Re: [quicwg/base-drafts] 5tuple routing (#3536)

Kazuho Oku <notifications@github.com> Thu, 26 March 2020 04:46 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5E443A08F3 for <quic-issues@ietfa.amsl.com>; Wed, 25 Mar 2020 21:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmpTu_vT012b for <quic-issues@ietfa.amsl.com>; Wed, 25 Mar 2020 21:46:27 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1851A3A0811 for <quic-issues@ietf.org>; Wed, 25 Mar 2020 21:46:26 -0700 (PDT)
Received: from github-lowworker-28f8021.ac4-iad.github.net (github-lowworker-28f8021.ac4-iad.github.net [10.52.25.98]) by smtp.github.com (Postfix) with ESMTP id DD6DC96074A for <quic-issues@ietf.org>; Wed, 25 Mar 2020 21:46:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1585197985; bh=gSQjbVQVN1ZTg8Y1OnREOKeQ0fFNMszuTKFQL3NBVK0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EwcyNdxuULa8e8jKKijuxhH4EMzWzzHHZ6P9UbvCS0NXUeD2oMFpkb9C7qLZW3fH3 +kdaRikjT8+7cNniFaU3k42sUUZqwLk7saK7bvraEB3cHQnApEnxmsvbF0siTApb8C BUmROie6qFUp9YYajox8L1HXrynBECAeXVfmMsW0=
Date: Wed, 25 Mar 2020 21:46:25 -0700
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6DFJBBF53L3BB3NUV4RAKKDEVBNHHCFYX2PM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3536/review/381699564@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3536@github.com>
References: <quicwg/base-drafts/pull/3536@github.com>
Subject: Re: [quicwg/base-drafts] 5tuple routing (#3536)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e7c33a1cfa4f_339f3f7f2c2cd9641130a6"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/Sk-80ckTX37au-n-7LbyNpW8u9Q>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 04:46:29 -0000

@kazuho commented on this pull request.



> +thus support changing client IP addresses without difficulty.
+
+If a server does not implement one of the solutions above, it SHOULD send the
+disable_active_migration transport parameter to inform the client that any
+address change is likely to terminate the connection, which can lead it to use
+strategies to avoid NAT rebinding or terminate connections when its IP address
+changes.
+
+Regardless of other mitigations, servers behind 5-tuple routing MUST do one of
+the following to avoid creating a Reset Oracle ({{reset-oracle}}):
+
+* not send Stateless Reset under any circumstances, or
+* use a different Stateless Reset Token key than other servers, or
+* encode the client IP address and port in the Stateless Reset token. If using
+the preferred_address transport parameter, the token must also encode the
+preferred address.

@martinduke Thank you for the changes. This is better.

I would not argue against having a list, however I am still uncomfortable of this being a exhaustive list (i.e. "MUST do one of ..).

To give an example that is missing, it is safe for all the servers to share the key, assuming that they encode the server ID (that would be unique to each server) to the Stateless Reset Token.

Just giving an example of some feasible design would be much better, though by doing so, this paragraph might become a repetition of {{reset-oracle}}.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3536#pullrequestreview-381699564