IETF Logo Mail Archive

Re: [quicwg/base-drafts] Compatible version upgrade (#1901)

Kazuho Oku <notifications@github.com> Thu, 25 October 2018 03:32 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A9312F1A6 for <quic-issues@ietfa.amsl.com>; Wed, 24 Oct 2018 20:32:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IiRHOQkId22t for <quic-issues@ietfa.amsl.com>; Wed, 24 Oct 2018 20:32:33 -0700 (PDT)
Received: from out-4.smtp.github.com (out-4.smtp.github.com [192.30.252.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0761128D68 for <quic-issues@ietf.org>; Wed, 24 Oct 2018 20:32:32 -0700 (PDT)
Date: Wed, 24 Oct 2018 20:32:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1540438352; bh=WvY7FRdJKkzqENlPhqa+koHUFHx6rvZy3hIp7u0rfII=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1vbtH9FcdW5BkXbJxDNFWIPRBsa4pEddfNBpiEPDrgr3ImAVd+RdcLA1S4+uir2oN 7Hl5auOkCNQvYD3PNSo5LWfl6N2An2kG3ow0XpigORl4livB9ApGGQdIzYgD1BkRSZ lNMq1us7SwvN3Y7DdP1HO1WIwbYbGm7LTO1OQmzU=
From: Kazuho Oku <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abe3c3c69e98cd25df684104800353642227fb24ff92cf0000000117e8fb5092a169ce1640b1a8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/1901/review/168197887@github.com>
In-Reply-To: <quicwg/base-drafts/pull/1901@github.com>
References: <quicwg/base-drafts/pull/1901@github.com>
Subject: Re: [quicwg/base-drafts] Compatible version upgrade (#1901)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bd1395028172_28af3f82a4cd45b8208738"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/w_nVXxx6JI2uvAnJyAFUjmEESOY>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 03:32:35 -0000

kazuho commented on this pull request.



> -transport parameters.  The position and the format of the version fields in
-transport parameters MUST either be identical across different QUIC versions, or
-be unambiguously different to ensure no confusion about their interpretation.
-One way that a new format could be introduced is to define a TLS extension with
-a different codepoint.
+is sent by an attacker.
+
+To protect against these attacks, the transport parameters includes the complete
+list of versions that a client is willing to use, with the version they used for
+sending the first packet in the first entry.  Including this information in the
+cryptographic handshake provides it with integrity protection, and allows the
+server to detect version downgrade attacks.
+
+The client MUST include the first QUIC version it attempts to use as the first
+entry of the supported_versions list in the transport parameters.  A server MUST
+close the connection attempt with a VERSION_NEGOTIATION_ERROR if it supports the

My understanding is that the intent of the text is to detect version downgrade attack at the server-side instead of doing on the client-side. IMO we need to make the change; see #1810.

However, I am not sure if the proposed design is sufficient, because it only detects a repression of only "one version" (being identified the first entry of supported_versions), while an attacker can inject VN to repress multiple versions.

Consider the case where a client supports three versions, v3, v2, v1 talking to a server that supports v2 and v1. Assume that the use of newer versions are preferable than the older ones. The client uses v3 in it's initial attempt. The attacker intercepts the Initial packet and responds with a fake VN that advertises v1 only. In such case, the server will not notice the downgrade attack and the connection will be established using v1.

IMO, it might make sense to send a list of versions that the client preferred but was unable to use due to the values included in VN that it received.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/1901#discussion_r228025116

v2.30.2 | Report a Bug | By Email | System Status