IETF Logo Mail Archive

Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04

Tommy Pauly <tpauly@apple.com> Sun, 06 March 2016 01:49 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38CE41A87C3 for <ipsec@ietfa.amsl.com>; Sat, 5 Mar 2016 17:49:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.092
X-Spam-Level:
X-Spam-Status: No, score=-4.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oy4kJyki0nwF for <ipsec@ietfa.amsl.com>; Sat, 5 Mar 2016 17:49:36 -0800 (PST)
Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 970721A87C8 for <ipsec@ietf.org>; Sat, 5 Mar 2016 17:49:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1457228976; x=2321142576; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Npg3+Fwq8rCowXNipc5T7xj/wW4IlcWpJfWGyM/KhgU=; b=hFSiG/CyB5uvggSH9pL5wFHqYv4Vb9BTr9m+vRTh4Lrzh1EKG+YIEMFgMMDx5hws uyPWCEPOz1C1Fj3hiTVgAGefDjKOSQnM5xnw4a+UhxD9cvHl3bOjT4Ft2eo9eIk1 A379dgmIX9ggUcksk7CQ69l7+6cTaKpUmGVdsDV5lMhd66IepyaxCCgt+iTS8S45 4UuVe+1CuCykW01svMki4Yw05tQwm3wgIAaffgFHDLsicDZc5JI6h0C/9oH9D6w4 xjuUzBYjz9yqC6qGhwdzNOLwtsJpxLVnwAZkBDVU6mUnsCetVicpYFut2q6nP4p7 nxNVmCxsOMr2UfGMEGzZxA==;
Received: from relay5.apple.com (relay5.apple.com [17.128.113.88]) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id A7.1C.27179.0BC8BD65; Sat, 5 Mar 2016 17:49:36 -0800 (PST)
X-AuditID: 11973e15-f79686d000006a2b-c3-56db8cb0af68
Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) (using TLS with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by relay5.apple.com (Apple SCV relay) with SMTP id AB.22.25582.0BC8BD65; Sat, 5 Mar 2016 17:49:36 -0800 (PST)
Received: from [17.153.35.61] by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPSA id <0O3L00J5WH2NPH10@nwk-mmpp-sz09.apple.com> for ipsec@ietf.org; Sat, 05 Mar 2016 17:49:36 -0800 (PST)
Sender: tpauly@apple.com
MIME-version: 1.0 (Mac OS X Mail 10.0 \(3167\))
Content-type: text/plain; charset="utf-8"
From: Tommy Pauly <tpauly@apple.com>
X-Priority: 3
In-reply-to: <D366AC994D9B493581770BA93552CCB6@chichi>
Date: Sat, 05 Mar 2016 17:49:35 -0800
Content-transfer-encoding: quoted-printable
Message-id: <E1E23C5F-D6D5-421F-8AC3-9EA34243E9D9@apple.com>
References: <BY1PR09MB03587C3829A33D76ECE8EF1BF0BB0@BY1PR09MB0358.namprd09.prod.outlook.com> <CADnPsE-RfHiRdof82CPokYXXVaEa74ssXw2XQ5v7hYpdFYQ7=Q@mail.gmail.com> <alpine.LFD.2.20.1603041020030.29534@bofh.nohats.ca> <1913628F357D497DABAB6D43640A02A7@chichi> <alpine.LFD.2.20.1603050625460.15398@bofh.nohats.ca> <D366AC994D9B493581770BA93552CCB6@chichi>
To: Valery Smyslov <svanru@gmail.com>
X-Mailer: Apple Mail (2.3167)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOLMWRmVeSWpSXmKPExsUi2FAYobuh53aYwZ3NPBb7t7xgc2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxsw5X1kLJitVHLraydbAeFq6i5GTQ0LAROLBmiUsELaYxIV7 69m6GLk4hAT2MkpsXbyIBaZoWitMYhmTxLJnPYwQTiOTxLpPbUBVHBzCAhISm/ckgjQICzhJ 3Fj5nAkkzCugL/HrTDiIySygLjFlSi5IBZuAisTxbxuYIcbzSsxofwq2ilPATOLjgiVMIDaL gKrErR9bWUFsZgFDieX7NkPZ2hJP3l0As3kFbCQWzu5jgbjmNZNE45Ed7CAJEaDmm9t+Qi2Q lbhz/DRYkYTAGjaJh882Mk1gFJ2FcN4shPNmIVmxgJF5FaNQbmJmjm5mnpleYkFBTqpecn7u JkZQyE+3E93BeGaV1SFGAQ5GJR7elPLbYUKsiWXFlbmHGKU5WJTEee0/3AwTEkhPLEnNTk0t SC2KLyrNSS0+xMjEwSnVwLi8MsNB4spL5y1zH6V2dmzqWfrkzTLemWn/nAVidffLxLRZXjtk brfr2fc9H/YFhDLPXfMvuJmbJc9xZ9u0f6Vp2xYuM9l/ctF/m/bp6/vaH5paTnj9RtXoUe/h 1Q4Lt4qd7F99/LzVir0edle+h0Z8ey3pkPTq2R6O9MeBcg6nPvxO2vbk0q4jSizFGYmGWsxF xYkAiNawDFoCAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeLIzCtJLcpLzFFi42IRbCgO0N3QczvM4EETp8X+LS/YHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVMXPOV9aCyUoVh652sjUwnpbuYuTkkBAwkZjWup4NwhaTuHAP xObiEBJYxiSx7FkPI4TTyCSx7lMbSxcjB4ewgITE5j2JIA3CAk4SN1Y+ZwIJ8wroS/w6Ew5i MguoS0yZkgtSwSagInH82wZmiPG8EjPan7KA2JwCZhIfFyxhArFZBFQlbv3YygpiMwsYSizf txnK1pZ48u4CmM0rYCOxcHYfC8Q1r5kkGo/sYAdJiAA139z2E2qBrMSd46dZJjAKzUK4aBbC RbOQTF3AyLyKUaAoNSex0lQvsaAgJ1UvOT93EyM4RAsjdjD+X2Z1iFGAg1GJh/fFs5thQqyJ ZcWVuYcYJTiYlUR4HTtvhwnxpiRWVqUW5ccXleakFh9iTAb6ZSKzlGhyPjB+8kriDU1MDEyM jc2Mjc1NzEkTVhLnNTlxNUxIID2xJDU7NbUgtQhmCxMHp1QDo9Y1s02uiey9Su92pyU/ErvQ Z/tFuy96zT6m/ZHBS3N/LlkjOVefO7BH6qX/k+JJ17+2rNXTFgisq9DIrm16elviScGGZRoX GF6w1Sdyd+lyWW+dlBAipXu06oYwY9qE3B/352ff1V7jUiH8u2Hm++pzl4qWuX8xFbvbwN// 2Xx6M49C/eMGJZbijERDLeai4kQAmyIAQZUCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/kslMV2Gx5zE7qWWnr7743g3BG0M>
Cc: ipsec@ietf.org, Paul Wouters <paul@nohats.ca>
Subject: Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2016 01:49:38 -0000

