IETF Logo Mail Archive

Re: on HTTP/QUIC and HTTPBis

Willy Tarreau <w@1wt.eu> Wed, 15 March 2017 06:39 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 434D412956E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Mar 2017 23:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zoWrmYarVBGG for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 14 Mar 2017 23:39:22 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CABF112955F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 14 Mar 2017 23:39:22 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1co2YN-0005S7-Fx for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Mar 2017 06:36:59 +0000
Resent-Date: Wed, 15 Mar 2017 06:36:59 +0000
Resent-Message-Id: <E1co2YN-0005S7-Fx@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <w@1wt.eu>) id 1co2YG-0005RF-RB for ietf-http-wg@listhub.w3.org; Wed, 15 Mar 2017 06:36:52 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.84_2) (envelope-from <w@1wt.eu>) id 1co2Y9-0002sU-Jt for ietf-http-wg@w3.org; Wed, 15 Mar 2017 06:36:46 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id v2F6a95i013835; Wed, 15 Mar 2017 07:36:09 +0100
Date: Wed, 15 Mar 2017 07:36:09 +0100
From: Willy Tarreau <w@1wt.eu>
To: Patrick McManus <mcmanus@ducksong.com>
Cc: Adrien de Croy <adrien@qbik.com>, Mike Bishop <Michael.Bishop@microsoft.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-ID: <20170315063609.GC13814@1wt.eu>
References: <CAOdDvNqc3nCH-55GPsCVhsWiFt4dXkNTQPFLizpuGPFjbQOg4Q@mail.gmail.com> <em2484435a-146a-42a7-b427-bf699c00f2ae@bodybag> <CAOdDvNpUwRYwo6AY2reVmbeO88E1aD8na-MCxqg+_cBusqduAw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAOdDvNpUwRYwo6AY2reVmbeO88E1aD8na-MCxqg+_cBusqduAw@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.0
X-W3C-Hub-Spam-Report: AWL=0.943, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1co2Y9-0002sU-Jt a8a95d21fa1a245fdfac2a4c99534c5c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: on HTTP/QUIC and HTTPBis
Archived-At: <http://www.w3.org/mid/20170315063609.GC13814@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33728
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Patrick,

On Tue, Mar 14, 2017 at 11:48:01AM -0400, Patrick McManus wrote:
> On Sun, Mar 12, 2017 at 5:28 PM, Adrien de Croy <adrien@qbik.com> wrote:
> 
> >
> > I can see the strong desire to reduce latency / RTTs in setup phase pre
> > application data, but it makes me worry about a few things.  SYN flood
> > attacks were rendered ineffective by SYN cookies, which meant the server
> > didn't need to maintain state about a connection until after the ACK to the
> > SYN ACK was received, thereby precluding spoofing source IP.
> >
> > However if the initial packet has crypto setup as well, the server will
> > need to record and retain client state from the initial packet which will
> > open it up to a SYN flood style of resource consumption attack?
> >
> >
> QUIC worries a lot about DoS and amplification attacks including what you
> are describing (and more!). These are certainly practical problems.
> 
> A server worried about growing amounts of outstanding handshake state can
> choose to insert a round trip in order to accomplish source address
> validation. Basically proof of receipt is done with a TLS extension and a
> Client Hello can be stretched out for another RTT to include this "source
> address validation token" via the TLS 1.3 Hello Retry Request mechanism.
> 0-RTT connections would always include the validation token, but if this
> mitigation were being applied it would turn 1-RTT connects back into the
> TCP/TLS style 2-RTT.
> 
> https://quicwg.github.io/base-drafts/draft-ietf-quic-
> transport.html#client-address-validation-procedure
> https://quicwg.github.io/base-drafts/draft-ietf-quic-tls.
> html#source-address-validation
> https://tlswg.github.io/tls13-spec/#rfc.section.4.1.4
> 
> The token can be anything the server likes (the client just has to echo it)
> as long as it is unguessable. There are obvious ways to do that which don't
> require state per conn.

In fact that's an area where I think we have an opportunity to fix this
TCP flood problem. The current remediations for TCP are limited. Against
SYN floods we have SYN cookies which are not perfect since they're limited
by the client's capabilities and are not *that* secure (but often enough
to limit the impact of massive attacks).

We also face the risk that a sequence number is guessed to establish a
connection from spoofing. That's rare and difficult but much easier once
the server starts to emit SYN cookies. And such an abused TCP connection
can be used to flood the server with many pipelined HTTP requests. Given
that most servers OSes have large outgoing TCP windows, the server can
push a lot of responses before the outgoing buffer is full and the
processing stalls. This can be used to abuse CPU/resources and/or as an
amplification attack (but good luck for making use of this).

Here by redesigning the transport layer we do have opportunities for
improving the situation. The risk is to overlook some robust points of
TCP that are considered as granted and which protect it. But if TCP is
mostly imitated with larger tokens instead of just SYN cookies, there
is an opportunity to keep its robustness by design and improve it by
limiting the risk of guessing some sensitive numbers.

The other risk I'm seeing is having the server perform too expensive
validations on incoming datagrams. Sometimes using multiple algorithms
at once can considerably help. Eg a token is made by the concatenation
of XXH32(udp endpoints) and its SHA256. You only validate the SHA256
part when the XXH32 is fine (it's much cheaper). This way you don't
have to perform expensive operations to deal with massive attacks.

Cheers,
Willy

v2.37.1 | Report a Bug | By Email | System Status