Re: [quicwg/base-drafts] QPACK security considerations (#3575)
Lucas Pardue <notifications@github.com> Tue, 14 April 2020 22:31 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DD223A119B for <quic-issues@ietfa.amsl.com>; Tue, 14 Apr 2020 15:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.267
X-Spam-Level:
X-Spam-Status: No, score=-3.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSwQxbgS8gqs for <quic-issues@ietfa.amsl.com>; Tue, 14 Apr 2020 15:31:29 -0700 (PDT)
Received: from out-22.smtp.github.com (out-22.smtp.github.com [192.30.252.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC1903A119A for <quic-issues@ietf.org>; Tue, 14 Apr 2020 15:31:28 -0700 (PDT)
Received: from github-lowworker-28f8021.ac4-iad.github.net (github-lowworker-28f8021.ac4-iad.github.net [10.52.25.98]) by smtp.github.com (Postfix) with ESMTP id C3010A050A for <quic-issues@ietf.org>; Tue, 14 Apr 2020 15:31:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1586903487; bh=K2DBAon5Shx03B01NJc6rvV5s8pINLXBx+Xe9+FDEps=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=w03O4nlY/GiQu+8TI2+lVSyyeCFKEQYmyd5Uxf36OFzWhM13hCqBjxSsFM/ZhPRoM s8aYb/9BmdwNI+O47RFLFdwtlt1WpITFZPicsZmThPq77xxpdLJAa6rGZRu+xW18sJ phbgb4ltWPrqVerQa95cSbT8112KLrwWMaktD40k=
Date: Tue, 14 Apr 2020 15:31:27 -0700
From: Lucas Pardue <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5UXXLI35SAWHH3MDF4UINL7EVBNHHCHNTZ2Y@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3575/review/393333547@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3575@github.com>
References: <quicwg/base-drafts/pull/3575@github.com>
Subject: Re: [quicwg/base-drafts] QPACK security considerations (#3575)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e9639bfb2d81_50f23fb4b34cd96417844f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: LPardue
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/8c1R-pM_riC59W8wFZDVKG3Ss_8>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 22:31:31 -0000
@LPardue approved this pull request.
lgtm modulo some nits
> +confirm guesses a character at a time, reducing an exponential-time attack into
+a linear-time attack.
+
+## Applicability to QPACK and HTTP
+
+QPACK mitigates but does not completely prevent attacks modeled on CRIME [CRIME]
+by forcing a guess to match an entire header field value, rather than individual
+characters. An attacker can only learn whether a guess is correct or not, so is
+reduced to a brute force guess for the header field values.
+
+The viability of recovering specific header field values therefore depends on
+the entropy of values. As a result, values with high entropy are unlikely to be
+recovered successfully. However, values with low entropy remain vulnerable.
+
+Attacks of this nature are possible any time that two mutually distrustful
+entities control requests or responses that are placed onto a single HTTP/2
```suggestion
entities control requests or responses that are placed onto a single HTTP/3
```
> +The amount of memory used by the compressor is limited by the protocol using
+QPACK through the definition of the maximum size of the dynamic table, and the
+maximum number of blocking streams. In HTTP/3, these values are controlled by
+the decoder through the setting parameter QPACK_MAX_TABLE_CAPACITY and
+QPACK_BLOCKED_STREAMS, respectively (see Section
+{{maximum-dynamic-table-capacity}} and {{blocked-streams}}). The limit on the
+size of the dynamic table takes into account both the size of the data stored in
+the dynamic table, plus a small allowance for overhead. The limit on the number
+of blocked streams is only a proxy for the maximum amount of memory required by
+the decoder. The actual maximum amount of memory will depend on how much memory
+the decoder uses to track each blocked stream.
+
+A decoder can limit the amount of state memory used for the dynamic table by
+setting an appropriate value for the maximum size of the dynamic table. In
+HTTP/3, this is realized by setting an appropriate value for the
+QPACK_MAX_TABLE_CAPACITY parameter. An encoder can limit the amount of state
nit: the doc is inconsistent about QPACK_MAX_TABLE_CAPACITY vs SETTINGS_QPACK_MAX_TABLE_CAPACITY. I don't know what the answer is
> +QPACK through the definition of the maximum size of the dynamic table, and the
+maximum number of blocking streams. In HTTP/3, these values are controlled by
+the decoder through the setting parameter QPACK_MAX_TABLE_CAPACITY and
+QPACK_BLOCKED_STREAMS, respectively (see Section
+{{maximum-dynamic-table-capacity}} and {{blocked-streams}}). The limit on the
+size of the dynamic table takes into account both the size of the data stored in
+the dynamic table, plus a small allowance for overhead. The limit on the number
+of blocked streams is only a proxy for the maximum amount of memory required by
+the decoder. The actual maximum amount of memory will depend on how much memory
+the decoder uses to track each blocked stream.
+
+A decoder can limit the amount of state memory used for the dynamic table by
+setting an appropriate value for the maximum size of the dynamic table. In
+HTTP/3, this is realized by setting an appropriate value for the
+QPACK_MAX_TABLE_CAPACITY parameter. An encoder can limit the amount of state
+memory it uses by signaling lower dynamic table size than the decoder allows
```suggestion
memory it uses by signaling a lower dynamic table size than the decoder allows
```
> +{{maximum-dynamic-table-capacity}} and {{blocked-streams}}). The limit on the
+size of the dynamic table takes into account both the size of the data stored in
+the dynamic table, plus a small allowance for overhead. The limit on the number
+of blocked streams is only a proxy for the maximum amount of memory required by
+the decoder. The actual maximum amount of memory will depend on how much memory
+the decoder uses to track each blocked stream.
+
+A decoder can limit the amount of state memory used for the dynamic table by
+setting an appropriate value for the maximum size of the dynamic table. In
+HTTP/3, this is realized by setting an appropriate value for the
+QPACK_MAX_TABLE_CAPACITY parameter. An encoder can limit the amount of state
+memory it uses by signaling lower dynamic table size than the decoder allows
+(see {{eviction}}). A decoder can limit the amount of state memory used for
+blocked streams by setting an appropriate value for the maximum number of
+blocked streams. In HTTP/3, this is realized by setting an appropriate value
+for the QPACK_BLOCKED_STREAMS parameter. An encoder can limit the amount of
nit: QPACK_BLOCKED_STREAMS vs. SETTINGS_QPACK_BLOCKED_STREAMS
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3575#pullrequestreview-393333547
- [quicwg/base-drafts] QPACK security consideration… afrind
- Re: [quicwg/base-drafts] QPACK security considera… Martin Thomson
- Re: [quicwg/base-drafts] QPACK security considera… Lucas Pardue
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… Lucas Pardue
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… Martin Thomson
- Re: [quicwg/base-drafts] QPACK security considera… Mike Bishop
- Re: [quicwg/base-drafts] QPACK security considera… Mike Bishop
- Re: [quicwg/base-drafts] QPACK security considera… Bence Béky
- Re: [quicwg/base-drafts] QPACK security considera… Lucas Pardue
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… afrind
- Re: [quicwg/base-drafts] QPACK security considera… afrind