Re: Fast Address Validation - about
Töma Gavrichenkov <ximaera@gmail.com> Fri, 01 November 2019 17:34 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2BA120977; Fri, 1 Nov 2019 10:34:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ggBlj-ilEa90; Fri, 1 Nov 2019 10:34:31 -0700 (PDT)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23F35120806; Fri, 1 Nov 2019 10:34:30 -0700 (PDT)
Received: by mail-yb1-xb30.google.com with SMTP id h202so4163390ybg.13; Fri, 01 Nov 2019 10:34:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5opmrgYkbqGZ2ml6fbH5rdCed55on1iNqz6dEpbamf8=; b=laRf5Pdm95Z59V99yfWtKnFVnf5ljfRg2hR4l/Dqxqv7v/bZL4CKf2QHzy2Y4kIqNf qPAQfEBX//jdSY0ClOuhDYQv1UZy3tt+5UQJKKfBB+T/SCjkm55Gw4I9keZmIAC0dY8H pFkwDW+1dBNzhN0vlbShouiFK5Kky26jpFgde47RzGuLrbfjLqX4rxlaT+a1OpcftDnY XhUodPh+T8W9mylJHhYEqWekIs/49s3J/um6CfRoDoQVbPu/lXrrUi3+e0Eumwz9g128 6iFTHpekl2csf5yHzc5P1GT8Kw7y4Zab65Z65VKk12cje4TuSF+aIRSRvfoJQnYRgRp8 hfrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5opmrgYkbqGZ2ml6fbH5rdCed55on1iNqz6dEpbamf8=; b=AYOb/drAq7Fmb5fDdKXmUNGFAVbXYGyMSvGSdixhsUA0wLNQc4N3qNN4XD8zLlZ9kE +a1KiprQS/w1lABw0gi+beBw83r4/mCJSEEumUr/+dgps9ay4i8T2fAfbxbgg3xcgEEN HsgYZ1GGJTKdDPrbJmCC6xC4J+5ibmzVDZCOl/rfIa6GSlSPII2Q5Ys6HRHN7Lt0j3HD YRNfGvsspy2Y1oxvhissWa0wkOboNZBnHb22iRi3/eEOSgJtXNtuFgBki3r2RoqwISAz lW+Rb5JZzYfkFf018Pw8hJ17CRVew018rC9CXtgCE0G2dCTUFYF70nfNFJ35wWrRIzNN y8gQ==
X-Gm-Message-State: APjAAAXnlKkw930rm3zzdxooItJDuQ3QMyaoM+G1/omgH7D7zgJZiq4u UV66YJW2H9gQ4XBQb6kBRL5Xb3av0T68jC60GNo=
X-Google-Smtp-Source: APXvYqwwUnbDyR+igFsgcAoddWFU6+u6qnEzxPtMUx+q7iQE15zkiZSfiXTedT48O+Qy9vn+SA7WgdqAIsgVETnjTGo=
X-Received: by 2002:a25:db46:: with SMTP id g67mr9967797ybf.312.1572629668813; Fri, 01 Nov 2019 10:34:28 -0700 (PDT)
MIME-Version: 1.0
References: <4974ed86-0fa9-435d-880f-80af637ef180.anqing.aq@alibaba-inc.com> <BN6PR2201MB1700F72F3DC8F6C3CF79902CDA600@BN6PR2201MB1700.namprd22.prod.outlook.com> <bd15f357-8e7a-42af-bf28-79f7177da385@www.fastmail.com> <f55efb80-1a95-4190-84e5-b81948a7f081.anqing.aq@alibaba-inc.com> <BN6PR2201MB17005571E88F1C68769091A3DA630@BN6PR2201MB1700.namprd22.prod.outlook.com> <69d1a917-b1f9-4142-afb0-f5c67abe7334.anqing.aq@alibaba-inc.com>
In-Reply-To: <69d1a917-b1f9-4142-afb0-f5c67abe7334.anqing.aq@alibaba-inc.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Fri, 01 Nov 2019 20:34:14 +0300
Message-ID: <CALZ3u+YDo7jTJzZj=W45s0zyJoun_+1gMkq7oMVM+DNRnyDZRg@mail.gmail.com>
Subject: Re: Fast Address Validation - about
To: Qing An <anqing.aq@alibaba-inc.com>
Cc: QUIC <quic-bounces@ietf.org>, quic <quic@ietf.org>, "jri.ietf" <jri.ietf@gmail.com>, mt <mt@lowentropy.net>, mikkelfj <mikkelfj@gmail.com>, "刘大鹏(鹏成)" <max.ldp@alibaba-inc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/J2s9ap1Mab1A-I4f0YdEA_Ob5kw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 17:34:34 -0000
Peace, On Fri, Nov 1, 2019 at 3:37 PM Qing An <anqing.aq@alibaba-inc.com> wrote: > I submitted the draft, https://datatracker.ietf.org/doc/draft-an-fast-address-validation/ A quick review goes below: > The server remembers the value it sends to > clients and validates the token sent back from a client. As discussed before, this description of the Retry mechanism is inaccurate to the point it defeats its very purpose. > Address validation is used by QUIC to avoid being used for a traffic > amplification attack. This is also inaccurate; the lower bound for the Initial packet size prevents amplification. Retry token is there to mitigate Initial packet floods. Neither prevent trivial reflection, if you will. > If server chooses to > accept the cost brought by token exchanging in Handshake > [..] > Adding token field to Handshake packet does not add new security > concerns. At least one security concern I see here is what data the server is expected to derive its decision to accept the cost from. E.g. with the aforementioned 300 Mpps Initial packet flood, what is the approximate cost of keeping the state, per second? If you would just be storing 16 octets of an IPv6 address plus 2 octets of the client's ephemeral port for any Rx packet, that'd be more than 5 Gbytes of RAM consumed *per second* of the attack, not including the pointers, hashes etc. Next, I haven't exactly done the math, but I think that the draft implies that the state kept would be hardly less than an order of magnitude bigger than that. Also, the cost of processing every spoofed packet through the whole handshake pipeline, and so on. I believe this is where the authors need to come up with benchmarks and implementation hints on garbage collection methods etc. I know the amount of RAM available is destined to grow but the floods are not expected to shrink any time soon just as well. -- Töma
- Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- RE: Fast Address Validation - about Mike Bishop
- Re: Fast Address Validation - about Martin Thomson
- Re: Fast Address Validation - about Qing An
- RE: Fast Address Validation - about Mike Bishop
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Marten Seemann
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re:Re: Fast Address Validation - about Qing An
- Re:Re: Fast Address Validation - about Qing An
- Re:Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Jana Iyengar
- Re:Re: Fast Address Validation - about Qing An
- Re:Re:Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Christian Huitema
- Re:Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Christian Huitema
- Re:Re:Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Fast Address Validation - about Christian Huitema