Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Marten Seemann <notifications@github.com> Thu, 27 December 2018 16:41 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F11A130DC6 for <quic-issues@ietfa.amsl.com>; Thu, 27 Dec 2018 08:41:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.447
X-Spam-Level:
X-Spam-Status: No, score=-6.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EyXQelTjWUWn for <quic-issues@ietfa.amsl.com>; Thu, 27 Dec 2018 08:41:47 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B019C12DDA3 for <quic-issues@ietf.org>; Thu, 27 Dec 2018 08:41:47 -0800 (PST)
Date: Thu, 27 Dec 2018 08:41:46 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1545928906; bh=4irdzdql9SZ/6AhpCh1gshkPMouAI4zXxu+s5vVKSa4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Gc4auCNXiB51JZb564yeEEjDo7Vqsu7IUz0uZrh3+1Oxcan7hU9qOi1yuHvGmb1pt I6iGhkTfUkOyAPhF3MmFnkligvt1Mj5YJ7WPqiUtAXzk9tF6VL4AIlPLi6Orrd2Rmr KwE2TsjGGUUvWcs5Wd0w1iMZPiUWskx0mvbhjL8Y=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abe4776cd75c361407f9aab27f12e3bd5a38aa9b4492cf00000001183cc2ca92a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/450187401@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c2500cadf3a5_5caa3f93d74d45b8137881f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/gtdD1HlTP2_qcjJTfAyeaeCE-Qs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2018 16:41:50 -0000
If we want to forbid that behavior, there's no need to coalesce two QUIC packets with the same encryption level. Maybe an easy fix would be prohibit that in general. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2259#issuecomment-450187401
- [quicwg/base-drafts] amplification attack using R… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Dmitri Tikhonov
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… ianswett
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] amplification attack usi… janaiyengar