IETF Logo Mail Archive

Re: Re: Fast Address Validation - about

Töma Gavrichenkov <ximaera@gmail.com> Fri, 01 November 2019 16:35 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52E95120A1D for <quic@ietfa.amsl.com>; Fri, 1 Nov 2019 09:35:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zk2rVEweboUH for <quic@ietfa.amsl.com>; Fri, 1 Nov 2019 09:35:20 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3092120A08 for <quic@ietf.org>; Fri, 1 Nov 2019 09:35:20 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id g38so3763741ybe.11 for <quic@ietf.org>; Fri, 01 Nov 2019 09:35:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YQ6hErgG9o9h6FHQQtuwtOhv/cD4WTyAucPFiYfaj84=; b=WV1YR68A5SF2BtnnttDzcvXLWxgNvf987EOw9sXWTYuEDLnPinR73AUiELgXzuUpBT qAN4twXskXQRzYqgBI8kFetxw1+DygqrhgwmAQA5cRVQec32rmswifIhQDmvPo6npXgN So7fecRWHCkrmhgLdiuOajz1t3JtWGpZSl4YrBmd15rE0aQOrd+WfUJ/wVb771r9NsPw vkDWAPH4j9hv48XOKhm1zHWu3jqctnY8RQHjasSBqfafsxY3PRhH5qNk+olBOZTeOiw0 UIzfH7AGjnotI3K1FktrDoF7iYXi5XeI0Y1kZaYBQqcXoHZGKPX7zXaifcB3T1HoskuF nDYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YQ6hErgG9o9h6FHQQtuwtOhv/cD4WTyAucPFiYfaj84=; b=K3We/zRZZpycbcTqqZeqWyD975EEzTrJCSPgR+MLpAfidNN9sa8CZM/QEkmZbml8P3 fm9+SJgGihpveyyTES1c5wLwMrcCAl1hWJi3O7KM4L5CWl6vGNoD88MqX2KkRAfnOdsP nkfBfOIPyJ1RcJ/GFYTAoaxSM0K3CCBNLH9tmwP6773tzn5FCfWrMJF47e+4TLDBssEj F0VWm2EfJzFhCEAEpBXYO5me6yDnSYS+1K8fei5/jIdJ0yoxA9Ni6hFVj1FA1kLXwmux DDnzZa/aOYfkwv9jJamHuMZDixajD8elDrUbCN+O4cLIj/gW3QG2zw27WBu46luGgnvi dQ3Q==
X-Gm-Message-State: APjAAAVWcTfAHui06ziCHCjFBZOwLWaPwXZHH01Zcl/IOfjzi9M2noaa C5Q8pEZh5eCp3L8JR2tBF3Q2EZ0iLCYmm+paV4E=
X-Google-Smtp-Source: APXvYqwxsau2XkJPjiNgX4Mv6hSCiria/kfh4bhDxGvHscHrMxhB+DdrYe2EYE+fXFUtnRnlzt6r+erTtCWLxUFJPQA=
X-Received: by 2002:a25:14d6:: with SMTP id 205mr9604686ybu.230.1572626119465; Fri, 01 Nov 2019 09:35:19 -0700 (PDT)
MIME-Version: 1.0
References: <4974ed86-0fa9-435d-880f-80af637ef180.anqing.aq@alibaba-inc.com> <CALZ3u+YyOQxA5zBxkhDj9-wObfqjxPxPyXH9PumaW79DNkKjsg@mail.gmail.com> <6ab3b6d6-7638-4b96-b2a3-4212f747a7af.anqing.aq@alibaba-inc.com> <CALZ3u+ZaHzbNEzUsUa2bYXy2eB+fgkyzSDQir_mtTyLrrcAm7A@mail.gmail.com> <cee17fee-fed3-497b-82fc-5deda3d0f565.anqing.aq@alibaba-inc.com>
In-Reply-To: <cee17fee-fed3-497b-82fc-5deda3d0f565.anqing.aq@alibaba-inc.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Fri, 01 Nov 2019 19:35:05 +0300
Message-ID: <CALZ3u+ZdOrdAJXDEemsemEuikdfeEWkeBfYhPW1CfwFsn-Ahzg@mail.gmail.com>
Subject: Re: Re: Fast Address Validation - about
To: Qing An <anqing.aq@alibaba-inc.com>
Cc: IETF QUIC WG <quic@ietf.org>, "jri.ietf" <jri.ietf@gmail.com>, mt <mt@lowentropy.net>, Max <max.ldp@alibaba-inc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nnf-UtEzCKbL4N2YmA6gD_If9Gw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 16:35:22 -0000

On Fri, Nov 1, 2019 at 5:47 PM Qing An <anqing.aq@alibaba-inc.com> wrote:
> For initial flood, there are approaches like
> source address statistics

This is a very rough and biased method at best.  Generally (which
would be IMNSHO 98% of the cases), the statistics about past events
doesn't tell you with an accuracy anywhere close to being reliable if
this particular new packet could be from spoofed source or not.

E.g. an attacker who would generate spoofed packets from the typical
source addresses for your type of business in your country (e.g.
popular cellular NAT pools for news sites) would circumvent that check
easily.  With the overwhelming majority of HTTPS resources there's
hardly any point in giving the latter a shot.

> and speed limitation.

And you'll be limiting the speed for legitimate clients as well in the
above example (and many other scenarios).  This is a nice way to
amplify the effects of an attack, much less to handle those.

***

With the greatest of respect, speaking more broadly, please take into
account that a good engineering practice (no matter if it's Internet
engineering or whatever) must not rely on the assumption that
something which is perceived as typical would always happen, and
something perceived as non-typical would never occur just because it
has to date never occurred in the past.

The example commonly seen in university books on engineering would be
e.g. the Oppau explosion — caused by the factory workers tearing
through ammonium with dynamite, just because ammonium has never
detonated during that operation before and was thus believed to be
unlikely to explode in future.  An example more close to the content
of this WG would be middlebox vendors hard-coding "typical" protocol
behaviour into their products (causing transport protocol ossification
which the WG spends I believe no less than 50% of time fighting
against) just because the said vendors do not appear to see the
standard but non-typical behaviour in their sample network dumps.

Both approaches you propose are vulnerable to a few simple
circumvention techniques, and while I totally accept that probably
you've never seen those techniques applied against your network, they
are quite extensively documented.  Therefore it's hard to see, at
least for me, why the IETF should account for the flawed mitigation
approaches during the transport protocol design.

--
Töma

v2.23.0 | Report a Bug | By Email