Re: Back to work
Ian Swett <ianswett@google.com> Mon, 02 November 2020 16:03 UTC
Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEF2A3A0AE2 for <quic@ietfa.amsl.com>; Mon, 2 Nov 2020 08:03:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CD_ybgWkWQLT for <quic@ietfa.amsl.com>; Mon, 2 Nov 2020 08:03:15 -0800 (PST)
Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 575D03A091C for <quic@ietf.org>; Mon, 2 Nov 2020 08:03:15 -0800 (PST)
Received: by mail-yb1-xb29.google.com with SMTP id b138so12151139yba.5 for <quic@ietf.org>; Mon, 02 Nov 2020 08:03:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C33cbSJ50Beqz2MLgLvmnJQte1fg3lh3X+YnTqV3vSo=; b=tEIRv05Rob60jPkO1fxVYWTOyfEfPtEhNcZ+e7HTUS+ObJOk7pM0srwXVpDOtf1qLr HdbD2/ef8vysNZLuiXuy3ZJnUBkaq9XJnCOoHoYFXHETHJbBobsCPrh00c9DJ+WEymWi FYEuBL4cMMreeo8rQsfe32dl7HjNIDhTfiApFjJisnXgIFJkPtG5dLgU96nHR/Zz2K9/ ixuHCcGjsl0Lrv/lTcwQf9mwFd1UTkaq/0KLjPpgsK5fhXLcn5OnyqtT+G7SQey0YFqA uY9InpVd1T9EujyEWBVasePg8xVaax/+lJQq4vlyrGdY1OEReaxJ0twVxOh/V9w5VAxe mdhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C33cbSJ50Beqz2MLgLvmnJQte1fg3lh3X+YnTqV3vSo=; b=oXXgFI8MiBpu2Hc74sJkk4YMKyMbcvtRTGVczKlEwY9UjSaHN299wy5KVJC6H2jQmI CnVaDSAM7wYaRHP2dVkRdFzj2mTKPWIk0YzdaFWN0wqNtPiT4gU4J8f8x6ou1Ou/yTLM yD3y2uVhUxlP1rSCTGs7cuWVE5dYd0JpikHbazYCRaPwroHdQ/cDb5DD8euZ/qOdVR/E T9Qug2AGiOkktmSLGfL+Blh5HG6MDyeHmBtkAXbSIihvgWjkOvjEym8PmT8giJd6FCIj T955zmRCFDPdvl+ezMeJuSULtqXHb3wVqH1Tfqmw+JHI40EYhcVPsgC+i4QsCVekdQln G8RA==
X-Gm-Message-State: AOAM530BoY661hwVXgxWfLx3F1VMVw8YBQEDRMT52iD3pscfJsClcN/M MrVn4hPh1ViCNoghqU5NKJcsnQ7gEhr/iLUFIXbL/w==
X-Google-Smtp-Source: ABdhPJzK96zFe5WT6fEGBi8CAbHGqCCE42JLYz1tWZAwrj6R6L1QXriEdPMlw7Kliz0XlAXvsyNFYHK7C54UckibVcw=
X-Received: by 2002:a05:6902:52d:: with SMTP id y13mr20449135ybs.364.1604332994262; Mon, 02 Nov 2020 08:03:14 -0800 (PST)
MIME-Version: 1.0
References: <0f150dec-e408-48bf-8e54-05e3e96e7a85@www.fastmail.com> <CALZ3u+a1fBq1MB52H-h-JYY=OOkOo9=jEu7smNVeyy_9U3abEw@mail.gmail.com> <CAKcm_gNoB=nP050VRfw5MXAAw-HhpnKHp6pAx9onaA4a5CH5-Q@mail.gmail.com> <b80cf41524865c171712bfcfca7ef92e2a472044.camel@ericsson.com> <efe63bdf-7af2-49c0-932d-3a36de61bdd6@www.fastmail.com> <41A07550-1BFA-43E6-83A0-93FA96DF1E9B@apple.com> <CAN1APddS_qtMoUiUL9uwtAB3rXuAQ0NmiipXGDkS4hcA5od6Ag@mail.gmail.com> <CAKcm_gOcuuF_REWszJyYC6eO6swavMD3D9VnzgJTHEwEAXOsnw@mail.gmail.com> <CAM4esxT2kD6U-Hb5cOSfykBPvTmboEozqqiYiFF63ywxstm-LQ@mail.gmail.com> <CAKcm_gPzEgEssO3LMyW=t9tvbsRrLQBJ7M=2mxySs3H-YUXF5A@mail.gmail.com> <CACpbDceKFAVZ=Vrvj8ZoOj95TNfkCqNrpLh8FOBMBUBU=Qx_eQ@mail.gmail.com> <cc9aca43-7556-7fed-8ef8-1b5343316a0d@huitema.net> <59211AC5-0D72-4295-9E67-DA0BF5B92965@apple.com> <7fca948f-6c71-45c8-8c76-8cfabf11898b@www.fastmail.com> <5CD85C94-CFB2-47FF-9178-0DBE354EFCBF@apple.com> <f950a0cf-1be1-491b-8bc4-f5816cdb13e6@www.fastmail.com> <fed2a70b-954e-f224-fd0f-e80d36f12e87@huitema.net> <9c116544-c120-422b-8968-79effb3020ca@www.fastmail.com> <C2E762A1-2CCD-4728-A9DB-32D6AE02A1BD@apple.com> <CAKcm_gNBoHTTjB9LLufiV5bnU7ngXH5fRkrpHjePL3wk_XeyZw@mail.gmail.com> <CAM4esxR2iVJ8mU7-MG+gho+9KLwCb54OmHnW1=bsLZk-5woLZQ@mail.gmail.com> <CAKcm_gMc2A_fP-cCpUOhbORFFGFm_1c1Xv7EKNwCxW1reOyXcg@mail.gmail.com> <CAM4esxQL1qS1X4FmAhXSHrfiBFb9rj52T5rXhTuG7XbbFaaqNg@mail.gmail.com>
In-Reply-To: <CAM4esxQL1qS1X4FmAhXSHrfiBFb9rj52T5rXhTuG7XbbFaaqNg@mail.gmail.com>
From: Ian Swett <ianswett@google.com>
Date: Mon, 02 Nov 2020 11:03:02 -0500
Message-ID: <CAKcm_gNT6Ag2goX=376dEW5_ztnCrvEYErQ1n7AG0L+3z_TA4Q@mail.gmail.com>
Subject: Re: Back to work
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Eric Kinnear <ekinnear@apple.com>, IETF QUIC WG <quic@ietf.org>, Christian Huitema <huitema@huitema.net>, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="00000000000039f33a05b321e215"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/AjKPFg1QLnG0Mjt79GQqDpm7Wz4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 16:03:18 -0000
