Re: Fwd: New Version Notification for draft-kazuho-quic-address-bound-token-00.txt
"Martin Thomson" <mt@lowentropy.net> Mon, 08 April 2019 01:42 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E4D1201C2 for <quic@ietfa.amsl.com>; Sun, 7 Apr 2019 18:42:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=EuuN5nNm; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=o9x3h7Ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffb9FVsSWD0D for <quic@ietfa.amsl.com>; Sun, 7 Apr 2019 18:42:42 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477C51200C4 for <quic@ietf.org>; Sun, 7 Apr 2019 18:42:42 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 143FF21C47 for <quic@ietf.org>; Sun, 7 Apr 2019 21:42:41 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 07 Apr 2019 21:42:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=JzDI7uFOl6aCKB5OE1fPlfikXs9nAyK n82qZPxsPETg=; b=EuuN5nNmwo3lDCMSWYc1iULH2tUyNtymxmDBmpUGEPijo01 6VoBf5E+QZm7dqMcCvfVz8o3tFgrCiMqe00fP3/QBbIkxGOyk1EZo47TroS++Sre q4WEG6lNkgJR6fFg8EfMBfxI5Eg0RMaM6N7EZuFu4M84glyhvZEgAiNdRHVL5tRN pSEWl3+DZUOOpDiy+Q2goQ/H/FczJ+7mJukpTfZYvTJ4VQmskCugmvM488K4VNPf 0ImTN6OCkIZli1+EWIWB+tkVxrpyT7IxZ6i38kgU12Pz/w/ayBvoK2FojZP0BAde d0p7aTPrncEiKzjsnnXlvv44vb7Nhbn8ZKjQMBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=JzDI7u FOl6aCKB5OE1fPlfikXs9nAyKn82qZPxsPETg=; b=o9x3h7CaJY2k2r7rIn+8mc ZFLyh6lL722f+o/6qYtJUM5f6oPStOaaVLggG2dhrmLuQksa+MNiZGTXL7ZMxQpY AQF7oGJGuCXjY3slfoRcEGBBlktV1fQKw3bKOLf3VfnT/JtDZWlhvFKgRX4dpqai kkqqoa8MFkVvup7EUk5wiRkmnYFb/X5Fi70LyVsXVS8tqkMJyrp+zre0OMkJYJnL ncEtp2hGFXc2mDiSa5KqgchMgdRrf1HR6IomGYyqKmTlMRoWQEeoaO7NZurhhxEG Gdojgy9RvokzQEFEvfezvccobJ7g9QYV2yzu3CSscKseb2iXsKPB7XQymYH3lo7w ==
X-ME-Sender: <xms:EKeqXFUiDVObWXuabv_8dsLoCtEkhZ-nJ5lctWqfqnhbSMDspLASYQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddruddvgdehtdculddtuddrgedutddrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfgg fkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhm shhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihii vgeptd
X-ME-Proxy: <xmx:EKeqXPAxDTMy83ghe87VvnKRZMt0DHhQonPIrm0Tf5C4Ou1NFUjRCg> <xmx:EKeqXA8xUg8CWvt3dCxadcQ--0RY0PXLY5O9FBH0LsFAoRzviK7IvA> <xmx:EKeqXOFw0SFjQKtG3VCiLcKBDlbrGtKuMH_AYX8Ot7OqLiVuDDV7Fg> <xmx:EaeqXBkWo9YBWganJd1dVSJXIyR8_rQ4jzEZ5Gb1pgyayNygw8jm3g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A088E7C1B9; Sun, 7 Apr 2019 21:42:40 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <a47d1338-e307-4ac1-994c-85d176f73445@www.fastmail.com>
In-Reply-To: <CANatvzxj8iH-W3WC-7S=YR6T_JD2ES+b-mB2q4iDLLb=QNEuVA@mail.gmail.com>
References: <155435502215.22668.17009854749523198767.idtracker@ietfa.amsl.com> <CANatvzz+AUc=j+36yNq78Eu6vTjs1_OThCY2O=ivJLyZRe+3Og@mail.gmail.com> <CAN1APdf-vH2B-1OSX-ndrK=JM3vQet0Sf2tqeMMyrDKxtZyofg@mail.gmail.com> <7a20865a-b368-80eb-378d-1744c9577117@huitema.net> <CANatvzxj8iH-W3WC-7S=YR6T_JD2ES+b-mB2q4iDLLb=QNEuVA@mail.gmail.com>
Date: Sun, 07 Apr 2019 21:42:34 -0400
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: Fwd: New Version Notification for draft-kazuho-quic-address-bound-token-00.txt
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/bIAqRKSkCqABgEvaWu3hTNx1YCY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 01:42:45 -0000
On Thu, Apr 4, 2019, at 18:33, Kazuho Oku wrote: > > We probably need a slightly larger security analysis. What if a service part of a farm issued such a token without coordinating with the other services that use the same address? Could that be a form of DOS? > > Would you mind elaborating about the scenario a bit more? I ask this > because I am not sure if that is a practical attack. Assuming that it > is about an attacker running on the same server tuple, why can't the > attacker just send packets by itself? I might also point out that > section 8.1.3 of the transport draft [1] prevents such attacks from > being run. I don't think that this is a particularly important consideration. Servers make their own determination about whether clients present a risk of denial of service. If, as the proposed mechanism proves, the server has recently communicated with the client on the same address, the risk of DoS exposure might reasonably be discounted. This isn't the only consideration here though. When we were discussing the use of resumption tickets across different connections, I pointed out that there is no harm in using a ticket with any connection. Tokens aren't significantly different in this regard - a server still needs to treat them with suspicion. But linkability concerns might cause clients to avoid use of a token: 1. When you use a token, you can't use it again (or you link any sessions that use the same token). 2. When you use a token, you link that use to the source of the token. The first is what motivates having a clear signal from the server about the scope over which the token is usable. Otherwise, the client might waste a token on a connection attempt that was never able to use the token. Whether or not the second will determine use of the token is largely a question of client policy. There is some advice we can offer, but ultimately clients will make their own determination. For instance, it might be reasonable to use a token if the connection is being made in response to resolving a URL that was provided by the first server. But there are numerous constraints on connection establishment that might alter any determination. Anything we might consider publishing needs some treatment of these considerations.
- Fwd: New Version Notification for draft-kazuho-qu… Kazuho Oku
- Re: Fwd: New Version Notification for draft-kazuh… Mikkel Fahnøe Jørgensen
- Re: Fwd: New Version Notification for draft-kazuh… Christian Huitema
- Re: Fwd: New Version Notification for draft-kazuh… Kazuho Oku
- Re: Fwd: New Version Notification for draft-kazuh… Kazuho Oku
- Re: Fwd: New Version Notification for draft-kazuh… Martin Thomson