Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 04 March 2019 16:02 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578A312DD85; Mon, 4 Mar 2019 08:02:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9OFw-755zh2; Mon, 4 Mar 2019 08:02:08 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD47B1228B7; Mon, 4 Mar 2019 08:02:07 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1551715156; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-exchange-diagnostics:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=VpqbDEC2WWslhFxNbh7zraG3xX/QdiM05PmJV8 R4OfA=; b=myvj9bJhIY9udDjQi3BFi48X+O6j2vmyoX1DNx6G U+e+52qvbdO9d0EM+x7xDn14H1jXuhWwvG1udIBqpGU8C599ZA BB2vmIYyQok1TlOZI3U3DpgIdrzunjpaHyxqypVvG1HzVEj7Ag evVZLVk43JoKpBv6gPEitQHQEiOJU9c=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 1568_3259_9c89c193_21bf_470c_973d_e3c5ebc2db27; Mon, 04 Mar 2019 08:59:16 -0700
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 4 Mar 2019 09:01:58 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 4 Mar 2019 09:01:58 -0700
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 4 Mar 2019 09:01:47 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2840.namprd16.prod.outlook.com (20.178.234.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.18; Mon, 4 Mar 2019 16:01:48 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1665.020; Mon, 4 Mar 2019 16:01:48 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
Thread-Index: AQHUzz5BCXFDawydokCSl6Px8wMDQaX1B8jwgAAmWzCABnf3YA==
Date: Mon, 04 Mar 2019 16:01:47 +0000
Message-ID: <BYAPR16MB279020EAC0BD03A67B6BE253EA710@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <787AE7BB302AE849A7480A190F8B93302EA0EC85@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA20112@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190215150458.GV56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA20406@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190218162322.GI24387@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA21AC0@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190227155729.GL53396@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA2680B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB2790C6F98C259154C2AC200AEA750@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA26AD5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA26AD5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.172.133.177]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5d1d8674-e27f-4a88-026a-08d6a0bab533
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2840;
x-ms-traffictypediagnostic: BYAPR16MB2840:
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2840;23:EoyF1J3ggOSCHQiXesy6EwT95yITuYi83J6V93X54HAEzovSY3Wvn27zy1ChptWfugEsagXQJTVkUTQ2bwTThx+MILqzJb0NqF3WhTWsPQzgxYces9ydSbqb0ydfsnFtJyZqua8BalOC9HwR7eRizIrxK3EVe8u8U/aXCsbeza5hG0rPukRnzydIynq+ZJzXSMaVp9aLJS/l81nsJXuScpLYS60a6LwMYNfo0Vnmx0u0UO424QuTAc1IGb6JHbNn+EeQsyXDCKS7vT2J3DGTtkMBXyQX7uHNtQvVML1hBvcN/QpnwzLlqxiF75hUb7krWUaQLnY+uxdc0DQOr31O/YoAWMzRlTsPI0KR+C8c8Ax4XxAyztUTwLaNfsdNJuemIGFMhe2iWBgLY7XEswJBPHPelJFDS5hcvfu2ALbmPu1Gq4sPEr++VX4JE1cO+1yIv+gGmE0gauX7C2fdALnKrmMS4ylq4RQqfdBRwPvJXgyAaWQpEjEFf+FBuK57V8W8d2a385EdV1tDJpJYHO67lfTwJlbaZVeTjX5cDR0p/eC3Va/5X6/Kec81pgU1n4YWqcVLgFtuTVgig/O2ywZRJeQGsZ5RxYuK+e8EW7ZkQFzfCo4IFA6/6t88MG/xGP6l/6hJiEpABxAc9jJvIET1qrkzp+yiXftsKYr+4qndpaPtjxb5qbn3tQE60c4pk5JEa8mSdNIXwrXaZV1HgNjPlcda7+rqk8+F7RCLH++xpyMr45oZ1bvaOJAB1LQ3gzacQHD0RKzvHSmBjV5FmaX3+ZGC0cPcx+aYSLsSTI6v2imKYrZMTzsJOswepRiELlHbaY6V2ARIVwyHPm6IQVVpnsvdrXuYmtSZT6BszX4WQ3Oy8K5sJKcS81KqWHqq+ov8+mnkAgtT/jIazTXx5/6+Jc/qJ+tf9DmaPEUzL3CXDb/wKf0r+yLdFOA5gDqGspGSZ8xP3yL+Ssou+g2tjVdg5t/7uXACgbcK122oXejOM3juVTiOCLwS+5fmkCm3xZ45afrDM72mnBuuTotvyjYkTVNLo5+YkDdggMnGlWIeI2v0fISiT7jfSv3JkOPYSXgXCckBAwnBUSnCFMTuGI/84q4bdmVdmPUMrVEhfUrebZ723ACtnENlopmeZiB8CRTwWh2hv8zXZ7C9j2rEcg7eDR1ZnZ8latxrS+DXFLmnm5VPvHKUYAGP8QgwKThshdT4OJb8neVr6I3Kfp4HcIa3fEXZsrZD2hxzKcyXT2qqltwCdwurSeh5CjLkZvOJS1EB9ZFzQISsoKYQqo1ydrm06Prrg7xrfDtgpxe0Yc9pERjb6tdCZ3Vkf4O+0OhTXHsMe00zltu0YwlEZ/o5bWWH2qQxw2ZjLZORasvl2u62v6TZRpWoo0B1nJktuf/z50VMtnwovIxrw6239flSFkzxInG2uwqLzu056dg6FyaKHPWiY+OEucz96rcGPsZlI6Wek70fUF66VgtfGeU2mdys1AkcAtifKb9KxASVBcln8aY=
