Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
MikkelFJ <notifications@github.com> Thu, 03 January 2019 23:34 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A02131379 for <quic-issues@ietfa.amsl.com>; Thu, 3 Jan 2019 15:34:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8IN4BJaqu2m for <quic-issues@ietfa.amsl.com>; Thu, 3 Jan 2019 15:34:15 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5917A130DE5 for <quic-issues@ietf.org>; Thu, 3 Jan 2019 15:34:15 -0800 (PST)
Date: Thu, 03 Jan 2019 15:34:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546558454; bh=S/1jJepn/ZC0fY5VaaEu9PSmou6zv7F+ofPMGVFGUFs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=icdW3SepSTn9OrtGVtUWhqVsj9XnFSP0hYtAdq/CmjwJfRkRLqUVQWHxB7uXF6Kku in72BlCsVwvDDZtSkUvunWabRSZWoW9+MjC27wqliR29o2rDrtURZCjvRqUjfElfDQ 4pw/slWI30lPv+KqNlR/x00vw8YlZNmXiTRFtL9w=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc780e22b9fd53456f05f7d2ebbec3f7b0f67f14092cf0000000118465df692a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/451312132@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c2e9bf63e950_5d4b3fded30d45c061728"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/VMQe5o6gjL0SPstsLEXcowG0vRk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2019 23:34:17 -0000
@DavidSchinazi even if there is no strict ordering, there is still coordination. And reading you text verbatim you also require the first Reset / VN triggering packet to win. For the sake of argument assume packets were coalesced in the general case. A single preprocessor locates packet boundaries and pushes each packet to a queue handled by several processing units which picks a packet whenever it is available for processing. Suddenly one of these processors wants to emit a Reset. It then has to signal all other processors that they should stop doing what they are doing if they happen to be processing the same datagram. Furthermore, the processor must figure out if there is another processor also wanting to send a VN or Reset on the same datagram, and if so, if it is earlier in the datagram such that the correct winner can be identified. In praxis such complexity would not be implemented as long as coalescing only happens during handshake, but it illustrates that ordering constraints are difficult when introducing concurrency in processing. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2259#issuecomment-451312132
- [quicwg/base-drafts] amplification attack using R… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Dmitri Tikhonov
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] amplification attack usi… janaiyengar