IETF Logo Mail Archive

Re: How does a server identify a new connection?

Christian Huitema <huitema@huitema.net> Fri, 30 November 2018 16:08 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 846BE128BCC for <quic@ietfa.amsl.com>; Fri, 30 Nov 2018 08:08:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uj3dq1nNMrU2 for <quic@ietfa.amsl.com>; Fri, 30 Nov 2018 08:08:38 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9F0C1271FF for <quic@ietf.org>; Fri, 30 Nov 2018 08:08:38 -0800 (PST)
Received: from xsmtp12.mail2web.com ([168.144.250.177]) by mx12.antispamcloud.com with esmtps (TLSv1.2:AES128-SHA:128) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1gSlL7-0005Br-1S for quic@ietf.org; Fri, 30 Nov 2018 17:08:35 +0100
Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <huitema@huitema.net>) id 1gSlKz-0003qF-TT for quic@ietf.org; Fri, 30 Nov 2018 11:08:21 -0500
Received: (qmail 14538 invoked from network); 30 Nov 2018 16:08:16 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.190]) (envelope-sender <huitema@huitema.net>) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for <martin.thomson@gmail.com>; 30 Nov 2018 16:08:16 -0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (16B92)
In-Reply-To: <20181130153734.GB19030@ubuntu-dmitri>
Date: Fri, 30 Nov 2018 08:08:14 -0800
Cc: Kazuho Oku <kazuhooku@gmail.com>, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4A523623-09FD-4101-90A2-FCE202585B01@huitema.net>
References: <CANatvzzaW-y6y6qN-K4W91WL+3A0fV3SLbOqcq5+SB=qXDpRXw@mail.gmail.com> <CABkgnnV9ONF5LEuCnpy8BsOHnFGidFbVKoMOeM9EohabMBMV6A@mail.gmail.com> <CANatvzxyUm86dNYAwiXeY_xHtcQBKuVWxa_3=9rgmFJtC4u+yw@mail.gmail.com> <20181130153734.GB19030@ubuntu-dmitri>
To: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Subject: Re: How does a server identify a new connection?
X-Originating-IP: 168.144.250.177
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.27)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5udnXEbinF55zH5F+I5fzz5602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiVi/NUAVlk59tQAsB7EmahhCM7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBfeuTov1vPAP3qEy01CsKmx/TBCf6oYXAWGet lavcAjD9ytQxIHf9lN5jjLJaPK8l4YBmPrqPoeRXD34azf1rYZv5uZUEePrXZkexHL9EC3AAJAfA 9MMVcQ9WVjD1q+Rbd9IPG/DQ2p+GU04sTuYFs91jhnM/Mbva2XLV/LIEzaKyLm0zESXAkIAT8ZKA DvsGI5uh86ZVnyOrYkLMWyEaRt9fxN2oReTDHAyOynaY0CmHJLVH4DfVNbPXJmiLfub/IRFsicyJ MEhQFtD8PLoiniWmsFByBoXAuCZEyg59LM/9rUJrEbVA84BZVscMTXpbpuxXJTL417vaJWq5kk+j cuidX4Ts4xdG+C13IyWeZaJIXnGlagy/bmmgWDrsWrBKZqY0WkD+XXhBRGrlXn3JpR+NFf2nXZrk r9R7rq4GP35G047RODDSOAU8VRBdjarRhquvBzKEzdsRbaiLpp7t82t4C4SlaCuF6Oqyplz7a94E pv+Z3RfD+aRmwAVlEJHcERWeKKG4PAQYNyavp7c49KDXJbBeUq+plwVLxTzfQlHSGe3okMCcn14J 4XO+5ud/IokiFjF/c3lMwsreke79zjb6Q0qr3hbejihARJOQKS7RZ4YizZEe9VMcrJA1Ttxd3VfQ E5DNiNWwEZ4OAJK/EDs7XWg9wGFzdK9KUOG9bsPJmnxScOZQ52ULRZzPCcWv15Q6CZxYjafGpi3c b03a4ZFy04e73oo5Jp1iUunX3+VlFawbDxpzYifNwA/+CbHA2fz9gpiGyR7D15JIzS+z7i8K8WY4 szo4Gwow0vwlYMfpTQuMHNi5DO10BOGC1ZJT0NaIcaHtK0XZjSPnTTBX4w==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/2Jj-a_3Tyxg7QX9wqP3CNFTfS_0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 16:08:40 -0000

 

> On Nov 30, 2018, at 7:37 AM, Dmitri Tikhonov <dtikhonov@litespeedtech.com> wrote:
> 
>> On Thu, Nov 29, 2018 at 11:41:32AM +0900, Kazuho Oku wrote:
>> The question is what happens if a man-on-the-side attacker races an
>> Initial packet with the same 5-tuple, same SCID / DCID, but having
>> different values in other fields.
> 
> Is such attack feasible?  By definition, the man-on-the-side cannot
> delay the original packet.  For the spoofed packet to reach the
> server first, the man-on-the-side would have to have access to a
> different, faster path to that server.

Non only feasible, but in actual use now. Do for example a search for "Quantum Insert".


> 
> How do other transport protocols mitigate such attacks, if at all?

The only plausible defense now is to run over IPSEC or a VPN. TLS over TCP is vulnerable to TCP level attacks.

> 
> I am asking these questions a) out of ignorance and b) as the
> implications of the proposed change (PR 2076) begin to dawn on me.

Defending against inserts after the handshake is relatively easy and everybody should do it. Defending the initial handshake involves speculative initiation of many connection copies, and then rolling back the bad ones once a good one was verified. So, yes, it is costly.

Kazuho's PR changes the equation from very costly to doable. In particular, the idea of tying the initial CID to the Client Hello greatly reduces the cost of the defense on the server side, and does not burden clients much. There is still some heavy work to do to client side to fully complete the defense, but the cost is only borne by those clients who want the defense.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email