> On Mar 5, 2016, at 5:11 AM, Valery Smyslov <svanru@gmail.com> wrote:
> 
>> If there is no consensus about puzzles, perhaps we should leave that
>> part out of the document?
> 
> I had an impression that threre was a consensus when
> the document was adopted by WG. In any case, I think that it is better to have an interoperable specification than to leave puzzles at all (and thus make them a subject
> for a proprietary solutions).

I agree that interoperability is key, and having a definition is useful if anyone will be implementing it. 

> 
>>> And note, that the way puzzles are used in the draft makes every
>>> attempt to not discriminate those initiators that don't support puzzles
>>> or cannot afford enough power to solve them. In other words -
>>> puzzles mechanism in the draft is not an absolute barrier for
>>> unsupported clients, it is just a first-class ticket for those who support and afford.
>> 
>> which is the botnet more than mobile phones. Which is why I don't see I
>> would implement this. It seems session resumption would be more
>> effective at distinguishing returning clients from a botnet.
> 
> Sure. But before every client becomes a "returning" one it must pass usual IKE_SA_INIT. And it cannot be a returning client the rest of its
> life - it must be fully reauthenticated from time to time.
> Thus the resumption cannot make the task of DDoS protection in IKE_SA_INIT non-existent.

Going along with Paul’s point, it does seem that the approach of session resumption would favor the legitimate mobile-device client, where the puzzle approach may unintentionally favor the botnets themselves. But it is also a good point that session resumption alone cannot solve the DDoS problem.

Would it be possible, I wonder, to try to combine these approaches to create a solution that has the responder-protecting properties of puzzles, while still favoring legitimate clients? This would require using some property of legitimate clients (who will be able to successfully authenticate later in the negotiation) as part of the puzzle-challenge, or a way to skew the results in their favor. I’m not sure if this is possible from the algorithmic perspective, but it would be interesting to use some pre-known value (a shared secret, an initiator or responder ID, etc) as a key to the puzzle that, if known, would allow a quicker solution. It should be impossible to tell what this original key or salt is from an eavesdropper’s perspective, but it could make the calculation quicker for a client with a weak processor that was correctly provisioned to communicate with the server.

Thanks,
Tommy

> 
>>> Could you, please, elaborate what scenario do you have in mind?
>> 
>> If you have an IPsec server willing to talk IKE/IPsec to anonymous
>> clients. So one-side AUTH_NULL, the other a real authentication. Since
>> the server talks to everyone who sends it an IKE_INIT, 
> 
> How it is concerned with AUTH_NULL? In IKE_SA_INIT the responder
> doesn't yet know that the initiator will use NULL auth or real auth, so any server usually replies to everyone who sends IKE_SA_INIT request.
> 
>> it is important
>> that this IKE_INIT reply is much smaller than the IKE_INIT request,
>> so this does not become a new amplification target. 
> 
> IKE_SA_INIT reply in most cases is smaller than request.
> The responder returns only a subset of initiator's SA transforms, a subset of initiator's  notifications (returning only supported ones),
> and usually only a subset of VIDs.
> In which real life scenario it is larger than request?
> 
>> Currently, such
>> a server could only always require dcookies to accomplish this, but
>> that takes an additional round trip. Some kind of padding in the
>> IKE_INIT request could easilly prevent this.
> 
> Sorry, I failed to understand how additional padding would work.
> Are you going to reject initiators that don't include this additional padding
> (i.e. - all usual IKEv2 clients)? Am I missing something?
> 
> Regards,
> Valery.
> 
>> Paul
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email