Re: [quicwg/base-drafts] IP restrictions on Tokens makes them of limited use for non-anycast DNS load balancing (#4076)
ianswett <notifications@github.com> Tue, 08 September 2020 00:43 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE983A053F for <quic-issues@ietfa.amsl.com>; Mon, 7 Sep 2020 17:43:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.555
X-Spam-Level:
X-Spam-Status: No, score=-1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJh6-JLPpNCH for <quic-issues@ietfa.amsl.com>; Mon, 7 Sep 2020 17:43:48 -0700 (PDT)
Received: from out-18.smtp.github.com (out-18.smtp.github.com [192.30.252.201]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83AE53A0529 for <quic-issues@ietf.org>; Mon, 7 Sep 2020 17:43:48 -0700 (PDT)
Received: from github-lowworker-ca235ff.ash1-iad.github.net (github-lowworker-ca235ff.ash1-iad.github.net [10.56.110.15]) by smtp.github.com (Postfix) with ESMTP id CE62F340CF8 for <quic-issues@ietf.org>; Mon, 7 Sep 2020 17:43:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1599525827; bh=bBDoLnQzEI+7RRXq/V6jFN6OnrHEj9TPLBL6PzYMypY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FE0ZG0MElJ9tCROxcOImYlqTZtKrJGJL2yH09M1740w15j3Wz2n8H9+/HCPrtRnMV 1jOAdXEmDWSVg6Ztyn3LqA/WjvpXUsBs04zWxTb9DPX1IJHvwVfiAalbt6DwVwYhDm iIlmOLCLgZy66qaOlook3rQxZ70tJyHYgJpKwTPw=
Date: Mon, 07 Sep 2020 17:43:47 -0700
From: ianswett <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK7S7ZGHNEI4RTNYFYN5MK2MHEVBNHHCS4WOJ4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/4076/688556968@github.com>
In-Reply-To: <quicwg/base-drafts/issues/4076@github.com>
References: <quicwg/base-drafts/issues/4076@github.com>
Subject: Re: [quicwg/base-drafts] IP restrictions on Tokens makes them of limited use for non-anycast DNS load balancing (#4076)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f56d3c3bdead_5f6319f0791219"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/NFaQB03lJJV_g5q5WQfkJ768ww4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 00:43:50 -0000
On the email thread, I suggested changing the restriction to something like "MUST NOT use tokens from one RFC address space in a different one.", but @martinthomson said that people setup vulnerable servers on public internet addresses. The key to SSRF is that one peer has a privilege that the other peer does not, but if it's a public address, couldn't either peer send traffic to the address without any clever use of another QUIC peer? Address spoofing isn't trivial, but it's certainly possible in some cases, so anyone only relying on peer IP address would already be vulnerable, so I'm not grasping how QUIC is making this worse for public IPs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/4076#issuecomment-688556968
- [quicwg/base-drafts] IP restrictions on Tokens ma… ianswett
- Re: [quicwg/base-drafts] IP restrictions on Token… ianswett
- Re: [quicwg/base-drafts] IP restrictions on Token… Martin Thomson
- Re: [quicwg/base-drafts] IP restrictions on Token… Jana Iyengar
- Re: [quicwg/base-drafts] IP restrictions on Token… Martin Thomson
- Re: [quicwg/base-drafts] IP restrictions on Token… Martin Thomson
- Re: [quicwg/base-drafts] IP restrictions on Token… Lars Eggert
- Re: [quicwg/base-drafts] IP restrictions on Token… Lars Eggert