IETF Logo Mail Archive

[quicwg/base-drafts] Initials carrying different first ClientHello are considered as belonging to different connections (#2076)

Kazuho Oku <notifications@github.com> Fri, 30 November 2018 01:48 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F13124408 for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 17:48:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.459
X-Spam-Level:
X-Spam-Status: No, score=-9.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUwaIl5kZ-al for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 17:48:05 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E346B12008A for <quic-issues@ietf.org>; Thu, 29 Nov 2018 17:48:04 -0800 (PST)
Date: Thu, 29 Nov 2018 17:48:03 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543542483; bh=mgcX0JAYiO541ed5hLNLLXYar5LTxd+rfq4Jyaqr+Lw=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=x1DajTsr18fke8LjeG7UJiuie3V2BKjzWxIZMvHKJ45pqwHW1sZxbrQe2E46bqqSj YUCwWvpRkAesBUErLp/z9tOq0PTxL2YctXXMRPnuxtjE0ODYB67UWxwIN/0lc4/2GS YY36X8ZtcR4DInDrLg8WEVRHtYGUH1/5xZ6N0C9k=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab1109b9ebe104c2fc8ad552b0c60db9ec865d417092cf00000001181858d392a169ce1701edfc@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2076@github.com>
Subject: [quicwg/base-drafts] Initials carrying different first ClientHello are considered as belonging to different connections (#2076)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c0096d32deb8_24933fc0250d45c4184845"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/a7tFnthy0uO4jUy9VA7chTEE8nw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 01:48:07 -0000

Based on https://www.ietf.org/mail-archive/web/quic/current/msg05093.html, implements countermeasures to prevent a man-on-the-side attacker disrupting the handshake by sending spoofed packets _to the server_.

The intent of the PR is to give the client (that is willing to pay the cost of complexity) the freehand to complete the handshake thereby establishing a connection even in the case where the attacker sends a spoofed packet to either of or both the endpoints.

Some notes:
* The PR says "SHOULD". This defense does not work for servers that uses zero-length CIDs, so I do not think we need to make it a MUST.
* The PR uses H(ClientHello) to distinguish connections instead of the alternative design suggested by @martinthomson to simply consider every Initial packet that contains a CRYPTO frame starting at offset zero as new connection. The reasoning is that we should better avoid creating multiple connection contexts on the server-side when the RTT is huge that a client sends multiple Initials.
* Adoption of #2053 is a prerequisite. We might want to change that PR to allow dropping individual frames rather than dropping per packet, because in the defense proposed here, the server's Initial that corresponds to the client's legitimate Initial might contain an ACK with an invalid PN. That happens when an attacker successfully races a spoofed packet with an identical CRYPTO frame but with a different PN.
You can view, comment on, or merge this pull request online at:

  https://github.com/quicwg/base-drafts/pull/2076

-- Commit Summary --

  * Initials carrying different first ClientHello are considered as belonging to different connections

-- File Changes --

    M draft-ietf-quic-transport.md (13)

-- Patch Links --

https://github.com/quicwg/base-drafts/pull/2076.patch
https://github.com/quicwg/base-drafts/pull/2076.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2076

v2.23.0 | Report a Bug | By Email