[quicwg/base-drafts] 316f7f: Fix for off-path migration attack
Martin Thomson <martin.thomson@gmail.com> Wed, 21 November 2018 06:13 UTC
Return-Path: <bounce+565321.40f-quic-issues=ietf.org@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7E212D4EA for <quic-issues@ietfa.amsl.com>; Tue, 20 Nov 2018 22:13:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mQXMVVARsRf for <quic-issues@ietfa.amsl.com>; Tue, 20 Nov 2018 22:13:19 -0800 (PST)
Received: from m69-170.mailgun.net (m69-170.mailgun.net [166.78.69.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D2E71277BB for <quic-issues@ietf.org>; Tue, 20 Nov 2018 22:13:19 -0800 (PST)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=github.com; q=dns/txt; s=mailo; t=1542780797; h=Content-Transfer-Encoding: Content-Type: Mime-Version: Subject: Message-ID: To: Reply-To: From: Date: Sender; bh=kp9s34kyAKz2qaXupxpsYwPJu3ntj6RLB4DnOKB4mZY=; b=dbJ3hVDrwD+AQPRO+REV1Uo3xXEiNCvRZJ/q3bilr7x0f0ZgME8bUGVWSGzn1/UvW9di2aTV WFzZ0KWIGB6CwAdenq5VCUhgUvRmNQh0O7pkbqoSEWWzzQyuEEOhnSkz8CMWP93qN4FNgizo snOuIPXnI2AqIj4RSmV+1+xR7Vw=
X-Mailgun-Sending-Ip: 166.78.69.170
X-Mailgun-Sid: WyJhNzYyYiIsICJxdWljLWlzc3Vlc0BpZXRmLm9yZyIsICI0MGYiXQ==
Sender: martin.thomson=gmail.com@github.com
Received: from github.com (Unknown [192.30.252.35]) by mxa.mailgun.org with ESMTP id 5bf4f77d.7f9e4c03f630-smtp-out-n03; Wed, 21 Nov 2018 06:13:17 -0000 (UTC)
Date: Tue, 20 Nov 2018 22:13:17 -0800
From: Martin Thomson <martin.thomson@gmail.com>
Reply-To: Martin Thomson <martin.thomson@gmail.com>
To: quic-issues@ietf.org
Message-ID: <5bf4f77d63d12_7912add8380a58051146@hookshot-fe-d252ca1.cp1-iad.github.net.mail>
Subject: [quicwg/base-drafts] 316f7f: Fix for off-path migration attack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="--==_mimepart_5bf4f77d63937_7912add8380a58051026"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/biV4TWngi4hyDhC0s33gUVEc31o>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 06:13:20 -0000
Branch: refs/heads/migration-fix Home: https://github.com/quicwg/base-drafts Commit: 316f7f1313bd89656f467f036916047fbc45a182 https://github.com/quicwg/base-drafts/commit/316f7f1313bd89656f467f036916047fbc45a182 Author: Martin Thomson <martin.thomson@gmail.com> Date: 2018-11-21 (Wed, 21 Nov 2018) Changed paths: M draft-ietf-quic-transport.md Log Message: ----------- Fix for off-path migration attack This is not an easy attack to defend against, except for probabilistically. So what we do is recommend more probing on old paths to give the endpoint that is apparently migrating more opportunities to cause the connection to migrate away from the path chosen by an attacker. I've tweaked surrounding text a little. The most interesting being the 3RTO timer on path validation. It's not the right number, but I don't think that the right number is attainable, and this is close enough. This text isn't final. I'd like it to be more accurate AND shorter, but lack the skills and perspective. Closes #1278, #1749. **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
- [quicwg/base-drafts] 316f7f: Fix for off-path mig… Martin Thomson