Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
Benjamin Kaduk <kaduk@mit.edu> Mon, 04 March 2019 16:07 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37B212D861; Mon, 4 Mar 2019 08:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96KVQRlIvMrh; Mon, 4 Mar 2019 08:07:48 -0800 (PST)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710109.outbound.protection.outlook.com [40.107.71.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A0E212F1AC; Mon, 4 Mar 2019 08:07:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DqaQhg+FeTJHUcHhSQcwsK4ioNxZai9w1o2hBQmodtU=; b=rqKV8iKw+TFluNQY1ypW7I++wgqHtt2IFM1yc0CbGBF46JVHKGS+RRqI7FXcdkIrPu8JRx6xfUWVurIG3bdw2N1zdZJ6pO5yOuF10Qh5/t/3bIPGkjwJf2c6SX97wq1GXQN5svL5/ZMT+STF5oqN8krrmD1SB4CGvnaANIL3RAc=
Received: from SN6PR01CA0030.prod.exchangelabs.com (2603:10b6:805:b6::43) by CY4PR01MB3287.prod.exchangelabs.com (2603:10b6:903:e9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.18; Mon, 4 Mar 2019 16:07:45 +0000
Received: from DM3NAM03FT012.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::206) by SN6PR01CA0030.outlook.office365.com (2603:10b6:805:b6::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1665.18 via Frontend Transport; Mon, 4 Mar 2019 16:07:45 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; mcafee.com; dkim=none (message not signed) header.d=none;mcafee.com; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT012.mail.protection.outlook.com (10.152.82.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Mon, 4 Mar 2019 16:07:44 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x24G4dqD030383 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 4 Mar 2019 11:04:41 -0500
Date: Mon, 04 Mar 2019 10:04:39 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>
CC: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20190304160438.GA31937@kduck.mit.edu>
References: <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190215150458.GV56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA20406@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190218162322.GI24387@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA21AC0@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190227155729.GL53396@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA2680B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB2790C6F98C259154C2AC200AEA750@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA26AD5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB279020EAC0BD03A67B6BE253EA710@BYAPR16MB2790.namprd16.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BYAPR16MB279020EAC0BD03A67B6BE253EA710@BYAPR16MB2790.namprd16.prod.outlook.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(39860400002)(396003)(376002)(136003)(2980300002)(189003)(199004)(13464003)(305945005)(6916009)(246002)(8936002)(23756003)(26826003)(30864003)(478600001)(55016002)(47776003)(50466002)(229853002)(88552002)(7696005)(8676002)(2870700001)(2906002)(53546011)(356004)(6246003)(5660300002)(93886005)(76176011)(53416004)(316002)(36906005)(86362001)(786003)(75432002)(26005)(54906003)(104016004)(106002)(106466001)(186003)(4326008)(66574012)(33656002)(14444005)(5024004)(58126008)(11346002)(426003)(446003)(336012)(956004)(126002)(1076003)(476003)(486006); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR01MB3287; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c35bb6b0-48df-4d19-7a80-08d6a0bb89fb
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4608103)(4709054)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:CY4PR01MB3287;
X-MS-TrafficTypeDiagnostic: CY4PR01MB3287:
X-Microsoft-Exchange-Diagnostics: 1; CY4PR01MB3287; 20:rlJin87+ZBT3gs+G1KBFxSJmvBoiJ8pBhLPbzP1BlYz0r5ny1q5k5N4n0Zqqgz3E9LB67iV8/cEgcNRrjKuUPt347sKpUkwjkHJ+Z4hI8hr8PAzNZnyBlW7WpHSCLEJZwRT+b9IJ6iQbq+uQSNavcRwcQEqTRmid3ibWJWEn/LMW7KVyfSTEAheymhlmRUavsssj/MoikxFO9vzBWUaWvohlHwWvNzzcAKIlsdxJfjaXdVQJGvI4ED9AmZs+X1wZ9nYzHhRk9w48nDzSLMLPJKuaqYzXTfzHp4ixjWj8mqQMc3+4Gu8Wf6PC1vdOstKDOnS0ORb7wDFy+ZeKcOSSl/FOG1JMxQkTq04XA7LjAUGwvUUbawDzaHqe7QbujsljbaA/4t2eaQT6LDCt+qiIWzBTYXyEQMmNg4cgOV4gxkkoCVUBE6yXjWE6mfNFtatp37AGTdEFkz7+t09PcNvRzb5PbsDmKAi+g0ofMdQwm+Tctxk5vEB8DRCxIqnH+HaB+xwPtQA5Z1VlkC62giQdtJ5cmDTGKPRdI0vObpZiuitn4pc9sfH6LotHwcr9VDQ/w9jDbASOCn56aRxPNAmdwDflyKMZ14AXW/969lO9Gfc=
X-Microsoft-Antispam-PRVS: <CY4PR01MB3287D2EAFDB86710A6B7D81FA0710@CY4PR01MB3287.prod.exchangelabs.com>
X-Forefront-PRVS: 09669DB681
X-Microsoft-Exchange-Diagnostics: 1; CY4PR01MB3287; 23:b3kRha45LQzuFcDVCRNjpdsShJfX19bCEmgAdK2wkYsL7jJOh3oxU5AZf3r4akpjCIkYnX3Z2XotvqPULt+FcgRey/PmG2XMVA+TwFN0hlBbuhc7g4oIBSOflEx+cc619Wy3JGdyFU/mxGuMIfrSWoAL7pUtJwPQnMxvyYIV1dumKpTMI5LVNknFPESQYa9qPYr1XH7LWq+ois9nJRx1nxkY1bsd+CiK2pu6B3+on6nPuHfRAS02xwnaYtUmKw0gtfSXDeDfgmI2457KzN2ZgyNj+UsgKn0/MD2KArzPdv2B+46G/nfpVitNeV1oprod0I0gDnEL9hncHbuqNGWx9Shxld1OYs/jYYq8uv7rjGAe3ja3eQj2nLjXopTjOGPFT17iwQhhGaovqiNKs6LwkBZg9gkg+mqrYyh66v52y8b5HYNAXEUatpLa/mkGkNWWcZrY/uIMtxzcrDzIoZQgrziyvmtnOiLfRCRuyEii3MOQ56F+NtC2Dd5xoelVAFuWmEopGW6QxnS/Rbnjn3UlFVpzo4T0kzPGKamR8OJLLxEv1IlPnmMBlAWyVh5qndRYzK3vJqDWU+fztgHaW7TZFThGTfFAC4nLwxph0bxNB70KTXaIbJxcuhblpNBi4IfTEPgKQamUPy+FpbK12CuriiCeympGva2Ju0GgLe9/W5wTMrvIZyZl5gDM7ByILMEp5B664ME8eFsILElREevN0jYromE/59Go3yu18jbFBoTNJF1LkABCvsJY7FP5syvVjQ5Xwifkz7ToScJghvOws1q84K/p7ZjAwJIOLvC6aqehJ0yo4kRuuShfTiaemoLcALZTDcqMV9hi5Lw4CWI1CdMFDdnE7cSx4uc3cCIUDaAuYFQevDwV2I4pROQGUkPbSi5Avw63WHQJk/K3u2mgbepBESDa50d/I44oVTfMiUy8yC6RBP2b/If9Wv12lBBmpya994CkWCStFcgjlxNynIyE4nVh4TKf3GpwwiDxgYPqrnf6IcHOYbf3yKWo4jYsokdOqFnUQeYCikscqCaG6y3DGYCZzPeBQk+YQNUNZx8vFvIHdAdNA43DtIPgmVNGYYncPePP4jjdcGWh/TBEAzXMipGLz1/Fz+2iw+R8X1o2MeQj7OWYrPLdBqMzB/VHSw/288j36AmmxolwtZYgdZvFzJpyOmBaxCMST8iTfghrZTIgDODZffqjXudLKNDHDIFNaCM4fYCjp0gj08HTITN2PNz9vh6zvRMqrv4AnA/y2oWZoncY+nsOm3MwZ1TYkY8NLqW6CGPPBTKiLtKLnQ==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: TPgc9Pzr6wO2QV+4wnAVfRW+KTKR1Bfnotmzy2hQSmCEU8YsrlGrx6AghLAhON7PZUB5JOyT7rH/Rdn/FqYJib3cqKb5ArZjtoWdZi0NDzn4Ldl8JW4Nx+PCRX4weUAYU1/ahHzMDnyvh5WhRlVO1L0aL1OQfpWAPDk2Eq+NObSQJ60Ikz+L16BatAHc+HdAWYwTnMuC+y9vCOLDzWY2SNcHWUayW83Z55sUPm8POoa2Z6zv/XI1CwZx04JE2hMrzHC0DGzvsiITmJwBrYouadGE3v9L4brtdb7DOPQHk27ZrRW6rkD8I1iR+HQ/Odx81/Hl4iuTe/HP9gtZeJGI6OjzizeR5kZ+WSLaCypEJDexOlAKC3AOJUbU6sRSSTeI5n2FIGRfekCbAwBgECs5TTGh601BaoX9Si5AT6yw0go=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Mar 2019 16:07:44.9058 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c35bb6b0-48df-4d19-7a80-08d6a0bb89fb
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR01MB3287
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/HgBS9-jHt7uQqM0CK1qz-46WSFY>
Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 16:07:52 -0000
Please go ahead and publish -- this is good enough for me to be willing to start the IETF LC, though we will probably tweak it a bit more still. (I'd like to keep the data channel and signal channel docs together through IETF LC and IESG evaluation to the extent possible.) -Ben On Mon, Mar 04, 2019 at 04:01:47PM +0000, Konda, Tirumaleswar Reddy wrote: > Updated text looks good to me. > @Ben - Please let us know if the proposed update addresses your comments, we would like to publish the changes. > > Cheers, > -Tiru > > > -----Original Message----- > > From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> > > Sent: Thursday, February 28, 2019 6:39 PM > > To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; > > Benjamin Kaduk <kaduk@mit.edu> > > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org > > Subject: RE: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots- > > signal-channel) > > > > This email originated from outside of the organization. Do not click links or > > open attachments unless you recognize the sender and know the content is safe. > > > > Re-, > > > > I rearranged the text as follows: > > > > OLD: > > Section 8 of [RFC8446] discusses some mechanisms to implement to > > limit the impact of replay attacks on 0-RTT data. If the DOTS > > server accepts 0-RTT, it MUST implement