Security of coalesced packets
Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Thu, 12 July 2018 06:44 UTC
Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E6F9130EBC for <quic@ietfa.amsl.com>; Wed, 11 Jul 2018 23:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEN88Wpvqmun for <quic@ietfa.amsl.com>; Wed, 11 Jul 2018 23:44:52 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E332130E13 for <quic@ietf.org>; Wed, 11 Jul 2018 23:44:52 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id l14-v6so17119956iob.7 for <quic@ietf.org>; Wed, 11 Jul 2018 23:44:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:date:message-id:subject:to; bh=KHSBRQ/RPdAJ7qR2rhi/BoQKh5eDYXggeFNEHTmggsA=; b=ErW5n1eYIXUyAuX+TuvUoF+y69pL/mIzst57CdG/Qf6wOjJ1RL0NnFu7JFUwuAAC/P SnaF+9DzFG2i4W5eunS+RirzMVahtzeVFY3+9za8T1wucqtDIySLdiO8b7HmTVnGI+ng yDOm+Qu5ph0mmjQuxHJoU7ktUtYYNGLjh43aPuA01wumT8nTP7dZ9NReNJnWUikYoyUE o/QvcgwaaoGmCsHUtjH7O29YZlUSjGdydKzG/mB2Aq668HkgjfViydp47YlIvXFm3R9O zZcacK83owtlJxUBccn/KoX0TJHRLFg511zKZ+Vyvob00gU+ggi1aasLV5tjPJ/rR0eK Auug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to; bh=KHSBRQ/RPdAJ7qR2rhi/BoQKh5eDYXggeFNEHTmggsA=; b=BhmYFGhI5GvIrp52GiBEOxGSJlvhYkOxbDFgF/LLZsVS+Yu0iaWw4YPxDiGP2T2wdW wzJdJKh9nWoh09kXC7au3TF7wd+Kw0KVEnmUaEHwIKnM4G108yek4cCgOSaSpHl9zVEk hEqViep5c3ODuIjzzxTNshOiJakJTSja6/s+YbcCg+hLM7T65O5emdAjh2V/zOwMpv9m UavJluCyjSKmN1waEcNGnx9xPBB3TmCemgYKiZpMt4+4VZ3a0ZGnq+S1FDWJXTcY8QaD 9K51RPlocuP/PuE9JmqTrxVRKlrur/5VyDA/qScokP375H6VSFbpdf0gvZE2a+MVBkVs MuvQ==
X-Gm-Message-State: AOUpUlEOBsGUsSPJOqk+tHybbYlFP2jUhd2hqmPWamyViwqk81gckfIc ke3L9OQ2Aelf11nG1QeWluyOrZzCqYI9ZInB7GrhIg==
X-Google-Smtp-Source: AAOMgpcehAD5d/l7E265KU3jRjK0uxC0jfiyBosN0ugtrRjenKZ1F7QmS1pDuPS+87eaJ5ZryLjjdf/9SusHqgYPAtQ=
X-Received: by 2002:a6b:b3d7:: with SMTP id c206-v6mr1406579iof.606.1531377891318; Wed, 11 Jul 2018 23:44:51 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 11 Jul 2018 23:44:50 -0700
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Wed, 11 Jul 2018 23:44:50 -0700
Message-ID: <CAN1APdfrjbZvvJj33taJpYCc2utTuHwZx8O6_um-nB7OLpFx5Q@mail.gmail.com>
Subject: Security of coalesced packets
To: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003a9f9b0570c7b39c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Ex6CTi_Ipcn79hdMkolcZQMhw3k>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 06:44:54 -0000
An issues was recently closed regarding what to do when UDP datagrams contain coalesced QUIC packets where some are not understood. The requirement is that the connection ID must match in all QUIC packets but otherwise packets that do not verify should be buffered or ignored independently of other packets. https://github.com/quicwg/base-drafts/issues/1319#issuecomment-404403569 There are good reasons to coalesce because it makes the early handshake much more efficient and there are good reasons to allow packets that do not verify because they may relate to key material not yet available. However, considering the effort spend in trying to avoid linkability, it appears to me that third-parties can easily inject tracking information in ordinary QUIC packets using the coalescing mechanism. Even if the connection ID must match, it is easy to just copy the connection ID from the primary packet and insert a global tracking cookie near the source of the packet, such as in a compromised home NAT router. Tracking can also be done with ordinary tunnelling but that is sometimes desirable inside infrastructure, and far more difficult to manipulate outside such boundaries - e.g. a compromised NAT router would not be able to do it. These issues could be avoided by only permitting certain early packets to coalesce. I do not have the overview of other possible valid uses of coalescing such as during migration or rekeying. Kind Regards, Mikkel Fahnøe Jørgensen
- Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Martin Thomson
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku