Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
Kazuho Oku <notifications@github.com> Fri, 01 February 2019 13:30 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A507127598 for <quic-issues@ietfa.amsl.com>; Fri, 1 Feb 2019 05:30:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Level:
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYMSiPKJPmKT for <quic-issues@ietfa.amsl.com>; Fri, 1 Feb 2019 05:30:31 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 687C7127133 for <quic-issues@ietf.org>; Fri, 1 Feb 2019 05:30:31 -0800 (PST)
Date: Fri, 01 Feb 2019 05:30:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1549027830; bh=bQMwdqCz+0fFsbOnWLxCDSNqMH97stZlnpaCCjDPeAA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=n2qeQ++VmbBHYyvMK74Vj4O37uLG1iaa07tpO2Yo6wz1iLlJT2/gM7y88kMsfvcta 0WQTgn7q8fLy6mnbHfoNZOukWyoBCWG0KhcogneJ+XkTCMMg/w9KHTtQzbQ4uwDgqV Yn8UjNr8xvSTSNtALV9X/RBFuyDPj/MKN+Bei/Q8=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab350faca1beaedfbb296d0678f3bff8e0549dec0092cf00000001186c0bf692a169ce1823c7c2@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2394/459722927@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2394@github.com>
References: <quicwg/base-drafts/issues/2394@github.com>
Subject: Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5449f638656_34653fa37d2d45b48732"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Shpd0rTWQjxcE6b7y4xmd0C3-To>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 13:30:33 -0000
> So the conclusion is that you cannot do anything about it in v1. There isn't even much reason to strongly prevent token reuse since only path observers can reuse it, and they have powers anyway. We cannot do anything in any version of QUIC to prevent a MOTS attacker from spoofing an address, because an IP address is never authenticated. From an endpoint's view, it is impossible to tell whether if it's talking with the legitimate owner of IP address X or if it's talking with somebody spoofing address X. OTOH, as I pointed out in https://github.com/quicwg/base-drafts/issues/2394#issuecomment-459700403, we might want to prohibit a token from being used to create multiple connections. This is because one of the use-case of Retry tokens is to limit costly TLS handshake operations to connection establish attempts that have proved (probabilistically) to own the IP address (by responding to the Retry). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2394#issuecomment-459722927
- [quicwg/base-drafts] Spoofed retry token attack o… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Martin Thomson
- Re: [quicwg/base-drafts] Spoofed retry token atta… ekr
- Re: [quicwg/base-drafts] Spoofed retry token atta… Jana Iyengar