Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)

Kazuho Oku <> Fri, 01 February 2019 13:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3A507127598 for <>; Fri, 1 Feb 2019 05:30:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HYMSiPKJPmKT for <>; Fri, 1 Feb 2019 05:30:31 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 687C7127133 for <>; Fri, 1 Feb 2019 05:30:31 -0800 (PST)
Date: Fri, 01 Feb 2019 05:30:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1549027830; bh=bQMwdqCz+0fFsbOnWLxCDSNqMH97stZlnpaCCjDPeAA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=n2qeQ++VmbBHYyvMK74Vj4O37uLG1iaa07tpO2Yo6wz1iLlJT2/gM7y88kMsfvcta 0WQTgn7q8fLy6mnbHfoNZOukWyoBCWG0KhcogneJ+XkTCMMg/w9KHTtQzbQ4uwDgqV Yn8UjNr8xvSTSNtALV9X/RBFuyDPj/MKN+Bei/Q8=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2394/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5449f638656_34653fa37d2d45b48732"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Feb 2019 13:30:33 -0000

> So the conclusion is that you cannot do anything about it in v1. There isn't even much reason to strongly prevent token reuse since only path observers can reuse it, and they have powers anyway.

We cannot do anything in any version of QUIC to prevent a MOTS attacker from spoofing an address, because an IP address is never authenticated. From an endpoint's view, it is impossible to tell whether if it's talking with the legitimate owner of IP address X or if it's talking with somebody spoofing address X.

OTOH, as I pointed out in, we might want to prohibit a token from being used to create multiple connections. This is because one of the use-case of Retry tokens is to limit costly TLS handshake operations to connection establish attempts that have proved (probabilistically) to own the IP address (by responding to the Retry).

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: