[quicwg/base-drafts] 481a7b: Avoid attack on address validation during connecti...
Martin Thomson <martin.thomson@gmail.com> Wed, 23 August 2017 01:50 UTC
Return-Path: <bounce+565321.40f-quic-issues=ietf.org@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2F2713271E for <quic-issues@ietfa.amsl.com>; Tue, 22 Aug 2017 18:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.798
X-Spam-Level:
X-Spam-Status: No, score=-0.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com; domainkeys=pass (1024-bit key) header.sender=martin.thomson=gmail.com@github.com header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TbtcjV9hF-xC for <quic-issues@ietfa.amsl.com>; Tue, 22 Aug 2017 18:50:02 -0700 (PDT)
Received: from m69-169.mailgun.net (m69-169.mailgun.net [166.78.69.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 807D21321BE for <quic-issues@ietf.org>; Tue, 22 Aug 2017 18:50:02 -0700 (PDT)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=github.com; q=dns/txt; s=mailo; t=1503453001; h=Content-Transfer-Encoding: Content-Type: Mime-Version: Subject: Message-ID: To: Reply-To: From: Date: Sender; bh=GIMywkXSlNLl16Lx+0o5P4njtMSM3ujEBn0t2LplPx8=; b=cX8/AS7YB2PWOJDy0J6pSDK73dKyrxE14u9b2vtjwOjKZ58ZUj2HGkt3/h9VdeI+BuHfVKFM 4JwBFus6+YYKc+8REBSDBWghAuikQ39iB8GDsbKmkjXEC4XXhC1clTDZZUVMUKH8R8W0XD8j vsjs6Z7n+vK3lrqYKFHYJ0hYUr4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=github.com; s=mailo; q=dns; h=Sender: Date: From: Reply-To: To: Message-ID: Subject: Mime-Version: Content-Type: Content-Transfer-Encoding; b=fPmVK1X/fs3BVNmEWoQTOn40obuv2YAdpNAHS/vOwernmYtKNU0lmpTmUOTO6ynSW5kPne 9WqCkwuxhtndEtfRaAd14v1uLcgtFPckuO5Yg1ffRzip3ESqKYNopuhDnX1SRCCIG1cqVXru aykxDnfF0aQ5mp0mgrmF6KLaYSJkE=
Sender: martin.thomson=gmail.com@github.com
X-Mailgun-Sending-Ip: 166.78.69.169
X-Mailgun-Sid: WyJhNzYyYiIsICJxdWljLWlzc3Vlc0BpZXRmLm9yZyIsICI0MGYiXQ==
Received: from github.com (Unknown [192.30.252.40]) by mxa.mailgun.org with ESMTP id 599cdf49.7f8349d84120-smtp-out-n03; Wed, 23 Aug 2017 01:50:01 -0000 (UTC)
Date: Tue, 22 Aug 2017 18:50:01 -0700
From: Martin Thomson <martin.thomson@gmail.com>
Reply-To: Martin Thomson <martin.thomson@gmail.com>
To: quic-issues@ietf.org
Message-ID: <599cdf4974d65_515e3feb7a559c2c1261ea@hookshot-fe6-cp1-prd.iad.github.net.mail>
Subject: [quicwg/base-drafts] 481a7b: Avoid attack on address validation during connecti...
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="--==_mimepart_599cdf4974983_515e3feb7a559c2c1260e3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/I_xRl7FNAKGtHSEaqbAyrcipImA>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 01:50:05 -0000
Branch: refs/heads/mots-migration Home: https://github.com/quicwg/base-drafts Commit: 481a7b5bfc24e9b11ea9dc1cbee1ad96975c10d4 https://github.com/quicwg/base-drafts/commit/481a7b5bfc24e9b11ea9dc1cbee1ad96975c10d4 Author: Martin Thomson <martin.thomson@gmail.com> Date: 2017-08-23 (Wed, 23 Aug 2017) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Avoid attack on address validation during connection migration The attack here is that an attacker might duplicate a legitimate packet and send that packet from an invalid address such that it arrives before the real copy. That causes the recipient to think that there was a connection migration. They will attempt to validate that address and this will fail. The connection is then closed. The fix is to cause a migration back to the original, legitimate address. For this to work, you need two things: 1. when a migration happens, abandon any validation on the old address on the expectation that it will fail 2. when a migration happens, make sure that you try to trigger packets from the old address first For the second point, I decided to mandate address validation, rather than an ordinary PING. The reason being that you have to retransmit the packet on that path and I doubt that implementations will want to have two sets of special machinery for transmiting - and retransmitting - frames on a specific path. Maybe this is too much of a constraint on implementations, so I'd like to hear from people about whether they would prefer a more generic requirement (send any packet that demands acknowledgment would work, it doesn't even have to be the same packet every time, though the usual situation will be that the packet will be lost, so you probably don't want to send anything important).
- [quicwg/base-drafts] 481a7b: Avoid attack on addr… Martin Thomson