IETF Logo Mail Archive

Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Tue, 20 February 2018 11:53 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CEF012711D for <quic@ietfa.amsl.com>; Tue, 20 Feb 2018 03:53:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLxD5OHhQkFw for <quic@ietfa.amsl.com>; Tue, 20 Feb 2018 03:53:22 -0800 (PST)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CED9212706D for <quic@ietf.org>; Tue, 20 Feb 2018 03:53:21 -0800 (PST)
Received: by mail-yb0-x22a.google.com with SMTP id y190-v6so1964386yba.12 for <quic@ietf.org>; Tue, 20 Feb 2018 03:53:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=baU8Df4Tpl5E0o/m4bUr3I07qCXvKXW8E4apEi0k6/w=; b=NWX4TWbWf4TFsDaWimlO2MI+fVyeqM9dcXqte5jJ3jWBm+AthkB2m4LoEO8rQcjnrW DpdrQW8mFat5XuXMnXeFN4RdJCXL31IQ0i4jq3iOeTzC5vqCBIgs0yRKHhn0BEmRoUnY DIhuVvbXr2dwvUYOvhXuNYqdl0lXNe2K3YOuuEewVzmNqhteAHbQ4kvnbNRQADpiN5oJ kmmFnXEGiHEuo99x56TKhJaeSW7GQr6sA6iVxAVNKvlq0ZFC34XSMB7wuCTh+jIM/3pQ tusY6qxdZOy8ICkMsVAH4K8kJTXjobUCtoZVEavpVV2yl2p1XY9mRLZwVBCTYGh/Xjv8 UNMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=baU8Df4Tpl5E0o/m4bUr3I07qCXvKXW8E4apEi0k6/w=; b=n/E499f2C71YUHI9hISZNxJnY36bbFR5+9w7ArAypdA06sJDgOMFkLxn+rNHcKzeeO Skhn0RyqG0ROfLHRNW7kTM/eDgfXG14d0PKqB+KmybNbR83U9AruUhlYgnXiL9Hibcog De787ueBt/l2r102gH4CRi9kgAdCmUVoKO7tCuMZ6kD6Rj54H5p2zBLpmfsLBiGSrD5H k4l7Ukv3FaNKkYIwPrneid4pJsCcwvrlPcbgFcxFk3gwrQULNNCDzX+b8nAVfTXMEkIs Sn4xAvtKCYj6sF8XAvbAaPYAmgeTekjf17jokzUW8av1HAi5I6FFZqNd0CyUgSRVTeaY EcGg==
X-Gm-Message-State: APf1xPDRoTw6PnJoN7x9eNtVQtS2ZD1v4eNCriBX1DnRWoZrDwBWHrfU 1UtFYDweB92lOwmM3Ku6DA5ol2d8F5y15kGA35I=
X-Google-Smtp-Source: AH8x225GIFFrKcdfWiv30/gs0FtxZJme3K1SHzx4UyYDVnmi7LEurRvVmKQbIzjVHm9VEbJpDcbd3b4RJlc14mBVljo=
X-Received: by 10.37.99.194 with SMTP id x185mr12501963ybb.471.1519127600852; Tue, 20 Feb 2018 03:53:20 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a25:15c9:0:0:0:0:0 with HTTP; Tue, 20 Feb 2018 03:53:20 -0800 (PST)
In-Reply-To: <6ec913dc5ecd494eb951ac716e87d40e@usma1ex-dag1mb5.msg.corp.akamai.com>
References: <1d386744-c46a-842a-b172-24e290e03668@gmail.com> <3d558827-f2a7-877c-e00a-d6a22ef241c5@gmail.com> <CANatvzzZEuJ3TY=+0BMLqbBE5mScG_Jnrypg3xkciykOX78G8A@mail.gmail.com> <CAN1APdfov8Q3E+5NkT5pmMeU=eB=fsnDFe_=BK7TDE0TpXD3yA@mail.gmail.com> <142211e0-c7c9-642f-69ef-5f0d722b77cc@gmail.com> <529ac475-5291-2b2e-acf9-05efe720d584@huitema.net> <6937_1518251684_5A7EAEA4_6937_191_1_5A7EAEA5.2000605@orange.com> <CANatvzz_2BeRns5E-OO=CKKwK66LgMd=3vVCM84_+OAxj8CutQ@mail.gmail.com> <d3c8688a-3f01-30b1-a3de-1300a43c1d99@gmail.com> <835e5014-3306-e7ac-fed0-3c90320551a9@gmail.com> <CABcZeBOHgM1xnvmx=CWEEeLnU9bO3DuFCYzbk6m2Kg=sxbYZYA@mail.gmail.com> <efc46f51-41ff-f69c-d627-f6d585013b1e@gmail.com> <CABcZeBO4OHJDtFkjcCwRFNL_mU5QzOGBcC-zMJPHStJq090gzw@mail.gmail.com> <MWHPR15MB182101493383DBBDD889B6C7B6C80@MWHPR15MB1821.namprd15.prod.outlook.com> <ae2d881a-1966-dc9a-f69a-44d13ad3d2e8@gmail.com> <CABcZeBPBZBaYigxNdbBq3=JtKuz8wN-WhNBwsxTdAtS=uJv2Rw@mail.gmail.com> <7317339e-3b4a-bf03-5624-e0d81f5c8a2c@huitema.net> <CABcZeBN1hYug-0_VEVyGPRgG0=zHzJazcSo9=WdR09yk9WDO4Q@mail.gmail.com> <6ec913dc5ecd494eb951ac716e87d40e@usma1ex-dag1mb5.msg.corp.akamai.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Tue, 20 Feb 2018 06:53:20 -0500
Message-ID: <CAKKJt-dZXVzqPfGoMejxR44dML-Kt5MyMeQRLSgE+Lvr+GTQsw@mail.gmail.com>
Subject: Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)
To: "Lubashev, Igor" <ilubashe@akamai.com>
Cc: "ekr@rtfm.com" <ekr@rtfm.com>, "huitema@huitema.net" <huitema@huitema.net>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c148660473b10565a375e1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/fUF7gG-0aadcHmYTKDomylmTyJ8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2018 11:53:24 -0000

