IETF Logo Mail Archive

Re: [quicwg/base-drafts] Stateless Reset needs "on-path" proof (#1230)

Martin Thomson <notifications@github.com> Tue, 10 April 2018 05:11 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041E512D94F for <quic-issues@ietfa.amsl.com>; Mon, 9 Apr 2018 22:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.008
X-Spam-Level:
X-Spam-Status: No, score=-3.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbaekSavh4oL for <quic-issues@ietfa.amsl.com>; Mon, 9 Apr 2018 22:11:35 -0700 (PDT)
Received: from o7.sgmail.github.com (o7.sgmail.github.com [167.89.101.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF44E12D948 for <quic-issues@ietf.org>; Mon, 9 Apr 2018 22:11:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=kKS4n2hQkORoAT8mEDKJEytx678=; b=Q6fsxZu3Gyc0l5/H ft685zWXMCae++4eDp1s+jTJvkxyOmbXpwY+WGTZEGGht8mdkX6o3021ly/UFghY 82BX/hyFKNS29OeJND1nkixUYwfCCZvtphLZem7v7heHj0TcvioAsetwipcTUllj tDxCZiCWzVHU0zCUrQgx/EV4aog=
Received: by filter0521p1las1.sendgrid.net with SMTP id filter0521p1las1-7985-5ACC4785-5 2018-04-10 05:11:33.394567095 +0000 UTC
Received: from smtp.github.com (out-1.smtp.github.com [192.30.252.192]) by ismtpd0021p1iad2.sendgrid.net (SG) with ESMTP id dMg0OaC7QbqDjEyiXt4sFQ for <quic-issues@ietf.org>; Tue, 10 Apr 2018 05:11:33.306 +0000 (UTC)
Date: Tue, 10 Apr 2018 05:11:33 +0000
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abc7625ff36382d3b5081ec6ebeaf498a5c4dbdd4992cf0000000116e4098592a169ce12414b9e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1230/379975845@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1230@github.com>
References: <quicwg/base-drafts/issues/1230@github.com>
Subject: Re: [quicwg/base-drafts] Stateless Reset needs "on-path" proof (#1230)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5acc47853cd39_367a2ae7828f8ed4217980"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2W7Z+ak5y7kpQt88XglPMJe3Sul4itoVL4Mt AehhLIldP+dCTgyiUl/VEO6czRNznRnIKSoDQk7IcHnN/lJ9OW/rENa6gyKhGvKqkeDX2AlHKlxAv5 HSYkyDaSDwjysJEbZDnmbCJD6JKAhL4PCrXxqPMZGtNxFmmfBGMoefp+L9KfrXBkZDgv92kMWL9tC4 k=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/ciz5S_PA5WdCd7PZ8rzF30vDlwg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 05:11:37 -0000

Yeah, I don't think that path rejection is going to work that well. Packets that arrive at a POP that doesn't have access to a state store will either enter a black-hole (if they know about the connection ID, in which case it will be dropped after packet protection removal fails), or generate a stateless reset.  More of the latter as connection IDs get longer and more sparse.

That's what makes me think that we need some sort of verification of intent in addition to a token.  A routing flap, misconfiguration, or attack might cause a storm of stateless resets that might be reusable by an attacker.  Adding a liveness check is probably a good idea to avoid that.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1230#issuecomment-379975845

v2.38.3 | Report a Bug | By Email | System Status