Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)

Marten Seemann <notifications@github.com> Mon, 31 December 2018 03:34 UTC

Date: Sun, 30 Dec 2018 19:34:14 -0800
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab6dd70957438edeab088b4aafb9c028c0e66df2e492cf000000011841503692a169ce177f0208@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2259/450604861@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2259@github.com>
References: <quicwg/base-drafts/issues/2259@github.com>
Subject: Re: [quicwg/base-drafts] amplification attack using Retry and VN triggered by coalesced Initial packets (#2259)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c298e361b15c_4c9e3fe9ca8d45c0108962"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/rjP0AAmBnTSVA-VZdqoAaykErwI>

@martinthomson Why do we need to allow multiple packets of the same encryption level in one UDP datagram? I can't see a single use case for this, but I see a lot of ways this can be used in malicious ways.
We introduced coalesced packets to reduce HoL blocking on encryption level changes, not to give senders the ability to stuff 67 packets into a single datagram.

Proposed text:
> A sender MUST NOT coalesce multiple packets with the same encryption level into a single datagram. Receiver SHOULD ignore any subsequent packets that have the same encryption level as any of the previous packets in the datagram.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2259#issuecomment-450604861

[quicwg/base-drafts] amplification attack using R… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Dmitri Tikhonov
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Martin Thomson
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… Marten Seemann
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Nick Banks
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… David Schinazi
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… ianswett
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… Kazuho Oku
Re: [quicwg/base-drafts] amplification attack usi… MikkelFJ
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar
Re: [quicwg/base-drafts] amplification attack usi… janaiyengar