Re: [quicwg/base-drafts] Guard initial packet against amplification attack via compression (#596)
MikkelFJ <notifications@github.com> Tue, 06 June 2017 22:38 UTC
Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94CDC128B93 for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 15:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.8
X-Spam-Level:
X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32Ud1bouGx0P for <quic-issues@ietfa.amsl.com>; Tue, 6 Jun 2017 15:38:41 -0700 (PDT)
Received: from o6.sgmail.github.com (o6.sgmail.github.com [192.254.113.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31E2C128D2E for <quic-issues@ietf.org>; Tue, 6 Jun 2017 15:38:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4GfBynrLAsxsYOnZ1Y3acbJSW2c=; b=qkhE5IZkAQT/FKZK JPaJ2vlaMiGTvQ0uVQKEMb+DPcHnI1U5yadL0q/ZflWtXDayHvIaRSNUAs+beA5H Tr5voUb5nshHjJsYkMIjGrCq5LGVS74/gO9YQyfdvaBnJsVYWwDSIFQL+L73vEma 3lg71ZtJI4zi3iOACLd3+NB71FY=
Received: by filter0434p1mdw1.sendgrid.net with SMTP id filter0434p1mdw1-28477-59372EE7-26 2017-06-06 22:38:31.686458245 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0002p1iad1.sendgrid.net (SG) with ESMTP id SeXBMy-SRbml7y1TEP4NOQ for <quic-issues@ietf.org>; Tue, 06 Jun 2017 22:38:31.644 +0000 (UTC)
Date: Tue, 06 Jun 2017 15:38:31 -0700
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab0fcafb75d5d6f983f22fb96fff155f1bae83b2e492cf00000001154ef0e792a169ce0df15566@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/596/306637444@github.com>
In-Reply-To: <quicwg/base-drafts/issues/596@github.com>
References: <quicwg/base-drafts/issues/596@github.com>
Subject: Re: [quicwg/base-drafts] Guard initial packet against amplification attack via compression (#596)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59372ee784a3f_18b93f9b6e57bc3459949"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak3xaU8HbZqkQ5GzVwIa/AEfYfjgaoc7lz+TIy KCL9+5ce0RgXZU8uIA7WmQ1+ugFjfFMxnby9kLAqyfHK+K+LfAnonFOhlMdLoh6Vz59NfGY1fvTajw wY36ljcHxxh+qQnYO9eb5U1twPepnA0Xdkk1l0xO1KW5SgPj5FbMdlPMbSaKNuLQfGIw/KKnh+rAzr g=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/58fwB2n0tc7T5YcJGYqCl8_zsXM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 22:38:43 -0000
I am, for example, imagining a large cloud hosting environment with high bandwidth compressed backbone for inter-datacenter links. You could feed outbound traffic at high rates that condense at server elsewhere. Such a backbone would have no concern for port 443 at the point of compression and if a common server vulnerability was found, many hosted services could join in a DDoS attack. For comparison, some storage networks for iSCSI do terminate TCP connections near sender and internally transfer packets using larger MTUs and possible with hardware compression to move large data volumes over a distance. Still, I am no saying this is a major concern, just pointing out the possibillity. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/596#issuecomment-306637444
- [quicwg/base-drafts] Guard initial packet against… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… Martin Thomson
- Re: [quicwg/base-drafts] Guard initial packet aga… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… ianswett
- Re: [quicwg/base-drafts] Guard initial packet aga… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… MikkelFJ
- Re: [quicwg/base-drafts] Guard initial packet aga… Martin Thomson
- Re: [quicwg/base-drafts] Guard initial packet aga… Martin Thomson