x-microsoft-antispam-prvs: <BYAPR16MB2840AFFB7B72DDE3F412835CEA710@BYAPR16MB2840.namprd16.prod.outlook.com>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(396003)(136003)(39860400002)(199004)(189003)(32952001)(13464003)(86362001)(66574012)(486006)(110136005)(54906003)(446003)(476003)(11346002)(316002)(8676002)(81166006)(81156014)(93886005)(14454004)(3846002)(25786009)(105586002)(5024004)(4326008)(6116002)(7696005)(66066001)(76176011)(80792005)(97736004)(2906002)(99286004)(72206003)(14444005)(106356001)(256004)(33656002)(6506007)(53546011)(55236004)(186003)(68736007)(305945005)(74316002)(6246003)(2171002)(26005)(102836004)(478600001)(2501003)(5660300002)(229853002)(9686003)(71200400001)(71190400001)(55016002)(6436002)(7736002)(53936002)(8936002)(52536013)(30864003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2840; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: SGg0kUJQKxp7+KGZYcLnDFRZVbqMAd/rIrHljR6gxQJM1INhKuxF4LUDb8I3K+6pxEMaMBTOl3+C+SHsWqIMYx0gCvrPuoVdCSQQAENFlYKxEznhs+MinSVZ6gSmDC2FP95ZFjGylOTpmgBySQRAnjIrXM8pQLQuO1Z8zhbNkHWJBf/6kZx/IAo2vH02etyGOfHLGDOVeoCBD9PF3gFQ4mC5wmRwyKZeyAhbzYQsR+FruVKKwIjc1xAzDA0nO0bUB+U/iUj4Gu1hf8RYRYEXMuJfSq//9lubYaY1FEVVbHwx9yPFliN/KSqtjR4oQTMsKMEFfWq5vLhYIk+9O0Lp4PYwT5v2zabft4QErFyzWNr747D7m+xxI3pz5tKoOBvqtif0TclLRu1ZDGv6nE+TC3L2ZiK/yc2PoQBtWeofpGk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5d1d8674-e27f-4a88-026a-08d6a0bab533
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 16:01:47.8860 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2840
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6495> : inlines <7025> : streams <1814741> : uri <2806378>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/wH40rmM3fFXPEt9_TaiQ2ssGd_E>
Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots-signal-channel)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 16:02:11 -0000
Updated text looks good to me. @Ben - Please let us know if the proposed update addresses your comments, we would like to publish the changes. Cheers, -Tiru > -----Original Message----- > From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> > Sent: Thursday, February 28, 2019 6:39 PM > To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; > Benjamin Kaduk <kaduk@mit.edu> > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org > Subject: RE: [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf-dots- > signal-channel) > > This email originated from outside of the organization. Do not click links or > open attachments unless you recognize the sender and know the content is safe. > > Re-, > > I rearranged the text as follows: > > OLD: > Section 8 of [RFC8446] discusses some mechanisms to implement to > limit the impact of replay attacks on 0-RTT data. If the DOTS > server accepts 0-RTT, it MUST implement one of these mechanisms. > A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest. > The DOTS signal channel messages sent as early data by the DOTS > client are idempotent requests. As a reminder, Message ID > (Section 3 of [RFC7252]) is changed each time a new CoAP request > is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized > in each CoAP request. The DOTS server(s) can use Message ID and > Token in the DOTS signal