IETF Logo Mail Archive

Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)

Christian Huitema <notifications@github.com> Wed, 08 May 2019 04:02 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 595D1120052 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 21:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.464
X-Spam-Level:
X-Spam-Status: No, score=-6.464 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dijM8FVAQNYd for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 21:02:43 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CD8120006 for <quic-issues@ietf.org>; Tue, 7 May 2019 21:02:43 -0700 (PDT)
Date: Tue, 07 May 2019 21:02:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1557288161; bh=Pua39qEqdOYVlQCc8zsHBV2msdcxRlM3h+cjCIzKTQ4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=LmJj6Hrs3LJ+EfRBvnJz1N1PBNRh60QtF5jJTphWXH88a6iPlhjTh4e51XKdHv+75 bYtubVlOqPEhN7CpRiD52jJPJCql9rv+FP3DQSqRIfkjXZAn8nO3VbUDe6jjDWUhjc UxwV8HoSHMY7lkkyoJfXrIl9SRzpLkBb6k0fpU7k=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK27LGFNOZYPQQT7HGV236DWDEVBNHHBPH547M@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2308/490338752@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2308@github.com>
References: <quicwg/base-drafts/issues/2308@github.com>
Subject: Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd254e1e10dc_40473fcb8d8cd960379927"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/hpinD6DCGhWSmNUR7vX2i4pQnlM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 04:02:45 -0000

I am a bit worried when I hear suggestions of disabling coalescing with different encryption level. Initial(CH) + 0RTT is fairly common, and useful. So is Initial(SH) + handshake, Initial(ACK) + Handshake(ACK), or Handshake(Finished) + 1RTT. Yes, I can see attacks with "Christmas tree" packets containing too many coalesced segments. But mitigation is obvious -- implementations are free to drop packets for whatever reason. In the rare cases of false positive, when the funny coalesced packet is not in fact an attack, the peer will just resend after at time out.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2308#issuecomment-490338752

v2.23.0 | Report a Bug | By Email