Replying with no hats ...

On Mon, Feb 19, 2018 at 8:26 AM, Lubashev, Igor <ilubashe@akamai.com> wrote:

> For clients that have a tcp fallback, this kind of an attack mitigation
> would need to be done together with some happy eyeballs race. Otherwise,
> waiting for a timeout on VN has a real performance cost to the user in case
> there is no attack happening.
>

I don't understand this. Is your thinking that the attacker would send a
forged VN packet AND drop the server's response?

If so, that does make sense, but if that's not part of the scenario, I
don't know why the client wouldn't drop the forged "no acceptable version
numbers" packet and accept the server's packet, at roughly the same point
in time where there would have accepted the server's packet if there was no
attack.

Are we talking about the same thing?

(To be clear, I don't have an opinion about what the working group decides,
but I do want to understand what's being discussed)

Thanks,

Spencer


> So if this kind of an artificial delay in VN is mentioned, starting the
> fallback would need to be mentioned as well. All this seems like it could
> belong to an optimization/applicability/happy-eyeballs-for-QUIC draft, if
> it belongs anywhere at all, but not the transport draft.
>
>
> -----Original Message-----
> *From:* Eric Rescorla [ekr@rtfm.com]
> *Received:* Sunday, 18 Feb 2018, 11:55PM
> *To:* Christian Huitema [huitema@huitema.net]
> *CC:* IETF QUIC WG [quic@ietf.org]
> *Subject:* Re: Malicious Version Negotiation Handling (Was: Questions
> about Version Negotiation Concerning Possible Handshake Interruption)
>
>
>
> On Sun, Feb 18, 2018 at 8:49 PM, Christian Huitema <huitema@huitema.net>
> wrote:
>
>> On 2/18/2018 8:41 PM, Eric Rescorla wrote:
>>
>> > I don't think increasing the on-path attacker's marginal difficulty
>> > from not requiring any crypto to requiring simple crypto in order to
>> > mount a DoS attack is worth changing the protocol for.
>>
>> Changing the protocol, probably not. But Lingmo's suggestion is one of
>> the several steps that we could take against hardening against a man on
>> the side attack. And it is a very simple one: if you receive a VN that
>> does not contain any acceptable option, just ignore it. If this was
>> legit, the connection will actually break after a short timer. If it was
>> not, the next received message will be a Server Hello, and the
>> connection will progress. Sounds like a reasonable trade-off.
>>
>
> I think it's fine if people do this. I don't think it's worth requiring in
> the spec given the existence of other trivial man-on-the-side attacks.
>
> -Ekr
>
>
>> -- Christian Huitema
>>
>>
>>
>

v2.23.0 | Report a Bug | By Email