Re: Back to work
Ian Swett <ianswett@google.com> Tue, 27 October 2020 13:12 UTC
Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 886203A0964 for <quic@ietfa.amsl.com>; Tue, 27 Oct 2020 06:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AGfprXa8ptCX for <quic@ietfa.amsl.com>; Tue, 27 Oct 2020 06:12:41 -0700 (PDT)
Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F27633A0953 for <quic@ietf.org>; Tue, 27 Oct 2020 06:12:40 -0700 (PDT)
Received: by mail-yb1-xb2c.google.com with SMTP id h6so1175452ybi.11 for <quic@ietf.org>; Tue, 27 Oct 2020 06:12:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=H6tc1YWjjTUin38WCV3TB+uC6k8Zn+kdRZfwjCjEfjc=; b=ITcFU68EmoqYqjvw0Ow9VdzRLBndKWTuuWolPWEx/fMLj1pIXtDuvwkxzPjHQf7i36 jIZqibw4BMI0QBaNqFnxtsR8hNLMyiUrkBYoc0t/IgU4xbZan7f9WTP5Z9xLSxSQ6GQH N/YdmWBnJqZIT7xdl8A0klXynzLTyx3o3LmaSm5NItlOUn1NlxyM71xt6dbWK8FWPGtR aqsb774o4tJJKlMQwCoYkorTqHQrwSJVYshMEGgi56+bHkbViP/MbzAG4nYuYU1YuuP7 bPJapHcW9s0rLM9+ZvEwQlnAs/W46qT8y8Aqrnukq+UDHBK+JRvzNNoC02KjHvA7Z0l5 gyzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=H6tc1YWjjTUin38WCV3TB+uC6k8Zn+kdRZfwjCjEfjc=; b=Y3gF9lYLIcqNxk1VeBlNLrpWYJAZ2fKLQtWpUXRgzXJJYaDbbUqVt7VzaoooF4scnc Qk5NkT3vjDvyRTVKXja2TBV+Vmu85/hPdfJWz2IvJxAnFnqm6lvkehsnvNacoOkmyD3h U8Mz/qCDvg6WbdARZoXSLZ5IbUv2TglZ1Xy9CH0u2yaz27qSQk7X1a6TbXguiIxc4iYf 1btovGXyEmkukIpaOQgRxvBk4On3AvC71oH8wyGrqDaW6s10o5OS/itQp71RNOVFM6Eb 5qfn3ddUDC4vbcq/xcjXVvn6HWTCxaZB5Eog1D+itm3Vod4TtbGCm6MscBDDfnbiR8XE UK8g==
X-Gm-Message-State: AOAM53331Drkaanzhoqm3nPTaAl693RpN6rLmiCDOs+vY91/3oidgmgp 0D9adHbNJl524zIFa7V/aA/Cr7jcqgF1U7A2lHehgw==
X-Google-Smtp-Source: ABdhPJy6Eb6t26b4ltIcXXbhevKP5MlQQFfXuF16XSor4zomtz0rPYDDtKyQ5xG5xNAGHiK6s1D5igffktn6iY8MnO0=
X-Received: by 2002:a25:c594:: with SMTP id v142mr3065079ybe.494.1603804359815; Tue, 27 Oct 2020 06:12:39 -0700 (PDT)
MIME-Version: 1.0
References: <0f150dec-e408-48bf-8e54-05e3e96e7a85@www.fastmail.com> <CALZ3u+a1fBq1MB52H-h-JYY=OOkOo9=jEu7smNVeyy_9U3abEw@mail.gmail.com>
In-Reply-To: <CALZ3u+a1fBq1MB52H-h-JYY=OOkOo9=jEu7smNVeyy_9U3abEw@mail.gmail.com>
From: Ian Swett <ianswett@google.com>
Date: Tue, 27 Oct 2020 09:12:28 -0400
Message-ID: <CAKcm_gNoB=nP050VRfw5MXAAw-HhpnKHp6pAx9onaA4a5CH5-Q@mail.gmail.com>
Subject: Re: Back to work
To: Töma Gavrichenkov <ximaera@gmail.com>
Cc: Martin Thomson <mt@lowentropy.net>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000028549005b2a6cda5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/mJH5KOviGXf3HCSxCvCoyo51OIM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 13:12:43 -0000
Thanks for summarizing this issue. I think the above discussion is about
immediate migration and repeated immediate migrations, but I also wonder if
we've introduced a single packet amplification attack by requiring
PATH_RESPONSEs be padded on new paths without a requirement on the size of
PATH_CHALLENGE(see first item)?
*Validating a new path*
If one receives only a PATH_CHALLENGE on a new path, then the server
responds with a full-sized PATH_RESPONSE. This seems safe. If a
non-padded PATH_CHALLENGE is received on a new path, then the peer is
supposed to send a fully padded PATH_RESPONSE on the path, which could be
>20x larger. I'm not sure if we care about this, but I wanted to point it
out.
*Immediately migrating to a new path*
I think we should remove the text about allowing kMinimumWindow each
kInitialRtt after migration and change it to the 3x limit. I'm actually
surprised the text about 2*kInitialWindow still exists, since recovery
says *"Until
the server has validated the client's address on the path, the amount of
data it can send is limited to three times the amount of data received, as
specified in Section 8.1 of {{QUIC-TRANSPORT}}.*".
In order to not get deadlocked by the 3x factor, I think we should change
the newly added MUSTs to only apply to path validation prior to migration,
not the peer responding to migration.
My reasoning is that if a peer migrates prior to validating the path, it
means it's either unintentional or they have no other choice, so the
migrating peer has implicitly decided that validating PathMTU is not a
prerequisite to migrating.
Thanks, Ian
On Tue, Oct 27, 2020 at 3:52 AM Töma Gavrichenkov <ximaera@gmail.com> wrote:
> Peace,
>
> On Tue, Oct 27, 2020 at 9:35 AM Martin Thomson <mt@lowentropy.net> wrote:
> > 25x amplification isn't anything to celebrate, but you might
> > say that the setup cost and other inherent limitations mean
> > that it is rarely that bad.
>
> This is a price an attacker only needs to pay once. If this code
> leaks to one of the myriad Mirai forks available on Github, the cost
> would be effectively zero then.
>
> > Recommending that implementations limit the number
> > probes and the number of probed paths might then be
> > sufficient.
>
> _Recommendations_ never worked well for DDoS prevention in the past.
> I think Section 11.3 of RFC 7252 and what happened next is the most
> recent example of that.
>
> --
> Töma
>
>
- Re: Back to work Christian Huitema
- Re: Back to work Jana Iyengar
- Back to work Martin Thomson
- Re: Back to work Töma Gavrichenkov
- Re: Back to work Ian Swett
- RE: Back to work Nick Banks
- Re: Back to work Magnus Westerlund
- Re: Back to work Martin Duke
- Re: Back to work Kazuho Oku
- Re: Back to work Martin Duke
- Re: Back to work Kazuho Oku
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Eric Kinnear
- Re: Back to work Mikkel Fahnøe Jørgensen
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Eric Kinnear
- Re: Back to work Ian Swett
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Martin Thomson
- Re: Back to work Christian Huitema
- Re: Back to work Martin Thomson
- Re: Back to work Eric Kinnear
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Ian Swett
- Re: Back to work Martin Duke
- Re: Back to work Ian Swett
- Re: Back to work Magnus Westerlund
- Re: Back to work Gorry Fairhurst