one of these mechanisms. > > A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest. > > The DOTS signal channel messages sent as early data by the DOTS > > client are idempotent requests. As a reminder, Message ID > > (Section 3 of [RFC7252]) is changed each time a new CoAP request > > is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized > > in each CoAP request. The DOTS server(s) can use Message ID and > > Token in the DOTS signal channel message to detect replay of early > > data, and accept 0-RTT data at most once. Furthermore, 'mid' > > value is monotonically increased by the DOTS client for each > > mitigation request, attackers replaying mitigation requests with > > lower numeric 'mid' values and overlapping scopes with mitigation > > requests having higher numeric 'mid' values will be rejected > > systematically by the DOTS server. Likewise, 'sid' value is > > monotonically increased by the DOTS client for each configuration > > session, attackers replaying configuration requests with lower > > numeric 'sid' values will be rejected by the DOTS server if it > > maintains a higher numeric 'sid' value for this DOTS client. > > > > NEW: > > Section 8 of [RFC8446] discusses some mechanisms to implement to > > limit the impact of replay attacks on 0-RTT data. If the DOTS > > server accepts 0-RTT, it MUST implement one of these mechanisms to > > prevent replay at the TLS layer. A DOTS server can reject 0-RTT > > by sending a TLS HelloRetryRequest. > > > > The DOTS signal channel messages sent as early data by the DOTS > > client are idempotent requests. As a reminder, the Message ID > > (Section 3 of [RFC7252]) is changed each time a new CoAP request > > is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized > > in each CoAP request. The DOTS server(s) MUST use the Message ID > > and the Token in the DOTS signal channel message to detect replay > > of early data at the application layer, and accept 0-RTT data at > > most once from the same DOTS client. This anti-replay defense > > requires sharing the Message ID and the Token in the 0-RTT data > > between DOTS servers in the DOTS server domain. DOTS servers do > > not rely on transport coordinates to identify DOTS peers. As > > specified in Section 4.4.1, DOTS servers couple the DOTS signal > > channel sessions using the DOTS client identity and optionally the > > 'cdid' parameter value. Furthermore, 'mid' value is monotonically > > increased by the DOTS client for each mitigation request, > > attackers replaying mitigation requests with lower numeric 'mid' > > values and overlapping scopes with mitigation requests having > > higher numeric 'mid' values will be rejected systematically by the > > DOTS server. Likewise, 'sid' value is monotonically increased by > > the DOTS client for each configuration request (Section 4.5.2), > > attackers replaying configuration requests with lower numeric > > 'sid' values will be rejected by the DOTS server if it maintains a > > higher numeric 'sid' value for this DOTS client. > > > > Cheers, > > Med > > > > > -----Message d'origine----- > > > De : Konda, Tirumaleswar Reddy > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > Envoyé : jeudi 28 février 2019 11:50 > > > À : BOUCADAIR Mohamed TGI/OLN; Benjamin Kaduk Cc : > > > draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org Objet : RE: > > > [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf- > > > dots-signal-channel) > > > > > > > -----Original Message----- > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of > > > > mohamed.boucadair@orange.com > > > > Sent: Thursday, February 28, 2019 1:48 PM > > > > To: Benjamin Kaduk <kaduk@mit.edu> > > > > Cc: draft-ietf-dots-signal-channel@ietf.org; Konda, Tirumaleswar > > > > Reddy <TirumaleswarReddy_Konda@McAfee.com>; dots@ietf.org > > > > Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of > > > > draft-ietf- > > > dots- > > > > signal-channel) > > > > > > > > This email originated