IETF Logo Mail Archive

Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)

Christian Huitema <huitema@huitema.net> Mon, 19 February 2018 18:32 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BAEA1241F5 for <quic@ietfa.amsl.com>; Mon, 19 Feb 2018 10:32:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RkQHMW8m2m7 for <quic@ietfa.amsl.com>; Mon, 19 Feb 2018 10:32:40 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 122111204DA for <quic@ietf.org>; Mon, 19 Feb 2018 10:32:33 -0800 (PST)
Received: from xsmtp02.mail2web.com ([168.144.250.215]) by mx3.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1enqEN-0003hz-Gn for quic@ietf.org; Mon, 19 Feb 2018 19:32:06 +0100
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1enqDo-0006EP-TC for quic@ietf.org; Mon, 19 Feb 2018 13:32:00 -0500
Received: (qmail 20556 invoked from network); 19 Feb 2018 18:31:12 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.56.42.184]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <quic@ietf.org>; 19 Feb 2018 18:31:12 -0000
To: "Lubashev, Igor" <ilubashe@akamai.com>, "ekr@rtfm.com" <ekr@rtfm.com>
Cc: "quic@ietf.org" <quic@ietf.org>
References: <1d386744-c46a-842a-b172-24e290e03668@gmail.com> <142211e0-c7c9-642f-69ef-5f0d722b77cc@gmail.com> <529ac475-5291-2b2e-acf9-05efe720d584@huitema.net> <6937_1518251684_5A7EAEA4_6937_191_1_5A7EAEA5.2000605@orange.com> <CANatvzz_2BeRns5E-OO=CKKwK66LgMd=3vVCM84_+OAxj8CutQ@mail.gmail.com> <d3c8688a-3f01-30b1-a3de-1300a43c1d99@gmail.com> <835e5014-3306-e7ac-fed0-3c90320551a9@gmail.com> <CABcZeBOHgM1xnvmx=CWEEeLnU9bO3DuFCYzbk6m2Kg=sxbYZYA@mail.gmail.com> <efc46f51-41ff-f69c-d627-f6d585013b1e@gmail.com> <CABcZeBO4OHJDtFkjcCwRFNL_mU5QzOGBcC-zMJPHStJq090gzw@mail.gmail.com> <MWHPR15MB182101493383DBBDD889B6C7B6C80@MWHPR15MB1821.namprd15.prod.outlook.com> <ae2d881a-1966-dc9a-f69a-44d13ad3d2e8@gmail.com> <CABcZeBPBZBaYigxNdbBq3=JtKuz8wN-WhNBwsxTdAtS=uJv2Rw@mail.gmail.com> <7317339e-3b4a-bf03-5624-e0d81f5c8a2c@huitema.net> <CABcZeBN1hYug-0_VEVyGPRgG0=zHzJazcSo9=WdR09yk9WDO4Q@mail.gmail.com> <6ec913dc5ecd494eb951ac716e87d40e@usma1ex-dag1mb5.msg.corp.akamai.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <459f4622-bab0-6bdc-8b6c-70e87a0efb97@huitema.net>
Date: Mon, 19 Feb 2018 10:31:07 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <6ec913dc5ecd494eb951ac716e87d40e@usma1ex-dag1mb5.msg.corp.akamai.com>
Content-Type: multipart/alternative; boundary="------------2C53FF6901939EBE7B4369EE"
Content-Language: en-US
Subject: Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)
X-Originating-IP: 168.144.250.215
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.14)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5kbCOyFOHL+iFp4v0H3avfl602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO37pNwwF1lRXh5rzvPzo9Jts1ujulqUFmMITHM77eiViA6kGGzCqTJNYKxbdT4O/7M7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pBiuj1YIZWyGteeTEbAD/lb/vRa7MR4hgRIg8N 1QlY4G7x1YBTEs55LirRLgpsvCFtid7SQi4NE/job5y2wAN3GZxznd8NXwc/vKJtfZaXo5QAJAfA 9MMVcQ9WVjD1q+Rbd9IPG/DQ2p+GU04sTuYFs91jhnM/Mbva2XLV/LIEzaKyLm0zESXAkIAT8ZKA DvsGI5uh86ZVnyOrYkLMWyEaRt9fxN2oReTDHAyOynaY0ClKHhIXfDbmhz3DoftFSAfVIRFsicyJ MEhQFtD8PLoiniWmsFByBoXAuCZEyg59LM81CaOu2xwDQxDsUgSvK+nII1IRruUYLOgUnyoTu5lV X1MKVprlQYwN+KHznEQNFP2q+fqyhVlKtogd+v1OOmusOlXPRgr0HlWOaBZW5KERUQfG/OGabeQO D+JyvmSUpW+ZQTl/k5oRlt1ErWfaEWxe22o4BNBy+bVfxj88zI41K1O7B0jvACHkMSS0WCQUO4CT J7q4QftjYVRI4vivMj6DSGG/BQd7r2NVEaNhWos5pmiO/Py3rZ14nYVGG72TZSAccBIk1Sag4dKi qCrF8eZZeNMTAWyxeqt3BjCO03tBtt1Lx8F1uBisuhh9Eb2drX2Bi6owqeb+h1kbxIVWYdC7mWfB wRrxmI1OlqTCPsUGPVeqv/VOJZnHunWcIBzbsDrLaeA4pl20N4bgeYf9w8whIRFsicyJMEhQFtD8 PLoinpgjWjpMfsxmWdg884icSQEZwRvSfvkJh2VafuDhMcA1uHlEIbR8fMtAowK0FL525g==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/CUhuKhaDhwU29k8qIzwkSpMu57A>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 18:32:42 -0000

On 2/19/2018 5:26 AM, Lubashev, Igor wrote:

> For clients that have a tcp fallback, this kind of an attack
> mitigation would need to be done together with some happy eyeballs
> race. Otherwise, waiting for a timeout on VN has a real performance
> cost to the user in case there is no attack happening. So if this kind
> of an artificial delay in VN is mentioned, starting the fallback would
> need to be mentioned as well. All this seems like it could belong to
> an optimization/applicability/happy-eyeballs-for-QUIC draft, if it
> belongs anywhere at all, but not the transport draft.

That's reasonable. Several people have expressed concerns about
man-on-the-side attacks. We have heard various proposals for hardening
the initial handshake. The typical concern is an adversary "that taps
optic fiber at an internet distribution node", to use Mikkel's words,
although we may also be concerned by an on-link attacker in an Ethernet
or Wi-Fi network. The adversary gets a copy of packets, parses them, and
finds a pattern that triggers an attack. The adversary then sends a
forged packet to one end of the connection or another, with a goal of
causing either a connection failure or a security downgrade.

Lingmo Zhu is concerned with a specific variant of this attack, sending
a forged version negotiation packet. I think that's a valid concern, but
only one of many. We should be equally concerned with forged stateless
reset packets, or forged handshake packets: anything that happens before
protection is negotiated can be forged.  I would support writing a draft
that enumerates these attacks, and proposes plausible defenses.

-- Christian Huitema

--

v2.23.0 | Report a Bug | By Email