defer that profile to another document.
> > > > > > > > draft-
> > > > ietf-
> > > > > > > dnsop-
> > > > > > > > session-signal is perhaps an example of a document that
> > > > > > > > specifies
> > > > which
> > > > > > > > messages are/aren't allowed in early data.
> > > > > > > > (draft-ietf-acme-acme is another, but an uninteresting
> > > > > > > > one, since
> > > > they
> > > > > make
> > > > > > > > every request include a single-use nonce, and all messages
> > > > > > > > are 0-
> > > RTT
> > > > > safe.)
> > > > > > > > Our use of increasing 'mid' values may help here, in terms
> > > > > > > > of
> > > > allowing
> > > > > > > DELETEs
> > > > > > > > to be safe, but I'd have to think a little more to be sure
> > > > > > > > that
> > > > > requesting
> > > > > > > > mitigation would be safe.  (On first glance the
> > > > > > > > session-managemnet
> > > > bits
> > > > > > > would
> > > > > > > > not be safe, but I may be missing something.)
> > > > > > >
> > > > > > > The draft only uses idempotent requests (GET, PUT and
> > > > > > > DELETE), and
> > > CoAP
> > > > > is
> > > > > > > capable of detecting message duplication (see
> > > > > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both
> > > > > > > confirmable
> > > > and
> > > > > > > non-confirmable messages.
> > > > > > >  [1] An attacker replaying DELETE will not have any adverse
> > > > > > > impact,
> > > > 2.02
> > > > > > > (Deleted) Response Code is returned even if the mitigation
> > > > > > > request
> > > does
> > > > > not
> > > > > > > exist.
> > > > > > > [2] The techniques discussed in Section 8 of RFC8446 should
> > > > > > > suffice
> > > to
> > > > > handle
> > > > > > > anti-replay (e.g. an attacker replaying a 0-RTT data
> > > > > > > carrying an old mitigation request replaced by a new mitigation
> scope).
> > > > > > >
> > > > > >
> > > > > > [Med] FWIW, we do already have this text in the draft:
> > > > > >
> > > > > >       Section 8 of [RFC8446] discusses some mechanisms to implement
> to
> > > > > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > > > > >       server accepts 0-RTT, it MUST implement one of these
> > > > > > mechanisms

v2.23.0 | Report a Bug | By Email