Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
MikkelFJ <notifications@github.com> Fri, 01 February 2019 12:12 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02A0D128CE4 for <quic-issues@ietfa.amsl.com>; Fri, 1 Feb 2019 04:12:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.552
X-Spam-Level:
X-Spam-Status: No, score=-12.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLQvMgJze6Du for <quic-issues@ietfa.amsl.com>; Fri, 1 Feb 2019 04:12:28 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A150127B4C for <quic-issues@ietf.org>; Fri, 1 Feb 2019 04:12:28 -0800 (PST)
Date: Fri, 01 Feb 2019 04:12:27 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1549023147; bh=FH5Ka39nNF0u3PVUcTj8rPOORRjclPFmZmmgUiEdW50=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EMNH2baKNX7SX3L51uaGowlSKt9O0XSRqqmLDMxcQhT6+9BromrVxn5F5g1T+n4it u0+N34TWiwSqrRMn2ayf8nXYCdizkvJCVyNgOpRLGmCpZRMK4Gjh0B/sqyoIf7IJOw RSWvAdknKx6KRmU/HzNZR4o0dIleRvRi3QJ9x7tc=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abb781d0db0f10f2cebb508380c411d15a1a6a5a0592cf00000001186bf9ab92a169ce1823c7c2@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2394/459703440@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2394@github.com>
References: <quicwg/base-drafts/issues/2394@github.com>
Subject: Re: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c5437abe917_42bf3fd1fbcd45bc229939"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/z3Ek6OUw3jZS5EbZllPcTi8YuKk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 12:12:30 -0000
> However that's not something we need to fix, considering that an MOTS attacker can simply inject an Initial packet containing a CONNECTION_CLOSE frame to disrupt the handshake. This is not about a DoS attack. It is about about privilege escalation. The man on the side can observe another connection and pretend to have the IP of the original client. If the server grants access to the observer based on the original clients IP, trust has been broken. Racing the packet is sufficient to achieve that. Racing will also close the original clients connection iff the token can only be used once, but that is a minor concern, I agree. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/2394#issuecomment-459703440
- [quicwg/base-drafts] Spoofed retry token attack o… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Kazuho Oku
- Re: [quicwg/base-drafts] Spoofed retry token atta… MikkelFJ
- Re: [quicwg/base-drafts] Spoofed retry token atta… Martin Thomson
- Re: [quicwg/base-drafts] Spoofed retry token atta… ekr
- Re: [quicwg/base-drafts] Spoofed retry token atta… Jana Iyengar