Re:Re: Fast Address Validation - about
"Qing An" <anqing.aq@alibaba-inc.com> Fri, 01 November 2019 22:05 UTC
Return-Path: <anqing.aq@alibaba-inc.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD45112082F; Fri, 1 Nov 2019 15:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BMvgBwOQ_4H; Fri, 1 Nov 2019 15:05:58 -0700 (PDT)
Received: from out0-141.mail.aliyun.com (out0-141.mail.aliyun.com [140.205.0.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AC8C120130; Fri, 1 Nov 2019 15:05:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1572645953; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type; bh=bkc4MJUWIscKYcAFCxN5kz1SiyPBTHp47WgxaAPdM4Y=; b=lvxjPgR4YPkpIYcqEeXdvqkKeAMi8FE2ZbBlrjfYdDeH7ATCVJDZfPI257AquwxaAx6RUIkhC3Z9bKW3wWolBgUdwaBDRSrSpSRZb8COBvc65iHhgteTVOatTohaVQffO3uXtlWex8h2eOL0+IXKE8RokoF9NoHgdLVIk2AZVmM=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R201e4; CH=green; DM=||false|; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e01l07447; MF=anqing.aq@alibaba-inc.com; NM=1; PH=DW; RN=7; SR=0; TI=alimail_ios_2.COREAPIfd5945c8d5e34b12a52862035679252f;
Received: from WS-web (anqing.aq@alibaba-inc.com[alimail_ios_2.COREAPIfd5945c8d5e34b12a52862035679252f]) by e01l07404.eu6 at Sat, 02 Nov 2019 06:05:51 +0800
Date: Sat, 02 Nov 2019 06:05:51 +0800
From: Qing An <anqing.aq@alibaba-inc.com>
To: Töma Gavrichenkov <ximaera@gmail.com>
Cc: QUIC <quic-bounces@ietf.org>, quic <quic@ietf.org>, "jri.ietf" <jri.ietf@gmail.com>, mt <mt@lowentropy.net>, mikkelfj <mikkelfj@gmail.com>, "刘大鹏(鹏成)" <max.ldp@alibaba-inc.com>
Message-ID: <4985b277-e390-4187-836b-0a13ad885c88.anqing.aq@alibaba-inc.com>
Subject: Re:Re: Fast Address Validation - about
X-Priority: 3
X-Mailer: [Alimail-Mailagent revision 2765257]
MIME-Version: 1.0
In-Reply-To: <CALZ3u+YDo7jTJzZj=W45s0zyJoun_+1gMkq7oMVM+DNRnyDZRg@mail.gmail.com>
References: <4974ed86-0fa9-435d-880f-80af637ef180.anqing.aq@alibaba-inc.com> <BN6PR2201MB1700F72F3DC8F6C3CF79902CDA600@BN6PR2201MB1700.namprd22.prod.outlook.com> <bd15f357-8e7a-42af-bf28-79f7177da385@www.fastmail.com> <f55efb80-1a95-4190-84e5-b81948a7f081.anqing.aq@alibaba-inc.com> <BN6PR2201MB17005571E88F1C68769091A3DA630@BN6PR2201MB1700.namprd22.prod.outlook.com> <69d1a917-b1f9-4142-afb0-f5c67abe7334.anqing.aq@alibaba-inc.com>, <CALZ3u+YDo7jTJzZj=W45s0zyJoun_+1gMkq7oMVM+DNRnyDZRg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="----=ALIBOUNDARY_34679_46023940_5dbcac3f_3581ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QNvB36BX-w481kZsOO-WEL1tPSo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 22:06:00 -0000
Thanks for the elaborate explanation. The security & privacy approaches I listed are just some examples. In today’s network, it would be hard to defend those attacks you mentioned just relying one specific approach. How to prevent those attacks may be a broader story, not just specific to QUIC. And based on the my company’s deployment experience, forcing to use Retry for address validation does cause some experience flaw in client side. Therefore, it is recommended to allow an approach that can accelerate the first connection establishment. Qing ------------------Original Mail ------------------ Sender:Töma Gavrichenkov <ximaera@gmail.com> Send Date:Sat Nov 2 01:34:31 2019 Recipients:Qing An <anqing.aq@alibaba-inc.com> CC:QUIC <quic-bounces@ietf.org>, quic <quic@ietf.org>, jri.ietf <jri.ietf@gmail.com>, mt <mt@lowentropy.net>, mikkelfj <mikkelfj@gmail.com>, 刘大鹏(鹏成) <max.ldp@alibaba-inc.com> Subject:Re: Fast Address Validation - about Peace, On Fri, Nov 1, 2019 at 3:37 PM Qing An <anqing.aq@alibaba-inc.com> wrote: > I submitted the draft, https://datatracker.ietf.org/doc/draft-an-fast-address-validation/ A quick review goes below: > The server remembers the value it sends to > clients and validates the token sent back from a client. As discussed before, this description of the Retry mechanism is inaccurate to the point it defeats its very purpose. > Address validation is used by QUIC to avoid being used for a traffic > amplification attack. This is also inaccurate; the lower bound for the Initial packet size prevents amplification. Retry token is there to mitigate Initial packet floods. Neither prevent trivial reflection, if you will. > If server chooses to > accept the cost brought by token exchanging in Handshake > [..] > Adding token field to Handshake packet does not add new security > concerns. At least one security concern I see here is what data the server is expected to derive its decision to accept the cost from. E.g. with the aforementioned 300 Mpps Initial packet flood, what is the approximate cost of keeping the state, per second? If you would just be storing 16 octets of an IPv6 address plus 2 octets of the client's ephemeral port for any Rx packet, that'd be more than 5 Gbytes of RAM consumed *per second* of the attack, not including the pointers, hashes etc. Next, I haven't exactly done the math, but I think that the draft implies that the state kept would be hardly less than an order of magnitude bigger than that. Also, the cost of processing every spoofed packet through the whole handshake pipeline, and so on. I believe this is where the authors need to come up with benchmarks and implementation hints on garbage collection methods etc. I know the amount of RAM available is destined to grow but the floods are not expected to shrink any time soon just as well. -- Töma
- Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- RE: Fast Address Validation - about Mike Bishop
- Re: Fast Address Validation - about Martin Thomson
- Re: Fast Address Validation - about Qing An
- RE: Fast Address Validation - about Mike Bishop
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Marten Seemann
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re:Re: Fast Address Validation - about Qing An
- Re:Re: Fast Address Validation - about Qing An
- Re:Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Töma Gavrichenkov
- Re: Fast Address Validation - about Jana Iyengar
- Re:Re: Fast Address Validation - about Qing An
- Re:Re:Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Christian Huitema
- Re:Re: Fast Address Validation - about Qing An
- Re: Fast Address Validation - about Christian Huitema
- Re:Re:Re: Fast Address Validation - about Mikkel Fahnøe Jørgensen
- Re: Fast Address Validation - about Christian Huitema