Re: [EToSat] BDP parameters draft: security aspects
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 18 December 2019 11:46 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 331C512012D for <etosat@ietfa.amsl.com>; Wed, 18 Dec 2019 03:46:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZCGx5H1ML8l for <etosat@ietfa.amsl.com>; Wed, 18 Dec 2019 03:46:28 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id B37E3120143 for <etosat@ietf.org>; Wed, 18 Dec 2019 03:46:26 -0800 (PST)
Received: from GF-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 904D81B00243; Wed, 18 Dec 2019 11:46:19 +0000 (GMT)
Message-ID: <5DFA118A.5060806@erg.abdn.ac.uk>
Date: Wed, 18 Dec 2019 11:46:18 +0000
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: emile.stephan@orange.com
CC: Christian Huitema <huitema@huitema.net>, Kuhn Nicolas <Nicolas.Kuhn@cnes.fr>, "'etosat@ietf.org'" <etosat@ietf.org>
References: <31545_1576664050_5DF9FBF2_31545_447_1_8150a728-149d-4502-9741-ef0673eb3416@OPEXCAUBM33.corporate.adroot.infra.ftgroup>
In-Reply-To: <31545_1576664050_5DF9FBF2_31545_447_1_8150a728-149d-4502-9741-ef0673eb3416@OPEXCAUBM33.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/gZ2gD_kMY5_9kqwQlx-PP8aCQzM>
Subject: Re: [EToSat] BDP parameters draft: security aspects
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 11:46:31 -0000
From the congestion control point of view, this attack does not seem to exist in the way you suggest: Suppose a path is declared as having a large RTT and large BDP. If the client returns ecnrypted info form it's IP address, the server can verify the client is indeed at the same IP address. So it seems hard to force this behaviour as an attack. If the server then "believes" the congestion control info that it has been passed, it will anticipate a large delay. An increased window of data would be pacing over the anticpated RRT, say 1 sec. The method needs to choose an increased IW that is conservative (say ... for example, this was only enabled when RTT>200mS? and then only scaled by allowing an increas from the normal that is IW * cached_min_RTT/0.2). If the RTT is correct, the client responds 1 RTT later all is well. If it happens that the client's RTT is smaller (for whatever reason), the rate of transmission is still not likely higher than the client would normally experience (because it is paced to a rate based on a higher RTT). The first ACK will be received before the entire IW has been paced-out and the server realises the shorter RTT. If it happens the client's RTT is larger (for whatever reason), the rate of tranbsmission remains the same, but paced-sending ceases before the RTT. This is better than not trying to adjust the paced-IW to the RTT, but less than could have been achieved. Does that appear unsafe? Gorry On 18/12/2019, 10:14, emile.stephan@orange.com wrote: > > Hi Christian, > > Thanks for your analysis of the draft. See inline > > -----Original Message----- > From: Christian Huitema [mailto:huitema@huitema.net] > Sent: mercredi 18 décembre 2019 03:03 > To: Kuhn Nicolas > Cc: 'Gorry (erg)'; 'etosat@ietf.org'; STEPHAN Emile TGI/OLN > Subject: Re: BDP parameters draft (was: [EToSat] Re-chartering for > extension work) > > ... > > There is also a security aspect there. The server that blindly trusts > > the BDP option will blast a large number of packets. What if the client > > is trying to sabotage the local network? Why should the server trust the > > client? The security section does not cover that... > > [Emile] > > The draft supposes that the BDP parameters are protected using the > same mechanism that protect initial_max_data TP: the server has a mean > to check that the parameters proposed by the client are those it sent > to the client during the previous connexion. We will reword that in > the security section but it is not an easy part as the usage of TLS1.3 > newSessionTicket by QUIC is hard to summarize. > > Cdt > > Emile > > On 12/17/2019 7:27 AM, Kuhn Nicolas wrote: > > > Hi Mark, Lars, > > > > > > Many meetings discussed the impacts of QUIC encryption on satellite > Performance-enhancing proxy (PEP) and the benefit of exchanging > additional transport parameters. > > > draft-kuhn-quic-0rtt-bdp was mentioned as a possible extension > during « Quick QUIC Update » presentation. > > > > > > We have updated draft-kuhn-quic-0rtt-bdp-05 as an extension of QUIC. > > > We propose to include it in the re-chartering discussion. > > > > > > Regards, > > > Nicolas, Emile and Gorry > > > > > > > https://datatracker.ietf.org/meeting/106/materials/slides-106-tsvarea-quick-quic-update-mark-nottingham-00.pdf > > > https://tools.ietf.org/html/draft-kuhn-quic-0rtt-bdp-05 > > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > > _______________________________________________ > EToSat mailing list > EToSat@ietf.org > https://www.ietf.org/mailman/listinfo/etosat
- Re: [EToSat] BDP parameters draft: security aspec… emile.stephan
- Re: [EToSat] BDP parameters draft: security aspec… Gorry Fairhurst
- Re: [EToSat] BDP parameters draft: security aspec… Christian Huitema
- Re: [EToSat] BDP parameters draft: security aspec… Gorry Fairhurst