Re: Security of coalesced packets
Martin Thomson <martin.thomson@gmail.com> Thu, 12 July 2018 06:53 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849CE130FD7 for <quic@ietfa.amsl.com>; Wed, 11 Jul 2018 23:53:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QTMVYb5I8Jtj for <quic@ietfa.amsl.com>; Wed, 11 Jul 2018 23:53:45 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D86130E13 for <quic@ietf.org>; Wed, 11 Jul 2018 23:53:44 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id w126-v6so53866346oie.7 for <quic@ietf.org>; Wed, 11 Jul 2018 23:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QEAR3R0aF1vgjyWdJXvtgt+Fox+UWnE90i8hrc0+7cY=; b=PfXUfbe5fOkS0hdeoWjuNIl1SrkcWAghwvQygGQURmputCdkCxRbD/7Dd9eutXhERi LvH62KGGVNezNKjYYe+fSPTAB3yRz8f1fVB2B3mmgzDR8Jp5rPOdzruHojAyJU7aphWz RPWXKJSJ9OcAQB5b2/6Hk3UhNNZRU/P6SceU8q2K03QvxPUSb/F/nH4t4oPGOruK5yho FW0XXQNEowEM9CuTLINDex9rHtWMLBWWSw8MoTeQ6eHExb5rLq9Hexb5jw2fo2iRYw/i MMVcNMzCJODI4LRL5fiNSdcn0Q7Vncdh7vfZIHbJ2PhICeo0imiUcQEJLaWjZLrMiOR0 Ae6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QEAR3R0aF1vgjyWdJXvtgt+Fox+UWnE90i8hrc0+7cY=; b=e6AAze+Fghcyzk+r3PyszDJKPrbHmhQklGX3mLS2ihMNRN30RAk1osB7OKjL66zqj6 i6zTNnX1U9fS3H+jv21MTDl1VxnfesX4NWHwinudbtcKa9iVqCjIpPthUs1/lrDWnd6T T9nsUTVgGutpI19MzgVb+4T4AdKLgSwx98TfwugVyP55IMtPJnWqAKXkvg0ioRRaUa/4 U117fLg2gDe3KQjlveUKMJ/l47HGM5Ph624mKrKVC7fv/elbg4j6t39cB2uIQjrJMX06 Bj0lcfwhQi8nafwDFTcDwKQUO9jBpOph82MquVVJWzT26vmYDhDhObbdCoyytmqHfB+0 gCUg==
X-Gm-Message-State: AOUpUlHBcbKgJDZiSim3rQtH/TQogaF1O1HNTIX8uoO0gC5q99V4FW9t vPXsptzMmLtkMdQTVr/SYXEg/SBrcYsd15n9jrs=
X-Google-Smtp-Source: AAOMgpcPhL8Qomp8h5ujcAsfEmVoJ9ltjd0kiV2fm69UAuGLBDdhR8Rd/t6PXcObaTJ9yp6ulzuSW6kt0EEj5MPfPtw=
X-Received: by 2002:aca:df42:: with SMTP id w63-v6mr959905oig.295.1531378424058; Wed, 11 Jul 2018 23:53:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAN1APdfrjbZvvJj33taJpYCc2utTuHwZx8O6_um-nB7OLpFx5Q@mail.gmail.com>
In-Reply-To: <CAN1APdfrjbZvvJj33taJpYCc2utTuHwZx8O6_um-nB7OLpFx5Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 12 Jul 2018 16:53:33 +1000
Message-ID: <CABkgnnWG_Bhi67QXpn9aOfZ4gRcgup_7K0hFox8zr_jO1hPsaA@mail.gmail.com>
Subject: Re: Security of coalesced packets
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/1zrwA3lEClFLLltEimQu9oq78KA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 06:53:47 -0000
On Thu, Jul 12, 2018 at 4:45 PM Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote: > However, considering the effort spend in trying to avoid linkability, it appears to me that third-parties can easily inject tracking information in ordinary QUIC packets using the coalescing mechanism. Yes, this is possible. It is also possible at the IP layer through the use of IPv6 header extensions. A MitM attacker can also embed signals in flows by altering the rate at which packets are transmitted. > These issues could be avoided by only permitting certain early packets to coalesce. In the current design, you need to use the long header to coalesce (the trailing packet can use the short header). And packets with the long header only appear during connection setup. It is possible that we could prevent this sort of covert channel from being created using long header packets by saying that coalescing isn't allowed after the connection is established. Not sure that it gains us much though.
- Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Martin Thomson
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku