IETF Logo Mail Archive

Re: [quicwg/base-drafts] Avoid attack on address validation during connection migration (#746)

Martin Thomson <notifications@github.com> Wed, 23 August 2017 04:59 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9463126E64 for <quic-issues@ietfa.amsl.com>; Tue, 22 Aug 2017 21:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.798
X-Spam-Level:
X-Spam-Status: No, score=-4.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GM4-OAPzHDGe for <quic-issues@ietfa.amsl.com>; Tue, 22 Aug 2017 21:59:24 -0700 (PDT)
Received: from o6.sgmail.github.com (o6.sgmail.github.com [192.254.113.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B40F132320 for <quic-issues@ietf.org>; Tue, 22 Aug 2017 21:59:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=NH74M9/hhfeF8BLtsjFliWilMrU=; b=AuBw8Vl1m1eqx+q2 4VaqUuMvSQTotaVpLPaAWB0660dQovhFocjvqSX2JNfFxi66o2LfUwGfd79oE/9Z if+D+Vyq/ve2PPguIhX/2D61qw0SWgz8mFYvywUOZSjqCytC/ZC8As9OrvyDzzmt jXKtMw4aZofE3e8mxsD1xPUuXec=
Received: by filter0814p1mdw1.sendgrid.net with SMTP id filter0814p1mdw1-4787-599D0BA8-B 2017-08-23 04:59:20.254316275 +0000 UTC
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2b-ext-cp1-prd.iad.github.net [192.30.253.17]) by ismtpd0031p1mdw1.sendgrid.net (SG) with ESMTP id hPImBAFGTuqR9cNQwMzrHw for <quic-issues@ietf.org>; Wed, 23 Aug 2017 04:59:20.215 +0000 (UTC)
Date: Wed, 23 Aug 2017 04:59:20 +0000
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab5573c44e7aae43dd5d58eed0d37e49ffbbaad05b92cf0000000115b4cda792a169ce0f074cba@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/746/c324221300@github.com>
In-Reply-To: <quicwg/base-drafts/pull/746@github.com>
References: <quicwg/base-drafts/pull/746@github.com>
Subject: Re: [quicwg/base-drafts] Avoid attack on address validation during connection migration (#746)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_599d0ba7e3254_7cb73faf7ab71c2c500f5"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak1DRsHlBLxlIQ0iGrK27oXCFsVjhUYan965/R FTN0ELp5tbkgUdIyVWJG6iRRBtVg/c/7cR1ONpi7rm/XUx6zeM2S4WHKHFADKn9S+H7H4cuRwA0euj ga2qcmij9Ks9KAaeWKtQqYAWnZWHoY3oxCch1BgUChghS81EzyRih7fVlIcZUxAEuemMJOvJkZ3FYO g=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/c3hrs-AvNECUKbLy_zhD31EExqQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 04:59:26 -0000

I missed something... If the attacker can reliably win the race, then increasing the rigour of the source address validation won't fix that problem.  You need to have to have the client in the loop somehow, and you can't just tell the client that it moved.  Otherwise, this forwarding attack that you describe looks no different to a NAT rebinding (which is a situation we want to permit).

The primary concern here is that the attacker just put themselves on-path, right?  It's tempting to shrug and not worry about this one.  The performance of that path is clearly uniformly better than that of the old path and the address can't be spoofed or the bidirectional forwarding wouldn't work.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/746#issuecomment-324221300

v2.45.0 | Report a Bug | By Email | System Status