Re: [quicwg/base-drafts] Request Forgery Attacks through Version Negotiation (#4258)
Martin Thomson <notifications@github.com> Fri, 06 November 2020 04:12 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 581023A0A84 for <quic-issues@ietfa.amsl.com>; Thu, 5 Nov 2020 20:12:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VebYuvynUZOo for <quic-issues@ietfa.amsl.com>; Thu, 5 Nov 2020 20:12:44 -0800 (PST)
Received: from smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9731B3A0A81 for <quic-issues@ietf.org>; Thu, 5 Nov 2020 20:12:44 -0800 (PST)
Received: from github.com (hubbernetes-node-1203ec7.ac4-iad.github.net [10.52.102.23]) by smtp.github.com (Postfix) with ESMTPA id D4B50520095 for <quic-issues@ietf.org>; Thu, 5 Nov 2020 20:12:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1604635963; bh=JjQ4poFcCM/eAoLsHfcmalIbZ3VpPf1wGvxky8r+/qM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uAa/LT4mMTxC8NOOZ2DBStiXgGIzww9DRIbqq9PyuMfekhtei9i5BPcKX38hlnpd5 o9etS9HfhLNPNWgUx73lTSZreF59XVJCq9Zh6PE8fGSoYsNhe66wsqtzBLafQe6NiD 5uxnNBpNAKKbVIVKjY4w+Gh5b95ilWGXBmQP+GgQ=
Date: Thu, 05 Nov 2020 20:12:43 -0800
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZVN4QKE6MZNZITU555WCXDXEVBNHHCWU2F3Y@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/4258/722802177@github.com>
In-Reply-To: <quicwg/base-drafts/issues/4258@github.com>
References: <quicwg/base-drafts/issues/4258@github.com>
Subject: Re: [quicwg/base-drafts] Request Forgery Attacks through Version Negotiation (#4258)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5fa4cd3bd0f28_5419b423003c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/8PWp8ec8ugWQJx_DZ7xQ68zlTa4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 04:12:46 -0000
@marten-seemann, trying to move discussion here. You suggest that in a p2p deployment, the ability to control deployment of "server" instances is limited. My response is that *in general* you need some sort of signaling between peers to communicate addresses for p2p. NAT traversal generally requires it, and - if nothing else - you usually need to ship IP addresses for peers around. Given that, I think that it is reasonable to include - in that signaling - information about supported protocols such that you should never need to generate a QUIC Version Negotiation in that context. Maybe you don't care for that, but I think that it is probably better than accepting the exposure. If you have an idea for how we might avoid this particular sort of request forgery without that, then I'm open to suggestions. Right now, the proposal is that servers accept the risk and manage it. But if there is a protocol change that would improve the situation, that might be better. Assuming that it is minimally disruptive, of course. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/4258#issuecomment-722802177
- [quicwg/base-drafts] Request Forgery Attacks thro… Christian Huitema
- Re: [quicwg/base-drafts] Request Forgery Attacks … Martin Thomson
- Re: [quicwg/base-drafts] Request Forgery Attacks … Marten Seemann
- Re: [quicwg/base-drafts] Request Forgery Attacks … Jana Iyengar