Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-ddos-protection-09: (with COMMENT)
Yoav Nir <ynir.ietf@gmail.com> Tue, 27 September 2016 19:21 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3499012B49E; Tue, 27 Sep 2016 12:21:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZMn7V_7msij; Tue, 27 Sep 2016 12:21:50 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD9D012B333; Tue, 27 Sep 2016 12:21:49 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id l132so30736180wmf.1; Tue, 27 Sep 2016 12:21:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EdQs647tSS60y436ES155uug0NaaEL71xRO9AEZ7OA0=; b=si7bl4Z3RYPwyuxvMWLIKD4RTbvfJNPAiBj482n8tEzhjLqpiRWBpi9UWqJFpPfaV9 ZeRT/YF0VMIHf/VurJiS5HcUj0SSZt0FBYqg1RrB1f/uwONdp8hHR+TI551lj1inN+Rm mECqchobFRHY2xDCVegENkgPFZ+SatOVC1RRDlNbbHPMBTyPATTbrnHxGGEW+ZfxN+do ar/+/2SZbCDNZq99w0gsfwG7NRcgA7c8LGTHuf31t8n6HJJ/cS54rh6lxsE06KNfNrM1 RlPHjPg0RyxTteWuUKXaD+O+XsoBSxboLPSwHVkvihmzO/gRFlR1Lt6mZhbpJAT4mayY rf5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EdQs647tSS60y436ES155uug0NaaEL71xRO9AEZ7OA0=; b=dr5o96IcFVcWU4kZN1E2ORuAQqwgmAAczT4nWIcUp9vSRLk9qHKnogEp6JIQEmEkWj TIu69UT4PzAKYu/TL57FNa1bEWyD5BPvND5e6glFvJQpLgVtBn+0qXu8jAoG1tyNkzco xs132MIGKHBLVaOdRxUHobA9O19Nv7imIM5kBkR8xsswZWVx7NK6bu3kwqp8TlVfhTCl 2rYiyo0nIsXRgG84jOLfU5q3lrCqOolZfYwu15Qwxn0X7DXBrGEUxukn+L/hYn1BPNYH dTHhC+UQV6str3YTZxoEjYBxc+o+VUjZ5EIJBD1ELpvoX2R595I28saAeETdDVypg1d+ Ktrw==
X-Gm-Message-State: AE9vXwMcHOB1wa/gefOCbn0VhpItiEbF8rE3Dbpm+wh0a7V88TbGY992FxWkbZ7HX00B+g==
X-Received: by 10.194.190.37 with SMTP id gn5mr24289065wjc.168.1475004108136; Tue, 27 Sep 2016 12:21:48 -0700 (PDT)
Received: from [192.168.1.13] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id 123sm4658176wmj.5.2016.09.27.12.21.46 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Sep 2016 12:21:47 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <147499618776.4465.11672584634820556976.idtracker@ietfa.amsl.com>
Date: Tue, 27 Sep 2016 22:21:45 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3583754A-964B-4BAF-85DC-126373EF8857@gmail.com>
References: <147499618776.4465.11672584634820556976.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/veKGZiBSuYAKL6zOTA5mUCN92Ug>
Cc: ipsec@ietf.org, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-ddos-protection@ietf.org, The IESG <iesg@ietf.org>, David Waltermire <david.waltermire@nist.gov>
Subject: Re: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-ddos-protection-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 19:21:52 -0000
On 27 Sep 2016, at 8:09 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > This is a nicely written document... thanks! > > - I vaguely recalled that puzzles and IPR rang a bell. Did > the WG consider [1]? If not, and if it helps, I'm fine with > making a 3rd party declaration on that and last call could be > done again. Or maybe there's a better way to handle it. Or > maybe the WG considered it and are happy enough already that > it's not relevant or about to expire or abandoned or > something. ("Not relevant" would puzzle me:-) > > [1] https://datatracker.ietf.org/ipr/417/ We did not consider this one. We did consider a Sun/Oracle patent but ultimately worked around this by replacing the type of puzzle. The current puzzle is based on the proof-of-work algorithm used in Bitcoins. Looking at the IPR statement you linked to, it does not seem relevant to me, but IANAL. The proof-of-work scheme described in the patent ([2]) involves setting a time limit for the client to complete the puzzle solution. The puzzle in our draft has a set difficulty level, but no time limit for the Initiator to solve it. [2] https://libpatent.com/patents/07197639 > - section 3: "if certificates are involved" - you could note > here that involving certificates can introduce a network > based delay (OCSP, CRLs etc) that's a little different from > CPU consumption. (But it's a nit, and you do note a similar > issue in 4.7.) True. But I think that for most devices used as IKE responders the bottleneck is going to be the amount of CPU they can dedicate to verifying signatures on certificates and CRLs/OCSP responses, not the amount of memory they need to allocate while they’re waiting for a response from whatever servers on the network. IOW if a certain device is capable of verifying the signatures on certificate and CRLs for n initiators per second and there is a total network delay of t to get all the necessary CRLs or OCSP responses and a memory allocation of m for every in-progress IKE Exchange, the same device will be able to allocate much more memory than the m*n*t that is needed to support the n*t concurrent exchanges. > - 4.2: "ratelimits should be done based on either the /48 or > /64" - would it be better to say "something between a /48 and > a /64" maybe? Don't some ISPs assign things in-between? They do. It even says so earlier in the same paragraph. But the Responder does not know what the practices are at the Initiator’s ISP. We know that prefixes longer than /64 are too granular and that prefixes shorter than /48 are too coarse for marking a certain range of addresses as attacking. I suppose the Responder could choose something in between, but I don’t think there’s ever a good justification for say /50 or /58. /48 and /64 seem to make the most sense. > - 4.4: Did you consider making the "4 keys" requirement tied > to the PRF algorithm identifier? That would allow for a > future where e.g. 6 keys are needed for the same PRF, if that > were ever useful. (Without changing current implementations.) > I guess you'd need a separate IANA registry that'd initially > duplicate stuff in that case so maybe not worth doing. (And > could be done later.) Since the level of the puzzle is settable by tweaking the required number of zero-bits, the number of required answers plays no part in the level of difficulty. Rather, it is used to smooth out the puzzle difficulty. See my response to Mirja on this and also https://mailarchive.ietf.org/arch/msg/ipsec/v7PFBEWeaT6ZQCjzCmIaxbRnZ8A > - 7.1.1 - you don't clearly say if the cookie value here can > be a new one or should be the same as one previously used (if > one was previously used). That may just be my ignorance of > IPsec cookies though, but I wondered if there are any cases > where the initiator gets to work away on the puzzle ahead of > time if the same cookie is used for multiple interactions. > There's not much (or zero) of an improvement to the attack > here, though maybe the attacker could more easily offload > puzzle solving to someone else in that case? > I see that while I’m typing this Valery has also replied, so I’ll leave this part to him, as he replied at length. Yoav
- [IPsec] Stephen Farrell's Yes on draft-ietf-ipsec… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Valery Smyslov
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Yoav Nir
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Stephen Farrell