Re: [quicwg/base-drafts] Document request forgery (#3996)

David Schinazi <notifications@github.com> Mon, 31 August 2020 18:46 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDDFF3A1899 for <quic-issues@ietfa.amsl.com>; Mon, 31 Aug 2020 11:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDXWnFW2Htr1 for <quic-issues@ietfa.amsl.com>; Mon, 31 Aug 2020 11:46:52 -0700 (PDT)
Received: from out-25.smtp.github.com (out-25.smtp.github.com [192.30.252.208]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8ED53A1898 for <quic-issues@ietf.org>; Mon, 31 Aug 2020 11:46:51 -0700 (PDT)
Received: from github-lowworker-0f78100.ash1-iad.github.net (github-lowworker-0f78100.ash1-iad.github.net [10.56.25.48]) by smtp.github.com (Postfix) with ESMTP id 265D5840049 for <quic-issues@ietf.org>; Mon, 31 Aug 2020 11:46:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1598899611; bh=MoLhiptDv48ZdKJEBE0Z8gz8lBQ51rkuYJuhwR+RN60=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MhYoJ4vQvbQ50IsDdxKXiCQF9FWYTpylExAOAW4jhfEw0TBfzMXRPFLJ+Rxv5C+lp bBFPOoDaNxrw2SWB5VVpBB5G0qufs+DEaKDfX2KWenm4uXX5aQXyIXiLpLZlJclqPw z43rvJmLh9dQbhn+jKIK/dJMUo/58vlS1K8VS5p0=
Date: Mon, 31 Aug 2020 11:46:51 -0700
From: David Schinazi <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYHR6YIELSMHKGBP5V5LETJXEVBNHHCQ3GPNU@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3996/review/478856163@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3996@github.com>
References: <quicwg/base-drafts/pull/3996@github.com>
Subject: Re: [quicwg/base-drafts] Document request forgery (#3996)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f4d459b1730e_29a019641164f1"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: DavidSchinazi
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/6MFnQb6pZu_441cefR4BEd4FPYU>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 18:46:53 -0000

@DavidSchinazi commented on this pull request.



> +frames in packets prior to completing address validation. Note that this does
+not prevent an attacker from using the Destination Connection ID field for an
+attack.
+
+Endpoints are not expected to have specific information about the location of
+servers that could be vulnerable targets of a request forgery attack. However,
+it might be possible over time to identify specific UDP ports that are common
+targets of attacks or particular patterns in datagrams that are used for
+attacks. Endpoints MAY choose to avoid sending datagrams to these ports or not
+send datagrams that match these patterns prior to validating the destination
+address. Endpoints MAY retire connection IDs containing patterns known to be
+problematic without using them.
+
+Note:
+
+: Modifying endpoints to apply these protections is more efficient than

It's definitely possible that I'm the one confused. In my understanding, we have two ways of solving the "QUIC endpoint is sending attacker-controlled data to unvalidated address" issue:
1. the QUIC endpoint limits what it sends before validation
2. a magical network appliance verifies that the QUIC endpoint isn't sending evil packets where it shouldn't

I do agree with you that we want (1) instead of (2), but saying that (1) is more *efficient* than (2) isn't necessarily true if you measure efficiency as QUIC performance, because (1) can add a round trip but (2) doesn't

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3996#discussion_r480319780