channel message to detect replay of early > data, and accept 0-RTT data at most once. Furthermore, 'mid' > value is monotonically increased by the DOTS client for each > mitigation request, attackers replaying mitigation requests with > lower numeric 'mid' values and overlapping scopes with mitigation > requests having higher numeric 'mid' values will be rejected > systematically by the DOTS server. Likewise, 'sid' value is > monotonically increased by the DOTS client for each configuration > session, attackers replaying configuration requests with lower > numeric 'sid' values will be rejected by the DOTS server if it > maintains a higher numeric 'sid' value for this DOTS client. > > NEW: > Section 8 of [RFC8446] discusses some mechanisms to implement to > limit the impact of replay attacks on 0-RTT data. If the DOTS > server accepts 0-RTT, it MUST implement one of these mechanisms to > prevent replay at the TLS layer. A DOTS server can reject 0-RTT > by sending a TLS HelloRetryRequest. > > The DOTS signal channel messages sent as early data by the DOTS > client are idempotent requests. As a reminder, the Message ID > (Section 3 of [RFC7252]) is changed each time a new CoAP request > is sent, and the Token (Section 5.3.1 of [RFC7252]) is randomized > in each CoAP request. The DOTS server(s) MUST use the Message ID > and the Token in the DOTS signal channel message to detect replay > of early data at the application layer, and accept 0-RTT data at > most once from the same DOTS client. This anti-replay defense > requires sharing the Message ID and the Token in the 0-RTT data > between DOTS servers in the DOTS server domain. DOTS servers do > not rely on transport coordinates to identify DOTS peers. As > specified in Section 4.4.1, DOTS servers couple the DOTS signal > channel sessions using the DOTS client identity and optionally the > 'cdid' parameter value. Furthermore, 'mid' value is monotonically > increased by the DOTS client for each mitigation request, > attackers replaying mitigation requests with lower numeric 'mid' > values and overlapping scopes with mitigation requests having > higher numeric 'mid' values will be rejected systematically by the > DOTS server. Likewise, 'sid' value is monotonically increased by > the DOTS client for each configuration request (Section 4.5.2), > attackers replaying configuration requests with lower numeric > 'sid' values will be rejected by the DOTS server if it maintains a > higher numeric 'sid' value for this DOTS client. > > Cheers, > Med > > > -----Message d'origine----- > > De : Konda, Tirumaleswar Reddy > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > Envoyé : jeudi 28 février 2019 11:50 > > À : BOUCADAIR Mohamed TGI/OLN; Benjamin Kaduk Cc : > > draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org Objet : RE: > > [Dots] Using Early Data in DOTS (RE: AD review of draft-ietf- > > dots-signal-channel) > > > > > -----Original Message----- > > > From: Dots <dots-bounces@ietf.org> On Behalf Of > > > mohamed.boucadair@orange.com > > > Sent: Thursday, February 28, 2019 1:48 PM > > > To: Benjamin Kaduk <kaduk@mit.edu> > > > Cc: draft-ietf-dots-signal-channel@ietf.org; Konda, Tirumaleswar > > > Reddy <TirumaleswarReddy_Konda@McAfee.com>; dots@ietf.org > > > Subject: Re: [Dots] Using Early Data in DOTS (RE: AD review of > > > draft-ietf- > > dots- > > > signal-channel) > > > > > > This email originated from outside of the organization. Do not click > > > links > > or > > > open attachments unless you recognize the sender and know the > > > content is > > safe. > > > > > > Hi Ben, > > > > > > Please see inline. > > > > > > Cheers, > > > Med > > > > > > > -----Message