IETF Logo Mail Archive

Re: [quicwg/base-drafts] Migration before handshake completed is very messy (#2309)

Christian Huitema <notifications@github.com> Mon, 07 January 2019 20:06 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D154C12D7EA for <quic-issues@ietfa.amsl.com>; Mon, 7 Jan 2019 12:06:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wUVFNsmNopei for <quic-issues@ietfa.amsl.com>; Mon, 7 Jan 2019 12:06:03 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1DC312008A for <quic-issues@ietf.org>; Mon, 7 Jan 2019 12:06:02 -0800 (PST)
Date: Mon, 07 Jan 2019 12:06:01 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546891561; bh=jCvfB26nPjBpjB7T30U2r5UcxhlB8uIQYqRtFpb8eEY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Z5FlmuKbGOccLstICCMX3CdmprbtRZTlRjUE3oWtQ4WVKFXbQoXOTnyqzecJRyFDT 72cRSjn+9b6quT5H1gK1o4LtH8KcZdPfwlCXokCIwcl9rOmZs2ABbF1RAMRTCWBNhJ KXtbyE8P63I45u9fOHWzRk/EtEzC4mNkfFHGRpdw=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab6076cc35b09aee5e8fb986591ed84c06de2781d892cf00000001184b732992a169ce179fc90b@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2309/452064161@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2309@github.com>
References: <quicwg/base-drafts/issues/2309@github.com>
Subject: Re: [quicwg/base-drafts] Migration before handshake completed is very messy (#2309)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c33b129ed653_76a83f8d486d45c4314f2"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/OXDDEgvvfmNouFUruG3NmSmHhvo>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 20:06:05 -0000

@DavidSchinazi I think there are two separate issues:

1) There is some fuzziness about what "handshake is finished" actually means. The messiness that we observed in the tests was due to repeating the CFIN handshake packet while engaged in migration. Thinks get much better if the client waits until CFIN is acknowledged.

2) The problem is with server response to NAT Rebinding. Even if the client does not initiate migration, a NAT could decide to change its translation. My take is that both sides should ignore such NAT rebinding before the handshake is finished. That is, have exactly one address pair for the connection and stick to it until handshake done, don't even think of changing midway.

The justification for (2) is that changing addresses mid-handshake in response to NAT rebinding opens an interesting attack surface, with man-on-the-side sending copies of good packets with spoofed IP addresses. Given that actual rebinding just after a mapping is created is pretty rare, chances are that most "rebinding during handshake" will be of the "man on the side" variety. It is more robust to just ignore them.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2309#issuecomment-452064161

v2.23.0 | Report a Bug | By Email