Re: [Int-area] SOCKS6 and UDP
Vladimir Olteanu <vladimir.olteanu@cs.pub.ro> Thu, 12 December 2019 14:47 UTC
Return-Path: <vladimir.olteanu@cs.pub.ro>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53749120846 for <int-area@ietfa.amsl.com>; Thu, 12 Dec 2019 06:47:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZM7wYqF82f4 for <int-area@ietfa.amsl.com>; Thu, 12 Dec 2019 06:47:39 -0800 (PST)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id E975C1208B6 for <int-area@ietf.org>; Thu, 12 Dec 2019 06:47:38 -0800 (PST)
IronPort-SDR: wZLVArUR63vr6qISLCU3bPgV8yXLxNg+0NYO/Txv3/1wmEyLfe72GpBDUlDJFo6E38xv+T+SpH xVEzFlZcUsyg==
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 12 Dec 2019 16:47:36 +0200
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 74C911A60241; Thu, 12 Dec 2019 16:47:36 +0200 (EET)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id YNqublf_i6kK; Thu, 12 Dec 2019 16:47:36 +0200 (EET)
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 56F201A60250; Thu, 12 Dec 2019 16:47:36 +0200 (EET)
X-Virus-Scanned: amavisd-new at cs.pub.ro
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UndYAYR7oWRS; Thu, 12 Dec 2019 16:47:36 +0200 (EET)
Received: from [172.19.2.213] (unknown [141.85.233.142]) by vmail.cs.pub.ro (Postfix) with ESMTPSA id 39A9F1A60241; Thu, 12 Dec 2019 16:47:36 +0200 (EET)
To: Ben Schwartz <bemasc@google.com>
Cc: int-area@ietf.org
References: <CAHbrMsDgP0zvjhgsqvv2rvxBo69c-W0agnv9+pe5MeF2j+fOuw@mail.gmail.com> <6f2d6f3e-111f-b06f-b58f-fedd82a294e1@cs.pub.ro> <CAHbrMsA+1cgnaqApTbCGoU0xp8v380Sk+pBrqx+201FoCCsBqA@mail.gmail.com>
From: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>
Message-ID: <91423e9b-1d8b-0627-6ca0-e991099bff8b@cs.pub.ro>
Date: Thu, 12 Dec 2019 16:47:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CAHbrMsA+1cgnaqApTbCGoU0xp8v380Sk+pBrqx+201FoCCsBqA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------157E68553D3CED57B4ADF388"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/HbtMGAy1HyWasetT44Zy-dVh5ys>
Subject: Re: [Int-area] SOCKS6 and UDP
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 14:47:45 -0000
On 12/11/19 6:09 PM, Ben Schwartz wrote: > > > On Tue, Dec 10, 2019 at 2:43 PM Vladimir Olteanu > <vladimir.olteanu@cs.pub.ro <mailto:vladimir.olteanu@cs.pub.ro>> wrote: > > > > Hi Ben, > > > > I've added my comments inline. > > > > On 12/10/19 7:12 PM, Ben Schwartz wrote: > > > I have a few notes on the SOCKS 6 draft, related to UDP. > > > > > > 1. I would like to require servers to share resumption between TLS and > > > DTLS. This would allow clients to keep a single resumption cache, > > > instead of two. > > > > This is the first time I hear about TLS and DTLS sharing sessions. > > > > It is a nice performance improvement that, as far as I can tell, doesn't > > have any drawbacks. However, I wouldn't require it (as in MUST, REQUIRE > > or SHOULD) since it puts extra burden on the implementers. > > The problem is, if it isn't required for the server, then the client > always has to keep separate session caches, because it has no way to > know if resumption tickets/keys could be shared. The client can always probe whether or not sessions can cross over from TLS to DTLS. This has a one-time cost of 1 RTT. > > > All that > > should be required is a functional TLS layer. (Session resumption might > > not be supported by the library, it becomes complicated if you're using > > an L4 load-balancer etc. etc.) > > True, if the TLS termination is implemented separately from the SOCKS > server then this could be hard to achieve. Port 1080 is reserved for > SOCKS on both TCP and UDP, so maybe this requirement could apply only > when using TLS and DTLS on the same host and port. > It could be that TLS and DTLS are terminated by separate processes, or even separate machines, hence my apprehension about requiring this feature. On the other hand, we can require (as in SHOULD) the client to try to reuse the session. > > > Putting a very large Association ID at the beginning of every packet > > > is not appealing, but with DTLS there may be a more secure and more > > > efficient solution. For example, the client could include a longer > > > Association ID only until it gets an acknowledgement from the server, > > > at which point both sides know that the UDP association is mapped to > > > this DTLS connection. Alternatively, the client could send some > > > information about its DTLS ClientHello in the TLS channel that sent > > > the UDP ASSOCIATE, creating a secure binding. > > > > Unfortunately, we can't ditch the Association ID entirely, because > > multiple UDP associations can be multiplexed over the same DTLS > connection. > > > > Your idea about having two different Association IDs is interesting. In > > essence, one would be "signed", and the other "unsigned". The only issue > > is that the ID eats into the maximum payload size, and clients would see > > the equivalent of a varying MTU. > > Yeah, this is inconvenient. One can imagine a new message type like > "ACCEPT ASSOCIATION" that is sent on the DTLS connection, which > includes both a long (e.g. 128-bit) server-selected Association ID and > a short (e.g. 16-bit) client-selected key that identifies the > association on this DTLS connection (or 5-tuple). However, I'm not > sure how to do this without adding a roundtrip. > Yes, adding round trips is something we are trying to avoid. > > Your second idea with the ClientHello seems promissing. We could include > > the session ID, connection ID or ticket in the SOCKS Request. (I'm not > > sure what to do if the DTLS connection has neither.) > > It could just be the whole DTLS ClientHello, or a hash of it. > Having the proxy remember the whole ClientHello for every connection is costly. Hashes are doable, but it likely requires digging into the guts of whatever TLS library the endpoints are using. Further, if there's a DTLS-terminating proxy, things get really messy. I'd hate to see SOCKS ALGs popping up. Come to think of it, I'd say that we shouldn't rely on any cross-layer information for security, or for any other critical features. Vlad
- [Int-area] SOCKS6 and UDP Ben Schwartz
- Re: [Int-area] SOCKS6 and UDP Vladimir Olteanu
- Re: [Int-area] SOCKS6 and UDP Ben Schwartz
- Re: [Int-area] SOCKS6 and UDP Vladimir Olteanu
- Re: [Int-area] SOCKS6 and UDP Joe Touch