IETF Logo Mail Archive

Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)

Kazuho Oku <notifications@github.com> Mon, 24 June 2019 02:23 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FA8B1200F1 for <quic-issues@ietfa.amsl.com>; Sun, 23 Jun 2019 19:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.1
X-Spam-Level:
X-Spam-Status: No, score=-6.1 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hdt0mljxasIf for <quic-issues@ietfa.amsl.com>; Sun, 23 Jun 2019 19:23:47 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 061E7120033 for <quic-issues@ietf.org>; Sun, 23 Jun 2019 19:23:47 -0700 (PDT)
Date: Sun, 23 Jun 2019 19:23:45 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1561343025; bh=IgdDF8aP51aSsZNfm50/AIl0Yemir1TF2/ThZGY47A0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=I2Sa0UCav9gDtWbAaJBDgtaKWqa7m+7CfT7O1dMGzTsUAbGSdHPWaN3GQRMPy96qR iIQGpgbY9VwzrDq7iWaUjkZelWB39jtaFXIum3bl/RKwq1cfZwBp7lSbREJdOUzfp1 rBFVqZOx5pKIOE17W9CYnY/cowm1P3EEdoMHUV2o=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYXBHK76VE6G4EBFON3DVTLDEVBNHHBWZGHNE@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2834/504827612@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2834@github.com>
References: <quicwg/base-drafts/issues/2834@github.com>
Subject: Re: [quicwg/base-drafts] Long Header Packets and Routing Connection IDs (#2834)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d1034311f7cc_2a733ff7c02cd95c60881e"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/RHjGSpNL8MfJNl3nDmqXhK_or14>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 02:23:48 -0000

@ianswett 
> I think there are two obvious designs here, though there may be more:
> 
> 1. Change the CID routing based on packet type (Nick's suggestion above)

I do not think that this is a viable design.

An attacker controls both the client tuple and the initial CID. A stateless load balancer has to have the capability to change the CID, otherwise, it cannot balance the load between the servers running behind.

> 2. Use 5-tuple routing for all long header packets(Because 5-tuple can't change during the handshake) and CID routing after that.

Actually, there's a third design, that is possible under the current specification (and IIRC that multiple stacks already implement).

As @marten-seemann points out, a server can use authenticate the CID, to tell at a very high probability if a CID was generated by the server. Initial / 0-RTT packets that contain an authenticated CID is passed to the corresponding backend server (or the corresponding pthread). Initial / 0-RTT packets that do not are considered as new connections.

When not under attack, packets with CIDs that do not authenticate are routing using the 5-tuple. Servers will generate authenticated CIDs that route to themselves. Therefore, all the Initial and 0-RTT packets reach the correct backend.

When under attack, 0-RTT is disabled / dropped. Initial packets carrying CIDs that do not authenticate are distributed to the backends using an algorithm that the load balancer selects. Initial packets that carry CIDs that authenticate are routed to the corresponding servers. While it is true that routing of a tiny portion of Initial packets is not controlled by the load balancer, it is fine assuming that the CID encryption key is unknown to the attacker.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2834#issuecomment-504827612

v2.23.0 | Report a Bug | By Email