IETF Logo Mail Archive

Background on the 3x anti-amplification limit

John Mattsson <john.mattsson@ericsson.com> Tue, 27 July 2021 12:42 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D52123A254E for <quic@ietfa.amsl.com>; Tue, 27 Jul 2021 05:42:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwzqT29ZSwYL for <quic@ietfa.amsl.com>; Tue, 27 Jul 2021 05:42:39 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2082.outbound.protection.outlook.com [40.107.21.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 555893A2532 for <quic@ietf.org>; Tue, 27 Jul 2021 05:42:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZM/RYI74OOD0Ry3IR/8rIxxUEY2FmJTlyhHj+drugvM7R/kDj6awzNK2EfIfAQE5OlP0RYkOM2W8YYOesniwb1yt4LadawMPyQz0UiIABKD4HDWwFyROhqa0hkUb6+qKT1InVeGpFr/InKCbfpnqE55IwrqZXIZ/tVqK+wLsFh/fNBzqg5H3UiJw2/1bQe2GhWbgmibgdKy7dETvhFMrxN1EOCwRDRqR/lBjbVnvigM4JZ1kek+aTOAOJqEwN4owJwX6PgENC5lf+KolcUhDCkSLzN/QE1B0IVNHbigSdhVJJT338bCM5D25iIKBYlW4YPoirhNcZ/mVA8Tmk1Phzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0mFMnD99O/pWzF5zjtqEkJgvi4+1v5ilPLgs8OGfG2U=; b=QQSvuAtjaV17gH3uPcm9TAz+GrRQ1KyfYcLRo8xMR99aNff2RJ+SIy4pzgqRr07eKqXLgingC17hHo8OWSll0EK99aXsZkWZzwNmT0DJJdQD3Av/lkxys8siE1Ty7xlYRUT85u/Yx5kpw6KBipqUaLLzN7uwk8f3C/Z+n/Sl3BQI3hf8nX7te+MRfg+a3Gw0eEOW9IHVLoOOvMW6gmHhQUn1iFv1rsHJUjJCfcBa0HupLxMldrasalV0+1JoqMaxUOTjFyE5+mlKK2ybq3D05mwi+bqJ0GtAPsD0sYwQuZMhdVPVKow/vKPpYiMzjkqITQPgos5FTWgXguAd9sYl+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0mFMnD99O/pWzF5zjtqEkJgvi4+1v5ilPLgs8OGfG2U=; b=DNTXNGlNMXooqAFND132dahVVS/MvwTCUdyl2TOqRHLCC3u8aDgJBkg3DVhbR4li/8K6Z82/6p2nOs2Kuaml2XHUJJgWpWB3R16qd8z1x0xmaGzlSswts+LzCiIHmaSsFiKowc4sCPLkSYtaDrspYz90OCOqMdDw+zsCegThiYk=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0702MB3547.eurprd07.prod.outlook.com (2603:10a6:7:85::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.14; Tue, 27 Jul 2021 12:42:36 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b%5]) with mapi id 15.20.4373.018; Tue, 27 Jul 2021 12:42:36 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "quic@ietf.org" <quic@ietf.org>
Subject: Background on the 3x anti-amplification limit
Thread-Topic: Background on the 3x anti-amplification limit
Thread-Index: AQHXguRM1XuZsJ9sM0St8EEzWo0EZA==
Date: Tue, 27 Jul 2021 12:42:36 +0000
Message-ID: <HE1PR0701MB3050BEB3435ACE04717B721F89E99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: edced100-3da9-4d72-0ec7-08d950fc032f
x-ms-traffictypediagnostic: HE1PR0702MB3547:
x-microsoft-antispam-prvs: <HE1PR0702MB35475F40FBAD10F75434E77F89E99@HE1PR0702MB3547.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VdG6Fs63x8K3VLkwoHYAp9u/ZNNugatFWrPMUab+hsbGAeKNZliqUfkU9ftgDcivXVrnNhvqKDLIJv7CjTBBMP57cRCMCbYWhaxfzFXhd0gCFLetEr7hu+UuixQpxDqpOwm5hz4VTqgvd46x06Nr6InvxDVGwtP8I6vTNi3EYLw+Mnngq3IxzwYUr3qUYskxbRQ03bGPsurRZYSOP6B9i6DC+BmImwXxFtIRFL5hYnti9v1ZkUz1EpLt5la3MUhwFDq5QBmCmdX2FYspBKsYrRkB8mSdnISH/fR8ZKFciZR9BVk0ya5qYahAroYDANnUASVUJ+FgOCAp+IeaXNN5oLYs7CpGWPtV5fFB6QXpWhEzVEAM2wxqMcqk3e2507WlzNO//3VB6ccdGJU5SKQW7CElNd0hf9kRuUtkedbKC42vObs/BQ2yblGfzuDDiYek7qB4jTvKRohCbyabIjNg2wwiDlZRl/upHs6JgNXhUK+zRHd/IQnOmHaLsr+LqFstkwgt8GUruxhbpF5JNlzZcDZ/F6jcx0+4uBeUePSUhLnnvG+2Fw4BQ9xuClKBR37kQlu3U26CUqmpIoR00I/bOD6nIo1SZjtD82ls1lbavMJwErPgo5yw1zjNqgKgGi1wNZGHDkpsVPdYDANsFM2Y5fAn1Zs+4R2AIuXSwYI4AEo80Zl5aQGZb8Qx8ls55bol6eOLP8qtpsyrIoMlAoR68Z29NzUF6phbQi8q4spOYE7FIkGMuBa/nUWbJpHz1m6PgsCVYKn01lNoFWDAihVqug==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6916009)(55016002)(2906002)(86362001)(33656002)(52536014)(83380400001)(7696005)(9686003)(186003)(44832011)(4744005)(6506007)(316002)(5660300002)(71200400001)(66946007)(66556008)(8676002)(26005)(66446008)(76116006)(8936002)(66476007)(64756008)(122000001)(38100700002)(508600001)(966005)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5Xu5FG4jbvCwXrHJhAtG62W3/26CHHtl5hinpe+UnIdiz8G/2xVqHWEvx7ZAGpfHetNrGPMKfWwkf1LhXHkaRJnIDUxLpG25JbUSMRLBTR8kaAPOsGbMfv+LIc6dwrxZzMFEXH7gt0kLhcv+xOrAfCi8PhAIh5nx0jzD+3LhX1gc8tIy6TISSmghanWysMFuaoj8vvx8NRdue6ZzC2vntAEoUgUxCxi3E+g7e19ck0OOJ7+E3WlgRKE2rCvNonsOfJz5Kxw9p9tf8wXZiXjR8XJ7FeZCxFNDq6NCp8Ff1EXYrIal1LqmISTofQm7naqkZDjjmAg6yCSBF6tELYT/IcII0pXnZHmdXaDf7x8ybY9JfMRcSmBzzGrZ2JjMElVQGZc9wCujET0X93uUZQsJJ1zwgecCy9gCr/Lu6m0IcS6oOGO3yBKtFOX94sjLvEBekWzwfD+/aTFp9qnH3DWhEBPOMdKYcqM9VU1wkO49lLyHe764OcNa4N3J4XMQ8PhnfFnnemR2Rs0Rh+DwpR94psyZg70Ecjs9YftleVggoM1DleLULsmeUsEIQxmNLAR6hMyK1aOROBmeeFHwJM+4KziFK6OH7rmzLdLnd5cHvVN5r5lFXUQGS8FEEpGSHBQbIzUeOwcxaVaGewEZIm0a9KxZso7EES19fKyjRizH6tPO1GT35pr/YEUyqSH7P9VIvV1CgAtKsJgX62phHmNIgM2mxpQ7sODmpYeSF2TBQ0NOJR7GljpwFj8Cuhv1ohBEe71Wo91FBuv6llHuOQEcy5x3235g8wRqhR6Xj4ryFHRxSUEaX2A0Izie+clvMueKVU4rW0dyThKq7JNopUAj8X9BU2hi+VjqhJhpPBQy97z5VSCjll7iku5TCEIsa0raFpJcX8IHXDPAhZ+J1QFNGdX92LV+szat/i3w1QWtndbe2sO5zsSdbjTWbkk6vD1JJlAFtzwzCBb87BXw9Xv5iwa44F6wVdlEdSwt8AskQL7gvx31ZdTO9+sOWpYFGHNf1J/ZB+j1WSYnpx6gQbZgxjJKP31z9L24pwjoSrwDRDtNkeUpjvq2uxGhPnHvfQad7uj+mPzl8FDox4+IvksdfUWvDhwcfW6znTOWXvqn+Lu+v8JrJvd9n7ygIPds4hhfl9gnNPS8UMhiBWqPbESvwA3WSQ0fjEpfGiICWGhd+x6yG/AbbewE17XheD0m3BUSmQKl1fn0L4uJ9MAd21sajz+JD9AQpHb7iyWjGeJyZi/IrRQtnlrpJ0In6hAhoa/Ect3w/YYqGE8p5S8tbnNZs39hlbQLMziyRZwDicGTP7cDwNg4yxuCNiyOmIAu6/lKquDtP02wNdg1OD1eIbxIJA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050BEB3435ACE04717B721F89E99HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: edced100-3da9-4d72-0ec7-08d950fc032f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 12:42:36.3592 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2IWmQrhvn3vdevsjTbTLr6qODE2Y6FtjPzKXu2RiuqFUum91yP7iuO+THqIbbhnTqtIJu1BuojaiHZSjLqPGi0+2Sw4xDbZp3W2WZSV4Veg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3547
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/RdeQ_y4dHLzufgtXYccFPBiqrUQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 12:42:52 -0000

Hi,

I think it is great that QUIC has such a strict anti-amplification limit. I hope this will be an inspiration for the rest of the IETF.  DDoS attacks is a real problem and IETF and other SDOs has often been a bit naive when it comes to amplification attacks.

I am currently working on a draft suggesting that CoAP shoud do something similar as QUIC.
https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/

Was there any discussion behind the specific 3x limit?

Cheers,
John

v2.35.0 | Report a Bug | By Email | System Status