IETF Logo Mail Archive

Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)

Marten Seemann <notifications@github.com> Mon, 07 January 2019 04:58 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9376130DC6 for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 20:58:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.065
X-Spam-Level:
X-Spam-Status: No, score=-8.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Rw1pIm8kH59 for <quic-issues@ietfa.amsl.com>; Sun, 6 Jan 2019 20:58:24 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F85E12D4E9 for <quic-issues@ietf.org>; Sun, 6 Jan 2019 20:58:24 -0800 (PST)
Date: Sun, 06 Jan 2019 20:58:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1546837103; bh=CvIBLyzNMNbV1kGK6MzV8IxZvOJribfYnFWGHXmS4S0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ilaW3xCg2CAXIjn2xjzKrYilTb7WkoiJZvrJyYEEpBQZN1zMNlXAOUnm7GRWCk5kP V4uATiBpp+X6Poj8i7fS23eYjaLJZ6ea1thP3kR0g4lD6qOfO1x98cPIl2fiYJBxO9 xRrDfBIF7pJqbCDuGsfk9dq/v0PYobJKNstcFV3g=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab45a4294c7930ad9c17559f84b512d4b7684caad892cf00000001184a9e6f92a169ce179fbcfb@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2308/451822218@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2308@github.com>
References: <quicwg/base-drafts/issues/2308@github.com>
Subject: Re: [quicwg/base-drafts] handling of coalesced packets with decryption errors creates DoS opportunity (#2308)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c32dc6f175c9_1aed3f8a544d45b8933e8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/t7zsoMperMXeijVnxwgkEzCskTg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 04:58:26 -0000

> Doesn't decryption failure happen also when the packet gets corrupt while being transmitted?

I assumed those to be **very** rare, so treating the whole datagram as corrupted might be a valid response. I don't have any numbers about that though. Maybe we can ask @ianswett if he can share some measurements?

> Does that matter, considering the fact that an attacker can force AEAD operation for every 21 bytes by using a short header packet (1 type + 4 byte space + 16 byte AEAD tag)?

The assumption here is that sending a lot of small packet is more expensive than sending one large packet of the same payload size. First, there's UDP and IP overhead that we're not counting here, and second (and probably more importantly), you only need a single syscall.

Looking at the numbers, I think I messed up my calculation of how many coalesced packets fit into a single datagram, since I failed to account for the AEAD tag. This brings the number QUIC packets per datagram down to about 35.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2308#issuecomment-451822218

v2.23.0 | Report a Bug | By Email