IETF Logo Mail Archive

[quicwg/base-drafts] 481a7b: Avoid attack on address validation during connecti...

Martin Thomson <martin.thomson@gmail.com> Mon, 04 September 2017 04:19 UTC

Return-Path: <bounce+565321.40f-quic-issues=ietf.org@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65CAC1331C1 for <quic-issues@ietfa.amsl.com>; Sun, 3 Sep 2017 21:19:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level:
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com; domainkeys=pass (1024-bit key) header.sender=martin.thomson=gmail.com@github.com header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFxKB8OOnq12 for <quic-issues@ietfa.amsl.com>; Sun, 3 Sep 2017 21:19:31 -0700 (PDT)
Received: from m71-131.mailgun.net (m71-131.mailgun.net [166.78.71.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA8E5135EC9 for <quic-issues@ietf.org>; Sun, 3 Sep 2017 20:54:44 -0700 (PDT)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=github.com; q=dns/txt; s=mailo; t=1504497284; h=Content-Transfer-Encoding: Content-Type: Mime-Version: Subject: Message-ID: To: Reply-To: From: Date: Sender; bh=q5y7jqtIXWP7TmAr6DSgxKDkCJvLxoh2mZubwcK96wI=; b=Pg5D4q9N2i64JDvJUwGeGdWjA2wjeJlDKf+kN2EVdS3bj0IKAppWE6vrOikjTWPl4MkZW/BM h0mv27rdh8O/DpRjjrXaJ1kSR7gmWbeCqH6Nd/5RwLYN4SKmpeo6jigc9aEuGWlAKS9W4BtF Jp7nPlPeCJp8yWmBaTQsiNOMc6Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=github.com; s=mailo; q=dns; h=Sender: Date: From: Reply-To: To: Message-ID: Subject: Mime-Version: Content-Type: Content-Transfer-Encoding; b=p4wp1AUnciwqxYxz8uMlqE/wS7kTIupDbOfC7ksl2iD7Bnuje2trV2Y+O7pSnsvKMgg6NT OFKNfiPva2Pw2HrDyeJfQoUrDLYRY16X67tFGdTW8GxGP9sBvZZEZLOUEBr4FVUS11QEjxSH gEbRYmHeyCMc22//dJ1zVnBPSTIPM=
Sender: martin.thomson=gmail.com@github.com
X-Mailgun-Sending-Ip: 166.78.71.131
X-Mailgun-Sid: WyJhNzYyYiIsICJxdWljLWlzc3Vlc0BpZXRmLm9yZyIsICI0MGYiXQ==
Received: from github.com (Unknown [192.30.252.42]) by mxa.mailgun.org with ESMTP id 59acce81.7f9f5547b270-smtp-out-n01; Mon, 04 Sep 2017 03:54:41 -0000 (UTC)
Date: Sun, 03 Sep 2017 20:54:40 -0700
From: Martin Thomson <martin.thomson@gmail.com>
Reply-To: Martin Thomson <martin.thomson@gmail.com>
To: quic-issues@ietf.org
Message-ID: <59acce807483f_189f3fbf391b9c381700a5@hookshot-fe1-cp1-prd.iad.github.net.mail>
Subject: [quicwg/base-drafts] 481a7b: Avoid attack on address validation during connecti...
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="--==_mimepart_59acce8074021_189f3fbf391b9c3816996a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/qnnL1fvJFP2K_um6AM64QEnCo0g>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 04:19:32 -0000

  Branch: refs/heads/proof-of-receipt
  Home:   https://github.com/quicwg/base-drafts
  Commit: 481a7b5bfc24e9b11ea9dc1cbee1ad96975c10d4
      https://github.com/quicwg/base-drafts/commit/481a7b5bfc24e9b11ea9dc1cbee1ad96975c10d4
  Author: Martin Thomson <martin.thomson@gmail.com>
  Date:   2017-08-23 (Wed, 23 Aug 2017)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Avoid attack on address validation during connection migration

The attack here is that an attacker might duplicate a legitimate packet and
send that packet from an invalid address such that it arrives before the real
copy.  That causes the recipient to think that there was a connection
migration.  They will attempt to validate that address and this will fail.  The
connection is then closed.

The fix is to cause a migration back to the original, legitimate address.  For
this to work, you need two things:

1. when a migration happens, abandon any validation on the old address on the
   expectation that it will fail

2. when a migration happens, make sure that you try to trigger packets from the
   old address first

For the second point, I decided to mandate address validation, rather than an
ordinary PING.  The reason being that you have to retransmit the packet on that
path and I doubt that implementations will want to have two sets of special
machinery for transmiting - and retransmitting - frames on a specific path.
Maybe this is too much of a constraint on implementations, so I'd like to hear
from people about whether they would prefer a more generic requirement (send
any packet that demands acknowledgment would work, it doesn't even have to be
the same packet every time, though the usual situation will be that the packet
will be lost, so you probably don't want to send anything important).


  Commit: 688e930d49ff4462254df065a28600cbd9c310ce
      https://github.com/quicwg/base-drafts/commit/688e930d49ff4462254df065a28600cbd9c310ce
  Author: Martin Thomson <martin.thomson@gmail.com>
  Date:   2017-09-04 (Mon, 04 Sep 2017)

  Changed paths:
    M draft-ietf-quic-transport.md

  Log Message:
  -----------
  Merge pull request #746 from quicwg/mots-migration

Avoid attack on address validation during connection migration


Compare: https://github.com/quicwg/base-drafts/compare/9bfc5d673d99...688e930d49ff

v2.40.4 | Report a Bug | By Email | System Status