IETF Logo Mail Archive

Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)

Kazuho Oku <notifications@github.com> Wed, 20 June 2018 22:49 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8A88130E2F for <quic-issues@ietfa.amsl.com>; Wed, 20 Jun 2018 15:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvUH_UmSlH5a for <quic-issues@ietfa.amsl.com>; Wed, 20 Jun 2018 15:49:29 -0700 (PDT)
Received: from out-6.smtp.github.com (out-6.smtp.github.com [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE3C71277BB for <quic-issues@ietf.org>; Wed, 20 Jun 2018 15:49:28 -0700 (PDT)
Date: Wed, 20 Jun 2018 15:49:27 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529534968; bh=kFbMCL86GkDuyId4xKB1jsZYFZNRHiqqVu9z0Z2BSRM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TKuBHnTRSUtHpSCXi0MXFohsemjowWbXREqL3gpCjsWsAEOFnTQvW55dcBdO1NXc1 py0joDFIo6OVdnsKNzN33MCTGKDMAVtzq3yi9Sb6x8D3RhgI99OGnDVALROvunWY1F 7POSBOcmalp0WW/Um8B8WP+d456I1Ni6Ca9LpQs8=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab4333b4da6f6bd846a5b79121f83e51934d137d6792cf0000000117429bf792a169ce13d69366@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1451/398921875@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1451@github.com>
References: <quicwg/base-drafts/issues/1451@github.com>
Subject: Re: [quicwg/base-drafts] Looping with multiple Retry packets (#1451)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b2ad9f7f20e7_43202b1c99f3cf6013395b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/bv1OnaroTDp7e5T8V10YuvNp920>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 22:49:31 -0000

@ianswett:
> Related question: What CID is the client deriving the key for INITIAL packets from? I was thinking all INITIAL packets used the same key, but if the terminal server may not have seen the client's first DCID, that doesn't work unless the original DCID is put somewhere the final server can read in the token.

This is an interesting question.

If we are to permit running DOS mitigation devices that do not share some secrets with the servers, we would be required to state that the Initial keys would match to the DCID field of the Initial packet that carries the first ClientHello.

However, I am not sure if that is the right path forward, because defining such behavior would mean that somebody else can setup a middlebox that sets the Initial key to the same value for all connections that it sees (e.g., by sending a Retry with SCID field of `0000000000000000` for all connections), effectively nullifying the merit of having obfuscation.

Admittedly, this kind of attack can only be applied to server deployments that does not validate the token field generated by an on-path device (e.g., by sharing the secret between the DoS mitigation device and the server).

But my question is: do we want to even allow such server deployments to be set up?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1451#issuecomment-398921875

v2.23.0 | Report a Bug | By Email