d'origine----- > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : mercredi 27 > > > > février 2019 16:58 À : BOUCADAIR Mohamed TGI/OLN Cc : Konda, > > > > Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf.org; > > > > dots@ietf.org > > > > Objet : Re: Using Early Data in DOTS (RE: [Dots] AD review of > > > > draft-ietf- > > > > dots-signal-channel) > > > > > > > > On Tue, Feb 19, 2019 at 07:59:29AM +0000, > > > mohamed.boucadair@orange.com wrote: > > > > > Hi Ben, > > > > > > > > > > Please see inline. > > > > > > > > Okay. BTW, it is looking like this is the last topic to resolve > > > > before starting IETF LC. It's probably worth s/the exponent is > > > > 2/the base of the exponent is 2/ in the next rev, though, just as > > > > a minor nit- > > fix. > > > > > > > > > > [Med] Fixed. > > > > > > > > > > > > > > -----Message d'origine----- > > > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : lundi 18 > > > > > > février 2019 17:23 À : BOUCADAIR Mohamed TGI/OLN Cc : Konda, > > > > > > Tirumaleswar Reddy; draft-ietf-dots-signal-channel@ietf..org; > > > > > > dots@ietf.org > > > > > > Objet : Re: Using Early Data in DOTS (RE: [Dots] AD review of > > > > > > draft-ietf- > > > > > > dots-signal-channel) > > > > > > > > > > > > On Fri, Feb 15, 2019 at 03:36:05PM +0000, > > > > > > mohamed.boucadair@orange.com > > > > wrote: > > > > > > > Re-, > > > > > > > > > > > > > > Looking forward to discuss this further. > > > > > > > > > > > > > > I wonder whether you can consider putting the document in > > > > > > > the IETF LC > > > > for > > > > > > now. If it happen that we need to modify the 0-RTT text, we > > > > > > will handle > > > > it as > > > > > > other IETF LC comments. > > > > > > > > > > > > I would normally be pretty amenable to starting IETF LC and > > > > > > continuing discussion; it's just for this issue in particular > > > > > > that I seem to be the main person on the IESG that enforces > > > > > > the "application profile for 0-RTT data" requirement, so it > > > > > > would feel rather odd to go forward in this > > > > case. > > > > > > > > > > [Med] Fair enough. > > > > > > > > > > > Luckily, I spent some time this weekend reading RFC 7252 and > > > > > > have some substantive comments. > > > > > > > > > > > > The key oberservation here seems to be that the Message ID is > > > > > > scoped per endpoint, and replays can come from arbitrary addresses. > > > > > > > > > > > > Specifically, we recall that: > > > > > > > > > > > > The DOTS signal channel is layered on existing standards > > > > > > (Figure > > 3). > > > > > > > > > > > > +---------------------+ > > > > > > | DOTS Signal Channel | > > > > > > +---------------------+ > > > > > > | CoAP | > > > > > > +----------+----------+ > > > > > > | TLS | DTLS | > > > > > > +----------+----------+ > > > > > > | TCP | UDP | > > > > > > +----------+----------+ > > > > > > | IP | > > > > > > +---------------------+ > > > > > > > > > > > > We note that CoAP is using the IP address or "DTLS session" > > > > > > (arguably a poorly chosen term) to identify a CoAP association > > > > > > and that Message IDs > > > > are > > > > > > only used within the scope of such an association, it seems > > > > > > pretty clear that an attacker able to replay TLS 1.3 0-RTT > > > > > > data will slice off the top three lines of this figure and > > > > > > swap out the TCP/UDP/IP layers. In the absence of DTLS > > > > > > connection IDs, my understanding is that the "DTLS > > > > session" > > > > > > is identified solely by the transport connection, just as for > > > > > > coap-not-s, so by spoofing the source address, the attacker > > > > > > causes the replayed 0-RTT data (and thus, CoAP request) to be > > > > > > interpreted as a new incoming coaps connection. > > > > > > > > > > > > Given that Message ID is only 16 bits and the servers > > > > > > accepting 0-RTT > > > > data > > > > > > have potential to be quite busy, it does not seem workable to > > > > > > attempt to use the incoming Message IDs as globally unique > > > > > > replay defense, as the > > > > risk > > > > > > of collision would be pretty large. > > > > > > > > > > [Med] The replay detection relies on both Message ID and Token. > > > > > > > > In stock CoAP, the Message ID and Token are used only with the > > > > context of a specific transport association. > > > > > > [Med] Hmm...RFC7252 defines an endpoint as follows: > > > > > > The specific definition of an endpoint depends on the transport being > > > used for CoAP. For the transports defined in this specification, the > > > endpoint is identified depending on the security mode used (see > > > Section 9): With no security, the endpoint is solely identified by an > > > IP address and a UDP port number. With other security modes, the > > > endpoint is identified as defined by the security mode. > > > > > > DOTS adheres to that definition: it assumes that an endpoint is not > > identified by > > > its transport coordinates but with its identity. > > > > > > Furthermore, the correlation between sessions is clearly mentioned > > > in the > > text: > > > > > > The DOTS server couples the DOTS signal channel sessions using the > > > DOTS client identity and optionally the 'cdid' parameter value, and > > > the DOTS server uses 'mid' and 'cuid' Uri-Path parameter values to > > > detect duplicate mitigation requests. > > > > > > > > > In order to use them for (D)TLS 1.3 replay > > > > defense, we need to expand that context to a broader scope, and > > > > direct the server to check the Message ID/Token globally (or at > > > > least within the scope of a given 'cuid'/'cdid'). Since this > > > > would reflect a divergence from normal CoAP, if we are going to > > > > rely on this sort of behavior, we must call it out very loudly as specific to > DOTS. > > > > > > > > > > [Med] We can make this change if it helps: > > > > > > OLD: > > > The DOTS server(s) can use Message ID and > > > Token in the DOTS signal channel message to detect replay of early > > > data, and accept 0-RTT data at most once. > > > > > > NEW: > > > The DOTS server(s) can use Message ID and > > > Token in the DOTS signal channel message to detect replay of early > > > data, and accept 0-RTT data at most once from the same DOTS client. > > > DOTS servers do not rely on transport coordinates to > > > identify its peers. As a reminder, DOTS servers couples the > > > DOTS > > signal > > > channel sessions > > > using the DOTS client identity and optionally the 'cdid' > > > parameter > > value. > > > > I propose to update the text as follows: > > > > The DOTS server(s) can use the Message ID and > > Token in the DOTS signal channel message to detect replay of early > > data, and accept 0-RTT data at most once from the same DOTS client. > > This anti-replay defense requires sharing the Message ID and > > Token in the 0-RTT data > > between DOTS servers in the DOTS server domain. > > DOTS servers do not rely on transport coordinates to > > identify its peers. As a reminder, DOTS servers couples the DOTS > > signal channel sessions > > using the DOTS client identity and optionally the 'cdid' > > parameter value. > > > > -Tiru
- [Dots] Using Early Data in DOTS (RE: AD review of… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Konda, Tirumaleswar Reddy
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… Benjamin Kaduk
- Re: [Dots] Using Early Data in DOTS (RE: AD revie… mohamed.boucadair