Thanks for clarifying. I think I'd prefer non-normative, but I agree these points are not obvious. On Mon, Nov 2, 2020 at 10:01 AM Martin Duke <martin.h.duke@gmail.com> wrote: > My original proposal was for additional recommendations on (1) and (3), as > bolded. > > I could live with non-normative text. My point is that these optimizations > are, IMO, extremely non-obvious and we would benefit readers to point them > out. > > On Mon, Nov 2, 2020 at 4:21 AM Ian Swett <ianswett@google.com> wrote: > >> >> >> On Sat, Oct 31, 2020 at 4:41 PM Martin Duke <martin.h.duke@gmail.com> >> wrote: >> >>> I want to carefully think through the various scenarios here, two >>> "normal" ones and two attack ones. But the summary is that the proposal to >>> always use the amp limit is good, if we add a coupe of more recommendations >>> for clients (in bold below) >>> >>> 1) Normal NAT rebinding. The connection is idle for a long period. A >>> good server will have reset its congestion controller due to the long idle >>> period. >>> >>> The client then sends a packet (if the server does first, it'll probably >>> disappear). Whether or not that packet is small, the server is going to be >>> limited by the amplification limit rather than congestion control. One >>> alternative is to kill the connection after an idle period and restart with >>> 0RTT, but that's only superior because the client has to send a bunch of >>> bytes. The recommendation here, I think, is that *clients SHOULD send >>> one or more full-size datagrams when restarting after a long idle period*, >>> *and possibly reset its PMTU assumptions. *[I can't remember what >>> DPDLPMTUD says about idle periods] >>> >> >> I'd suggest a non-normative can in this case, but I think it's worth >> pointing out. >> >> >>> >>> If the client does this, the server will be able to validate address and >>> MTU in one RTT. Otherwise, it's going to have to take two. But the >>> recommendation is sufficient to mitigate the impact of the 3x limit in NAT >>> rebinding cases. >>> >>> 2) Spoofed NAT rebinding. An attacker rewrites source addresses on >>> someone else's packets, or opens a valid connection and then switches the >>> source address to the victim. The amplification limit will prevent anything >>> bad from happening here, then PATH_CHALLENGE will fail and we're done. >>> >>> 3) Normal Migration. The client suddenly changes the CIDs and source IP. >>> (a) If the path is pre-validated, there is no issue. PATH_CHALLENGE and >>> PATH_RESPONSE SHOULD have been padded to handle MTU and address validation >>> simultaneously. >>> (b) If the path is not-prevalidated, the client SHOULD pad >>> PATH_CHALLENGE. This will be more restrictive than init-cwnd, unless *the >>> client sends 3 datagrams or so, padded pings if necessary.* >>> >> >> I think this is already a MUST pad PATH_CHALLENGE? >> >>> >>> 4) Spoofed Migration: the attacker opens a connection, then sends >>> packets with new CIDs and the victim's IP. It is impossible for this to be >>> pre-validated. Because the attacker has to send 1 byte for every 3 the >>> victim gets, this is safe. >>> >>> I'll propose some text in review. >>> >> >> Besides on 1, are you suggesting any additional changes to the existing >> PR? I agree with your analysis, except I believe the client already MUST >> pad PATH_CHALLENGE in these cases. >> >>> >>> On Fri, Oct 30, 2020 at 8:08 PM Ian Swett <ianswett= >>> 40google.com@dmarc.ietf.org> wrote: >>> >>>> Thanks for all the awesome discussion. >>>> >>>> It sounds like we're landing on text that requires the 3x limit be >>>> enforced until path validation succeeds, even if it's believed it's NAT >>>> rebinding. I don't think that's a huge performance hit for the reasons >>>> stated above, but it does add some complexity for some implementations, so >>>> I'm not sure if it'll be widely enforced or not? >>>> >>>> To