from outside of the organization. Do not click > > > > links > > > or > > > > open attachments unless you recognize the sender and know the > > > > content is > > > safe. > > > > > > > > Hi Ben, > > > > > > > > Please see inline. > > > > > > > > Cheers, > > > > Med > > > > > > > > > -----Message d'origine----- > > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : mercredi 27 > > > > > février 2019 16:58 À : BOUCADAIR Mohamed TGI/OLN Cc : Konda, > > > > > Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org; > > > > > dots@ietf.org > > > > > Objet : Re: Using Early Data in DOTS (RE: [Dots] AD review of > > > > > draft-ietf- > > > > > dots-signal-channel) > > > > > > > > > > On Tue, Feb 19, 2019 at 07:59:29AM +0000, > > > > mohamed.boucadair@orange.com wrote: > > > > > > Hi Ben, > > > > > > > > > > > > Please see inline. > > > > > > > > > > Okay. BTW, it is looking like this is the last topic to resolve > > > > > before starting IETF LC. It's probably worth s/the exponent is > > > > > 2/the base of the exponent is 2/ in the next rev, though, just as > > > > > a minor nit- > > > fix. > > > > > > > > > > > > > [Med] Fixed. > > > > > > > > > > > > > > > > > -----Message d'origine----- > > > > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : lundi 18 > > > > > > > février 2019 17:23 À : BOUCADAIR Mohamed TGI/OLN Cc : Konda, > > > > > > > Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf..org; > > > > > > > dots@ietf.org > > > > > > > Objet : Re: Using Early Data in DOTS (RE: [Dots] AD review of > > > > > > > draft-ietf- > > > > > > > dots-signal-channel) > > > > > > > > > > > > > > On Fri, Feb 15, 2019 at 03:36:05PM +0000, > > > > > > > mohamed.boucadair@orange.com > > > > > wrote: > > > > > > > > Re-, > > > > > > > > > > > > > > > > Looking forward to discuss this further. > > > > > > > > > > > > > > > > I wonder whether you can consider putting the document in > > > > > > > > the IETF LC > > > > > for > > > > > > > now. If it happen that we need to modify the 0-RTT text, we > > > > > > > will handle > > > > > it as > > > > > > > other IETF LC comments. > > > > > > > > > > > > > > I would normally be pretty amenable to starting IETF LC and > > > > > > > continuing discussion; it's just for this issue in particular > > > > > > > that I seem to be the main person on the IESG that enforces > > > > > > > the "application profile for 0-RTT data" requirement, so it > > > > > > > would feel rather odd to go forward in this > > > > > case. > > > > > > > > > > > > [Med] Fair enough. > > > > > > > > > > > > > Luckily, I spent some time this weekend reading RFC 7252 and > > > > > > > have some substantive comments. > > > > > > > > > > > > > > The key oberservation here seems to be that the Message ID is > > > > > > > scoped per endpoint, and replays can come from arbitrary addresses. > > > > > > > > > > > > > > Specifically, we recall that: > > > > > > > > > > > > > > The DOTS signal channel is layered on existing standards > > > > > > > (Figure > > > 3). > > > > > > > > > > > > > > +---------------------+ > > > > > > > | DOTS Signal Channel | > > > > > > > +---------------------+ > > > > > > > | CoAP | > > > > > > > +----------+----------+ > > > > > > > | TLS | DTLS | > > > > > > > +----------+----------+ > > > > > > > | TCP | UDP | > > > > > > > +----------+----------+ > > > > > > > | IP | > > > > > > > +---------------------+ > > > > > > > > > > > > > > We note that CoAP is using the IP address or "DTLS session" > > > > > > > (arguably a poorly chosen term) to identify a CoAP association > > > > > > > and that Message IDs > > > > > are > > > > > > > only used within the scope of such an association, it seems > > > > > > > pretty clear that an attacker able to replay TLS 1.3 0-RTT > > > > > > > data will slice off the top three lines of this figure and > > > > > > > swap out the TCP/UDP/IP layers. In the absence of DTLS > > > > > > > connection IDs, my understanding is that the "DTLS > > > > > session" > > > > > > > is identified solely by the transport connection, just as for > > > > > > > coap-not-s, so by spoofing the source address, the attacker > > > > > > > causes the replayed 0-RTT data (and thus, CoAP request) to be > > > > > > > interpreted as a new incoming coaps connection. > > > > > > > > > > > > > > Given that Message ID is only 16 bits and the servers > > > > > > > accepting 0-RTT > > > > > data > > > > > > > have potential to be quite busy, it does not seem workable to > > > > > > > attempt to use the incoming Message IDs as globally unique > > > > > > > replay defense, as the > > > > > risk > > > > > > > of collision would be pretty large. > > > > > > > > > > > > [Med] The replay detection relies on both Message ID and Token. > > > > > > > > > > In stock CoAP, the Message ID and Token are used only with the > > > > > context of a specific transport association. > > > > > > > > [Med] Hmm...RFC7252 defines an endpoint as follows: > > > > > > > > The specific definition of an endpoint depends on the transport being > > > > used for CoAP. For the transports defined in this specification, the > > > > endpoint is identified depending on the security mode used (see > > > > Section 9): With no security, the endpoint is solely identified by an > > > > IP address and a UDP port number. With other security modes, the > > > > endpoint is identified as defined by the security mode. > > > > > > > > DOTS adheres to that definition: it assumes that an endpoint is not > > > identified by > > > > its transport coordinates but with its identity. > > > > > > > > Furthermore, the correlation between sessions is clearly mentioned > > > > in the > > > text: > > > > > > > > The DOTS server couples the DOTS signal channel sessions using the > > > > DOTS client identity and optionally the 'cdid' parameter value, and > > > > the DOTS server uses 'mid' and 'cuid' Uri-Path parameter values to > > > > detect duplicate mitigation requests. > > > > > > > > > > > > In order to use them for (D)TLS 1.3 replay > > > > > defense, we need to expand that context to a broader scope, and > > > > > direct the server to check the Message ID/Token globally (or at > > > > > least within the scope of a given 'cuid'/'cdid'). Since this > > > > > would reflect a divergence from normal CoAP, if we are going to > > > > > rely on this sort of behavior, we must call it out very loudly as specific to > > DOTS. > > > > > > > > > > > > > [Med] We can make this change if it helps: > > > > > > > > OLD: > > > > The DOTS server(s) can use Message ID and > > > > Token in the DOTS signal channel message to detect replay of early > > > > data, and accept 0-RTT data at most once. > > > > > > > > NEW: > > > > The DOTS server(s) can use Message ID and > > > > Token in the DOTS signal channel message to detect replay of early > > > > data, and accept 0-RTT data at most once from the same DOTS client. > > > > DOTS servers do not rely on transport coordinates to > > > > identify its peers. As a reminder, DOTS servers couples the > > > > DOTS > > > signal > > > > channel sessions > > > > using the DOTS client identity and optionally the 'cdid' > > > > parameter > > > value. > > > > > > I propose to update the text as follows: > > > > > > The DOTS server(s) can use the Message ID and > > > Token in the DOTS signal channel message to detect replay of early > > > data, and accept 0-RTT data at most once from the same DOTS client. > > > This anti-replay defense requires sharing the Message ID and > > > Token in the 0-RTT data > > > between DOTS servers in the DOTS server domain. > > > DOTS servers do not rely on transport coordinates to > > > identify its peers. As a reminder, DOTS servers couples the DOTS > > > signal channel sessions > > > using the DOTS client identity and optionally the 'cdid' > > > parameter value. > > > > > > -Tiru
- [Dots] Using Early Data in DOTS (RE: AD review of… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair