Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Christian Huitema <notifications@github.com> Wed, 08 May 2019 04:02 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 595D1120052 for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 21:02:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.464
X-Spam-Level:
X-Spam-Status: No, score=-6.464 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dijM8FVAQNYd for <quic-issues@ietfa.amsl.com>; Tue, 7 May 2019 21:02:43 -0700 (PDT)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CD8120006 for <quic-issues@ietf.org>; Tue, 7 May 2019 21:02:43 -0700 (PDT)
Date: Tue, 07 May 2019 21:02:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1557288161; bh=Pua39qEqdOYVlQCc8zsHBV2msdcxRlM3h+cjCIzKTQ4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=LmJj6Hrs3LJ+EfRBvnJz1N1PBNRh60QtF5jJTphWXH88a6iPlhjTh4e51XKdHv+75 bYtubVlOqPEhN7CpRiD52jJPJCql9rv+FP3DQSqRIfkjXZAn8nO3VbUDe6jjDWUhjc UxwV8HoSHMY7lkkyoJfXrIl9SRzpLkBb6k0fpU7k=
From: Christian Huitema <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK27LGFNOZYPQQT7HGV236DWDEVBNHHBPH547M@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2308/490338752@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2308@github.com>
References: <quicwg/base-drafts/issues/2308@github.com>
Subject: Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5cd254e1e10dc_40473fcb8d8cd960379927"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/hpinD6DCGhWSmNUR7vX2i4pQnlM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 04:02:45 -0000
I am a bit worried when I hear suggestions of disabling coalescing with different encryption level. Initial(CH) + 0RTT is fairly common, and useful. So is Initial(SH) + handshake, Initial(ACK) + Handshake(ACK), or Handshake(Finished) + 1RTT. Yes, I can see attacks with "Christmas tree" packets containing too many coalesced segments. But mitigation is obvious -- implementations are free to drop packets for whatever reason. In the rare cases of false positive, when the funny coalesced packet is not in fact an attack, the peer will just resend after at time out. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2308#issuecomment-490338752
- [quicwg/base-drafts] handling of coalesced packet… Marten Seemann
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… Marten Seemann
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… Marten Seemann
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… ianswett
- Re: [quicwg/base-drafts] handling of coalesced pa… Igor Lubashev
- Re: [quicwg/base-drafts] handling of coalesced pa… Martin Thomson
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Martin Thomson
- Re: [quicwg/base-drafts] handling of coalesced pa… Igor Lubashev
- Re: [quicwg/base-drafts] handling of coalesced pa… ianswett
- Re: [quicwg/base-drafts] handling of coalesced pa… Martin Thomson
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Christian Huitema
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Christian Huitema
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… Christian Huitema
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… Jana Iyengar
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… Jana Iyengar
- Re: [quicwg/base-drafts] handling of coalesced pa… Christian Huitema
- Re: [quicwg/base-drafts] handling of coalesced pa… Kazuho Oku
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Igor Lubashev
- Re: [quicwg/base-drafts] handling of coalesced pa… MikkelFJ
- Re: [quicwg/base-drafts] handling of coalesced pa… Lars Eggert
- Re: [quicwg/base-drafts] handling of coalesced pa… Eric Kinnear
- Re: [quicwg/base-drafts] handling of coalesced pa… Jana Iyengar