answer Jana's question(far above) about resetting the congestion >>>> controller, my thinking is the following. In cases when the server >>>> believes it's NAT migration, it does not reset the congestion controller >>>> and this limits the potential attack to the congestion window built up >>>> prior to the migration. Additionally, the server has to believe it's a NAT >>>> migration, which makes the attack unpredictable or useless in the presence >>>> of modern NATs and Firewalls. >>>> >>>> So what I'd argue for is that NAT migrations MAY be treated as >>>> validated paths, but the congestion controller MUST NOT be reset in that >>>> case. I think this fits what MT said their implementation currently did >>>> and what I believe ours does today as well. >>>> >>>> Thanks, Ian >>>> >>>> On Thu, Oct 29, 2020 at 9:28 PM Eric Kinnear <ekinnear= >>>> 40apple.com@dmarc.ietf.org> wrote: >>>> >>>>> Agreed, I think that’s where the “client needs to pad PATH_CHALLENGE >>>>> and any PATH_RESPONSE needs to be padded if the challenge was padded” came >>>>> from. >>>>> >>>>> To the point about it being an error case — that totally makes sense, >>>>> and as Christian points out, that is also significantly more likely under >>>>> some of the attacks than someone being both idle and transferring lots of >>>>> data at the same time. >>>>> >>>>> I’m pretty sure we did previously have text that allowed the server to >>>>> treat the new address as validated if only the port changed, but we took it >>>>> out to help with some of the MOTS attacks. Also fully agreed that it would >>>>> be really nice to not split the logic across retaining some things (CC/RTT) >>>>> some of the time, but not others (Path, MTU validation). >>>>> >>>>> All this said, I suspect these are all edge cases enough that the more >>>>> conservative PR (as currently written) would be totally sufficient. >>>>> My current feeling is that if we wanted to carve it out such that a >>>>> small packet from an attacker on the side (or an unintentional migration) >>>>> didn’t generate MAX(full_size_packet, 3x_what_came_in_from_the_attacker) >>>>> sized packets, that would be neat, but not absolutely necessary. >>>>> >>>>> Thanks, >>>>> Eric >>>>> >>>>> >>>>> > On Oct 29, 2020, at 5:09 PM, Martin Thomson <mt@lowentropy.net> >>>>> wrote: >>>>> > >>>>> > On Fri, Oct 30, 2020, at 10:42, Christian Huitema wrote: >>>>> >> That means doing thing differently for a regular migration and for >>>>> a NAT >>>>> >> rebinding. A regular migration happens starts the client sends a >>>>> full >>>>> >> size packet, with a not yet seen CID, and containing a path >>>>> challenge. >>>>> >> Responding to that with a full size response makes sense. But if the >>>>> >> server receives a short packet, with an already used CID, and >>>>> without a >>>>> >> path challenge, that's probably a NAT rebinding. Responding with >>>>> full >>>>> >> size challenge packets is counter-productive. >>>>> > >>>>> > Ahh, that seems sensible. Conveniently, the current PR results in >>>>> what you describe, so I have less work to do :) >>>>> >>>>>
- Re: Back to work Christian Huitema
- Re: Back to work Jana Iyengar
- Back to work Martin Thomson
- Re: Back to work Töma Gavrichenkov
- Re: Back to work Ian Swett
- RE: Back to work Nick Banks
- Re: Back to work Magnus Westerlund
- Re: Back to work Martin Duke
- Re: Back to work Kazuho Oku
- Re: Back to work Martin Duke
- Re: Back to work Kazuho Oku
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Eric Kinnear
- Re: Back to work Mikkel Fahnøe Jørgensen
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Eric Kinnear
- Re: Back to work Ian Swett
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Martin Thomson
- Re: Back to work Christian Huitema
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Ian Swett
- Re: Back to work Magnus Westerlund
- Re: Back to work Gorry Fairhurst