IETF Logo Mail Archive

Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)

<mohamed.boucadair@orange.com> Fri, 15 February 2019 15:36 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F328124D68; Fri, 15 Feb 2019 07:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g4VHy9FZIaEL; Fri, 15 Feb 2019 07:36:07 -0800 (PST)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D61D12008F; Fri, 15 Feb 2019 07:36:07 -0800 (PST)
Received: from opfednr04.francetelecom.fr (unknown [xx.xx.xx.68]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id 441HR93bNyz5wGs; Fri, 15 Feb 2019 16:36:05 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.45]) by opfednr04.francetelecom.fr (ESMTP service) with ESMTP id 441HR92bgdz1xp9; Fri, 15 Feb 2019 16:36:05 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM42.corporate.adroot.infra.ftgroup ([fe80::1c8e:403e:fbea:5835%21]) with mapi id 14.03.0435.000; Fri, 15 Feb 2019 16:36:05 +0100
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-dots-signal-channel)
Thread-Index: AQHUxT/XkMbs4nOP80KV8KXTaawAqqXg/D4w
Date: Fri, 15 Feb 2019 15:36:05 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA20406@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93302EA0EC85@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190215150458.GV56447@kduck.mit.edu>
In-Reply-To: <20190215150458.GV56447@kduck.mit.edu>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/aj-YMRKdj43NMmw4PWBpnXjECxM>
Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 15:36:10 -0000

Re-,

Looking forward to discuss this further. 

I wonder whether you can consider putting the document in the IETF LC for now. If it happen that we need to modify the 0-RTT text, we will handle it as other IETF LC comments.

Cheers,
Med

> -----Message d'origine-----
> De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> Envoyé : vendredi 15 février 2019 16:05
> À : BOUCADAIR Mohamed TGI/OLN
> Cc : Konda, Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org;
> dots@ietf.org
> Objet : Re: Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-
> dots-signal-channel)
> 
> Hi Med,
> 
> Short form: I need to think about it harder.  There's some indication that
> the CoAp Message ID is at the wrong level to protect the 0-RTT data, but
> I'm not sure yet.
> 
> Sorry for the delays; this has been a frenetic couple weeks :(
> 
> -Ben
> 
> On Fri, Feb 15, 2019 at 03:01:29PM +0000, mohamed.boucadair@orange.com wrote:
> > Hi Ben,
> >
> > What is the status for this one? Are we OK to move forward?
> >
> > Thank you.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com]
> > > Envoyé : mardi 29 janvier 2019 14:32
> > > À : Benjamin Kaduk
> > > Cc : Konda, Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org;
> > > dots@ietf.org
> > > Objet : Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-
> dots-
> > > signal-channel)
> > >
> > > Hi Ben, all,
> > >
> > > We edited a short draft (https://tools.ietf.org/html/draft-boucadair-
> dots-
> > > earlydata-00) to motivate the following text included in the signal
> channel
> > > draft:
> > >
> > >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> > >       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
> > >       The DOTS signal channel messages sent as early data by the DOTS
> > >       client are idempotent requests.  As a reminder, Message ID
> > >       (Section 3 of [RFC7252]) is changed each time a new CoAP request
> > >       is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized
> > >       in each CoAP request.  The DOTS server(s) can use Message ID and
> > >       Token in the DOTS signal channel message to detect replay of early
> > >       data, and accept 0-RTT data at most once.  Furthermore, 'mid'
> > >       value is monotonically increased by the DOTS client for each
> > >       mitigation request, attackers replaying mitigation requests with
> > >       lower numeric 'mid' values and overlapping scopes with mitigation
> > >       requests having higher numeric 'mid' values will be rejected
> > >       systematically by the DOTS server.
> > >
> > >       Owing to the aforementioned protections, especially those afforded
> > >       by CoAP deduplication (Section 4.5 of [RFC7252]) and RFC 8446
> > >       anti-replay mechanisms, all DOTS signal channel requests are safe
> > >       to transmit in TLS 1.3 as early data.  Refer to
> > >       [I-D.boucadair-dots-earlydata] for more details.
> > >
> > > This text and also the Designated Expert guidelines are implemented in -
> 28.
> > > These are the two pending issues from your AD review.
> > >
> > > Other edits were also made to record what was agreed on the list.
> > >
> > > We hope this version is now ready to move forward.
> > >
> > > Cheers,
> > > Med
> > >
> > > > > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that
> > > "Application
> > > > > > > > protocols MUST NOT use 0-RTT data without a profile that
> defines
> > > its
> > > > > use.
> > > > > > > > That profile needs to identify which messages or interactions
> are
> > > > safe
> > > > > to
> > > > > > > use
> > > > > > > > with 0-RTT and how to handle the situation when the server
> rejects
> > > 0-
> > > > > RTT
> > > > > > > and
> > > > > > > > falls back to 1-RTT."  So we either need to say which client
> > > requests
> > > > > are
> > > > > > > 0-RTT
> > > > > > > > safe (and why) or defer that profile to another document.
> draft-
> > > > ietf-
> > > > > > > dnsop-
> > > > > > > > session-signal is perhaps an example of a document that
> specifies
> > > > which
> > > > > > > > messages are/aren't allowed in early data.
> > > > > > > > (draft-ietf-acme-acme is another, but an uninteresting one,
> since
> > > > they
> > > > > make
> > > > > > > > every request include a single-use nonce, and all messages are
> 0-
> > > RTT
> > > > > safe.)
> > > > > > > > Our use of increasing 'mid' values may help here, in terms of
> > > > allowing
> > > > > > > DELETEs
> > > > > > > > to be safe, but I'd have to think a little more to be sure that
> > > > > requesting
> > > > > > > > mitigation would be safe.  (On first glance the session-
> managemnet
> > > > bits
> > > > > > > would
> > > > > > > > not be safe, but I may be missing something.)
> > > > > > >
> > > > > > > The draft only uses idempotent requests (GET, PUT and DELETE),
> and
> > > CoAP
> > > > > is
> > > > > > > capable of detecting message duplication (see
> > > > > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both
> confirmable
> > > > and
> > > > > > > non-confirmable messages.
> > > > > > >  [1] An attacker replaying DELETE will not have any adverse
> impact,
> > > > 2.02
> > > > > > > (Deleted) Response Code is returned even if the mitigation
> request
> > > does
> > > > > not
> > > > > > > exist.
> > > > > > > [2] The techniques discussed in Section 8 of RFC8446 should
> suffice
> > > to
> > > > > handle
> > > > > > > anti-replay (e.g. an attacker replaying a 0-RTT data carrying an
> old
> > > > > > > mitigation request replaced by a new mitigation scope).
> > > > > > >
> > > > > >
> > > > > > [Med] FWIW, we do already have this text in the draft:
> > > > > >
> > > > > >       Section 8 of [RFC8446] discusses some mechanisms to implement
> to
> > > > > >       limit the impact of replay attacks on 0-RTT data.  If the
> DOTS
> > > > > >       server accepts 0-RTT, it MUST implement one of these
> mechanisms

v2.23.0 | Report a Bug | By Email