IETF Logo Mail Archive

[Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)

<mohamed.boucadair@orange.com> Tue, 29 January 2019 13:31 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D7D124408; Tue, 29 Jan 2019 05:31:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjLGUPw6-6kd; Tue, 29 Jan 2019 05:31:39 -0800 (PST)
Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F7D3124C04; Tue, 29 Jan 2019 05:31:39 -0800 (PST)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 43pnTQ0bfPz5wfD; Tue, 29 Jan 2019 14:31:38 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.69]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 43pnTP6WzJzDq7J; Tue, 29 Jan 2019 14:31:37 +0100 (CET)
Received: from OPEXCAUBM5D.corporate.adroot.infra.ftgroup (10.114.13.60) by OPEXCLILMA2.corporate.adroot.infra.ftgroup (10.114.31.69) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 29 Jan 2019 14:31:37 +0100
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM5D.corporate.adroot.infra.ftgroup ([fe80::8899:bbc3:9726:cd5e%22]) with mapi id 14.03.0415.000; Tue, 29 Jan 2019 14:31:37 +0100
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Using Early Data in DOTS (RE: [Dots] AD review of draft-ietf-dots-signal-channel)
Thread-Index: AdS31vEPJD2qMb3JSyKP8BrrvaReRQ==
Date: Tue, 29 Jan 2019 13:31:36 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA0EC85@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/hYTYkL6tMc2lZW3w84mmvKbkWZ4>
Subject: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2019 13:31:46 -0000

Hi Ben, all, 

We edited a short draft (https://tools.ietf.org/html/draft-boucadair-dots-earlydata-00) to motivate the following text included in the signal channel draft:

      Section 8 of [RFC8446] discusses some mechanisms to implement to
      limit the impact of replay attacks on 0-RTT data.  If the DOTS
      server accepts 0-RTT, it MUST implement one of these mechanisms.
      A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
      The DOTS signal channel messages sent as early data by the DOTS
      client are idempotent requests.  As a reminder, Message ID
      (Section 3 of [RFC7252]) is changed each time a new CoAP request
      is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized
      in each CoAP request.  The DOTS server(s) can use Message ID and
      Token in the DOTS signal channel message to detect replay of early
      data, and accept 0-RTT data at most once.  Furthermore, 'mid'
      value is monotonically increased by the DOTS client for each
      mitigation request, attackers replaying mitigation requests with
      lower numeric 'mid' values and overlapping scopes with mitigation
      requests having higher numeric 'mid' values will be rejected
      systematically by the DOTS server.

      Owing to the aforementioned protections, especially those afforded
      by CoAP deduplication (Section 4.5 of [RFC7252]) and RFC 8446
      anti-replay mechanisms, all DOTS signal channel requests are safe
      to transmit in TLS 1.3 as early data.  Refer to
      [I-D.boucadair-dots-earlydata] for more details.

This text and also the Designated Expert guidelines are implemented in -28. These are the two pending issues from your AD review. 

Other edits were also made to record what was agreed on the list.

We hope this version is now ready to move forward. 

Cheers,
Med

> > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that "Application
> > > > > protocols MUST NOT use 0-RTT data without a profile that defines its
> > use.
> > > > > That profile needs to identify which messages or interactions are
> safe
> > to
> > > > use
> > > > > with 0-RTT and how to handle the situation when the server rejects 0-
> > RTT
> > > > and
> > > > > falls back to 1-RTT."  So we either need to say which client requests
> > are
> > > > 0-RTT
> > > > > safe (and why) or defer that profile to another document.  draft-
> ietf-
> > > > dnsop-
> > > > > session-signal is perhaps an example of a document that specifies
> which
> > > > > messages are/aren't allowed in early data.
> > > > > (draft-ietf-acme-acme is another, but an uninteresting one, since
> they
> > make
> > > > > every request include a single-use nonce, and all messages are 0-RTT
> > safe.)
> > > > > Our use of increasing 'mid' values may help here, in terms of
> allowing
> > > > DELETEs
> > > > > to be safe, but I'd have to think a little more to be sure that
> > requesting
> > > > > mitigation would be safe.  (On first glance the session-managemnet
> bits
> > > > would
> > > > > not be safe, but I may be missing something.)
> > > >
> > > > The draft only uses idempotent requests (GET, PUT and DELETE), and CoAP
> > is
> > > > capable of detecting message duplication (see
> > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both confirmable
> and
> > > > non-confirmable messages.
> > > >  [1] An attacker replaying DELETE will not have any adverse impact,
> 2.02
> > > > (Deleted) Response Code is returned even if the mitigation request does
> > not
> > > > exist.
> > > > [2] The techniques discussed in Section 8 of RFC8446 should suffice to
> > handle
> > > > anti-replay (e.g. an attacker replaying a 0-RTT data carrying an old
> > > > mitigation request replaced by a new mitigation scope).
> > > >
> > >
> > > [Med] FWIW, we do already have this text in the draft:
> > >
> > >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> > >       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest

v2.23.0 | Report a Bug | By Email