Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)
janaiyengar <notifications@github.com> Fri, 30 November 2018 02:56 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0DE0126BED for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 18:56:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2y5lOciQNuvz for <quic-issues@ietfa.amsl.com>; Thu, 29 Nov 2018 18:56:08 -0800 (PST)
Received: from out-1.smtp.github.com (out-1.smtp.github.com [192.30.252.192]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2736C12008A for <quic-issues@ietf.org>; Thu, 29 Nov 2018 18:56:08 -0800 (PST)
Date: Thu, 29 Nov 2018 18:56:06 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1543546566; bh=anXvm6n11uYDDakYNRZOMoxBEZHOuHgGtZCyMWmiMKI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=qRSAF7MbVqZion3UHh7irqTppM3HRkYFH7MWgZmsLJTPMUppSqhsNtPIrhG9ZW861 WG4WIiXB5NTK2PKOyvPto0uTnCZaQ0QB6qFOBS51NJ/77hG/VYmIlbJylJ3R860SAl y8H8VYPAGUdWQzN1i7fOy1E1fcFjWS4xy1MrtV/8=
From: janaiyengar <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abf1962d0cea2a7f961beacacb06723607ff619cb992cf00000001181868c692a169ce16f92d74@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2064/c443073490@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2064@github.com>
References: <quicwg/base-drafts/pull/2064@github.com>
Subject: Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c00a6c6e9ed6_53c73f9c74ad45bc3086fe"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/la5B-mucVQKAql4hgKhXwXp4ylg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 02:56:10 -0000
It's quite a burden on server to ensure single use of tokens, and SHOULD seems too strong. I'm not sure how you enforce it... while a single server might be able to ensure single use at that server, you need some serious infrastructure to enforce it across the fleet. Is it adequate to suggest that servers MUST include a timestamp in the token, and SHOULD expire the token within a short period of time (a few seconds)? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2064#issuecomment-443073490
- [quicwg/base-drafts] Amplification attack using r… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] Amplification attack usi… ianswett
- Re: [quicwg/base-drafts] Amplification attack usi… ianswett
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] Amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… ianswett
- Re: [quicwg/base-drafts] Amplification attack usi… ianswett
- Re: [quicwg/base-drafts] Amplification attack usi… Marten Seemann
- Re: [quicwg/base-drafts] Amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… Dmitri Tikhonov
- Re: [quicwg/base-drafts] Amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] Amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] Amplification attack usi… janaiyengar
- Re: [quicwg/base-drafts] Amplification attack usi… ianswett
- Re: [quicwg/base-drafts] Amplification attack usi… Kazuho Oku
- Re: [quicwg/base-drafts] Amplification attack usi… Martin Thomson
- Re: [quicwg/base-drafts] Amplification attack usi… MikkelFJ
- Re: [quicwg/base-drafts] Amplification attack usi… Christian Huitema