Return-Path: X-Original-To: quic-issues@ietfa.amsl.com Delivered-To: quic-issues@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6371913214D for ; Tue, 22 Aug 2017 20:54:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2euJfavEa5yq for ; Tue, 22 Aug 2017 20:54:23 -0700 (PDT) Received: from o8.sgmail.github.com (o8.sgmail.github.com [167.89.101.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7F061321A1 for ; Tue, 22 Aug 2017 20:54:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=agd2XksdVFeALJrlhghrFzXIjn4=; b=O5friGITfiEJgz89 FHB+mTi0WxSsabiW0Trc99gPjrokLCUUf3T9CImLonZVqIeodrkhxQoKpkyVQZZj 5WWlLrajGgA6sVZovvdlTj1D9w8orvmIfxp6M4k7jV7NKZDToPcs8wOEWDqER6WH iYtzLXPJW0ibyG6hrqvlL7FCXfo= Received: by filter0225p1las1.sendgrid.net with SMTP id filter0225p1las1-14543-599CFC6D-16 2017-08-23 03:54:21.682682738 +0000 UTC Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0003p1iad1.sendgrid.net (SG) with ESMTP id QOp4CmXDT5q2bM64-ZoQXA for ; Wed, 23 Aug 2017 03:54:21.596 +0000 (UTC) Date: Wed, 23 Aug 2017 03:54:21 +0000 (UTC) From: Christian Huitema Reply-To: quicwg/base-drafts To: quicwg/base-drafts Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [quicwg/base-drafts] Avoid attack on address validation during connection migration (#746) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_599cfc6d679c4_46d63fe4d1b51c38606e4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: huitema X-GitHub-Recipient: quic-issues X-GitHub-Reason: subscribed X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: quic-issues@ietf.org X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2YVDLhyoVCC/iI8YemE+zuQW0mFWojCIUZ8N UWyyXMA08MCWyASkKpnb7BrKKqRlCeCXmJG2OwGeovfpwTpZqKMma7TZFAoHUGbbKl9vRZGWPKQODH x64BcfPize/r1MQCNF+N/nPWd6kePHV4mBf/pdthPSJE/2B3DTBoIpTVMoNDfciDx8/nn6ytgffLyB A= Archived-At: X-BeenThere: quic-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: Notification list for GitHub issues related to the QUIC WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Aug 2017 03:54:25 -0000 ----==_mimepart_599cfc6d679c4_46d63fe4d1b51c38606e4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit huitema commented on this pull request. I think we are still missing something. We need to somehow tie the packets to the new path, in a cryptographic way. One potential solution is to use a new connection ID for the new path. That way, third parties cannot forward a PING or PONG meant for one path to the other path. But this needs work. And yes, it is very close to multipath. > @@ -1453,6 +1453,10 @@ return. A PING frame containing 12 randomly generated {{?RFC4086}} octets is sufficient to ensure that it is easier to receive the packet than it is to guess the value correctly. +Note: + +: Retransmissions of the PING frame MUST also use the same remote address. + If validation of the new remote address fails, after allowing enough time for Really? That seems to contradict what you are saying later. > +received, but it could also mean ceasing retransmissions of the PING frame. An +endpoint that doesn't retransmit a PING frame might receive a PONG frame, which +it MUST ignore. + + +## Spurious Connection Migrations + +A connection migration could be triggered by an attacker that is able to capture +and forward a packet such that it arrives before the legitimate copy of that +packet. Such a packet will appear to be a legitimate connection migration and +the legitimate copy will be dropped as a duplicate. + +After a spurious migration, validation of the source address will fail because +the entity at the source address does not have the necessary cryptographic keys +to read or respond to the PING frame that is sent to it, even if it wanted to. +Such a spurious connection migration could result in the connection being The text is correct, except if the man on the side manages to play "man in the middle". It knows that the first packet to the new address will be a PING. It could forward it to the old address, capture the next packet from that old address, and forward it again to the target. Bingo, the PONG succeeds. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/746#pullrequestreview-57967334 ----==_mimepart_599cfc6d679c4_46d63fe4d1b51c38606e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@huitema commented on this pull request.

I think we are still missing something. We need to somehow tie the packets to the new path, in a cryptographic way. One potential solution is to use a new connection ID for the new path. That way, third parties cannot forward a PING or PONG meant for one path to the other path. But this needs work. And yes, it is very close to multipath.

In draft-ietf-quic-transport.md:

> @@ -1453,6 +1453,10 @@ return.  A PING frame containing 12 randomly generated {{?RFC4086}} octets is
 sufficient to ensure that it is easier to receive the packet than it is to guess
 the value correctly.
 
+Note:
+
+: Retransmissions of the PING frame MUST also use the same remote address.
+
 If validation of the new remote address fails, after allowing enough time for

Really? That seems to contradict what you are saying later.

In draft-ietf-quic-transport.md:

> +received, but it could also mean ceasing retransmissions of the PING frame.  An
+endpoint that doesn't retransmit a PING frame might receive a PONG frame, which
+it MUST ignore.
+
+
+## Spurious Connection Migrations
+
+A connection migration could be triggered by an attacker that is able to capture
+and forward a packet such that it arrives before the legitimate copy of that
+packet.  Such a packet will appear to be a legitimate connection migration and
+the legitimate copy will be dropped as a duplicate.
+
+After a spurious migration, validation of the source address will fail because
+the entity at the source address does not have the necessary cryptographic keys
+to read or respond to the PING frame that is sent to it, even if it wanted to.
+Such a spurious connection migration could result in the connection being

The text is correct, except if the man on the side manages to play "man in the middle". It knows that the first packet to the new address will be a PING. It could forward it to the old address, capture the next packet from that old address, and forward it again to the target. Bingo, the PONG succeeds.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_599cfc6d679c4_46d63fe4d1b51c38606e4--