Re: Security of coalesced packets
Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Thu, 12 July 2018 07:52 UTC
Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F155130E01 for <quic@ietfa.amsl.com>; Thu, 12 Jul 2018 00:52:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMNZjU3vQ5GI for <quic@ietfa.amsl.com>; Thu, 12 Jul 2018 00:52:33 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6EE512F1A2 for <quic@ietf.org>; Thu, 12 Jul 2018 00:52:33 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id v26-v6so27285225iog.5 for <quic@ietf.org>; Thu, 12 Jul 2018 00:52:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=YhBRh+Wo+ceP8PCW68+jCmxkAaUpQFShX08fYFhfbLw=; b=kioIe1mpb9cW8dJpb2GkK7PMPwY61B/D5hY/ltTDnHJKnlzagA9VVSPtkePfE4tEvk dRoQuIuV59gYS83SNfdzu1idYMLK+4wDus5kPRzbm2iukUoGbO5VjaKsmvYbFzS+aYuv LdcYxz2BREACafrscd5mgcxz4Lf9fxqNZtoPRzhnfps/VapBUU6Om7xJY8/F+2g2dAtw UcPG0agBp/UxYdECcGaKrerjPSVOJiazLA2jbRsuwhrt+KLgcFwKlIK6Jz0q6+k2Fp0U lVP6A7zYC1FG7Hcnt3w0Z/1piiFHJnSi+CstLm3X/pS+mrCwM1iAxaAHETwE1w49/5ry gpDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=YhBRh+Wo+ceP8PCW68+jCmxkAaUpQFShX08fYFhfbLw=; b=RSbIzIX1Byx9rXDFbf5YJJmhMgnj4+pROgzp5DmQKgS7ld9CQXC9N3+YVLxoDGI+IY Mqbr1Hy9OPhAUCfN66Tq+dF+17MzVoxV7/vU0+vqIfWoqj7R8Lr4O8ua5KOlR4Tan0Gs LEffkwcHot9f/Kqkndw5OlzQmGeEF5PfS3i3w1AsWMnjiC7/TtexgDRyZ96gNg47HtOa 5T1d++7Chu/zJMXuEK/4vAkRUQYLRWvChAgNKTiapeiRQKHC4HILU4UHkamA88DSt9lb ycEcIr5711S+Dbxw8GIfwX1Q3cpuZyUF+8f1PlfUx6isH4v1FVs/ABctHJoihyKrdbgQ cTKg==
X-Gm-Message-State: AOUpUlF1gN67fVo9Rz8e8RQNCiWYqArM2XJGVNPFoRLo8QC3saOzwCQY KVjKn8IoK0ouLJGF2CquPhmc7LegZpdT2gu0dcM=
X-Google-Smtp-Source: AAOMgpcnl6JA/y3Q6Bbgl+mD+wQNYT0tA1UQn3e1zBgo53ZBwGDxUdP4FOluOTfBDO0yMtK4nwDKFUnkXLhl2WxUBiA=
X-Received: by 2002:a6b:b3d7:: with SMTP id c206-v6mr1506518iof.606.1531381953084; Thu, 12 Jul 2018 00:52:33 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Thu, 12 Jul 2018 00:52:32 -0700
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <CAN1APddC_-pjZ4Gs-fh56e7KbwyvWxGoAASxAsV+toYZz33rZg@mail.gmail.com>
References: <CAN1APdfrjbZvvJj33taJpYCc2utTuHwZx8O6_um-nB7OLpFx5Q@mail.gmail.com> <CANatvzyrfvjnZ3Y4FKiW0fRVahmArXyaJk9gt2NrZPgaOX-WaQ@mail.gmail.com> <CAN1APddC_-pjZ4Gs-fh56e7KbwyvWxGoAASxAsV+toYZz33rZg@mail.gmail.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Thu, 12 Jul 2018 00:52:32 -0700
Message-ID: <CAN1APdc2bLn-C3Udy4g3FyNdfcmAD3RH-TeOrC5gmW=E7+DH+Q@mail.gmail.com>
Subject: Re: Security of coalesced packets
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000054430e0570c8a5da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/LhRGe11ZqfZHSJyhtiqoJLJu71M>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 07:52:35 -0000
On 12 July 2018 at 09.50.51, Mikkel Fahnøe Jørgensen (mikkelfj@gmail.com) wrote: To me the situation seems indifferent to on-path devices sending additional packet using the 5-tuple when it sees a packet belonging to the QUIC connection. It is different because if the source is a NAT home router, or a compromised mobile phone, it does not matter how you migrate, or change connection ID, you would still end the same cookie.
- Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Martin Thomson
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku
- Re: Security of coalesced packets Mikkel Fahnøe Jørgensen
- Re: Security of coalesced packets Kazuho Oku