Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)

Kazuho Oku <notifications@github.com> Mon, 07 January 2019 05:18 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51588128CF3 for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 21:18:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSXEacdxeXpZ for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 21:18:18 -0800 (PST)
Received: from out-15.smtp.github.com (out-15.smtp.github.com [192.30.254.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE7E41274D0 for <quic-issues@ietf.org>; Sun, 6 Jan 2019 21:18:18 -0800 (PST)
Date: Sun, 06 Jan 2019 21:18:18 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546838298; bh=kSTQNPE+vWDB0HCWhYqeeIsaNXU2WjLvqEO9MiKANIw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=y/BjGXKLG/mAvDakPnNwVjI61+eswsM5ShBU0hprwN6VYOWCBBFAAaVPqOWvXQ+HL TDHYHOeo4HumNMaE9lZ87i2Rd+5B1vPttLKY33p77hYGBc2Cne14h2MHL8ug0Sx0pi ecJbnKfDepe0CgQiMcoB7Gam7PdOHsHQn2G5ohUc=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab7df994d3f6823b6306109e4c6af4cd87ef8c678592cf00000001184aa31a92a169ce179fbcfb@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2308/451824672@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2308@github.com>
References: <quicwg/base-drafts/issues/2308@github.com>
Subject: Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c32e11a6cce_5aa63f7f64ed45b813252a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/jhTP9OyFU8mr46TTZHs2vGWReRQ>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 05:18:20 -0000

> The assumption here is that sending a lot of small packet is more expensive than sending one large packet of the same payload size. First, there's UDP and IP overhead that we're not counting here, and second (and probably more importantly), you only need a single syscall.

That could be true, though I am still not sure if we need to talk specifically about the attack. For example, an attacker can also send a packet that successfully decrypts, that contains many tiny CRYPTO frames (4-bytes each).  I'd assume that processing of that would be more costly than AEAD-decrypting every 35 bytes.

Having said that, the state of the endpoints are guaranteed to progress even if the following QUIC packets of a coalesced datagram are corrupt. Therefore, I won't disagree to relaxing the requirement from MUST to SHOULD.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2308#issuecomment-451824672