Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)
Eric Rescorla <ekr@rtfm.com> Sun, 18 February 2018 17:26 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D691204DA for <quic@ietfa.amsl.com>; Sun, 18 Feb 2018 09:26:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2nQb-Ia2y3H for <quic@ietfa.amsl.com>; Sun, 18 Feb 2018 09:26:26 -0800 (PST)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7DF21201F2 for <quic@ietf.org>; Sun, 18 Feb 2018 09:26:25 -0800 (PST)
Received: by mail-qt0-x22e.google.com with SMTP id g14so9688751qti.2 for <quic@ietf.org>; Sun, 18 Feb 2018 09:26:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Eo/czmVKulZk2VbMS1ZZcaoUapZz8M4FD0bR+Vuxwek=; b=MZ9zBSglkflOsfnx9oEqBQ6Sq2Irz04zBCgT+g1xMqUhZo5Ws5D+uUDibEtjTDUZ3X k6TklaiDZKubGvOpAdZeScI2uJqK0HNM52JP/hA6CCavmdnCtFf1FZ8nxLZZfmHfJWeH hQdwfbXtuP2Qi4378+hHkXMTJsV4Xea4U9T567l6S0jkXwsLuGd9jCJ7ecdJ75Cv2DXr hdJyfBEQ+Orok5mE+mpqU7waI3Vo5QeRi/MV6eSJbusgKgmh1KjISkN1H1IFc3XYL4M9 BOfWZ+WoGRbvqEpqFeoW16GNzXY+zAoUaFJQ8khueYU+v8lj3B9vHXSKdYUpUHUr7nJT wQbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Eo/czmVKulZk2VbMS1ZZcaoUapZz8M4FD0bR+Vuxwek=; b=KBIuO+l+8PvXc3Iovz99pjvPI1RoaCSA4/3FjAoOslc2bux95GXAD4fDuqDYAsrvcl 2utIz31F3fVj5P5UKpJ5YYMh09uQgivP6jbQYtc90ssXH7ki7Ia8j6Nw9/oFi0+IBtkf N8CLWT415xFK6Un4s0g+Vr/nEx+I8okZiZvACiNXSPKOai7ZWaWiM13i2Brdl1lKnuOM NL+gfIqBY11N4TM3zHu5LqV6IzeZ92GVZNgY3BCcXz/Qhqo5rw6xohI7vd61vFYFYK6K xBCwVcAtvnAn0wd6e/aDS+B/ERuvN4QRFqmIGJbHXB7gGtLHuvIsP/o/jezm6saPK6ir s1OA==
X-Gm-Message-State: APf1xPB0Xh5j7dTbfAbGPp8JkYisLfAJvE8lP5cP03ba3q3l1RM0OG62 4gkeCY4vDoxibkMnmZUGnK6j9n6HIXN93BU7/odnFA==
X-Google-Smtp-Source: AH8x2260xS/AD2mfFkKRn892ngYYoLPlTVwJP4ZtwyrUNKZpKBeIvDDcZZfW/7PlT3QKJ7C9DLe9BfQMldTXHHdtQak=
X-Received: by 10.200.13.9 with SMTP id q9mr20976920qti.133.1518974784782; Sun, 18 Feb 2018 09:26:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.37.176 with HTTP; Sun, 18 Feb 2018 09:25:44 -0800 (PST)
In-Reply-To: <835e5014-3306-e7ac-fed0-3c90320551a9@gmail.com>
References: <1d386744-c46a-842a-b172-24e290e03668@gmail.com> <CABkgnnVRn+1sNZQFB8BZc4VyzN5usLmYJ3xLo+p2uTeW_0Ji_Q@mail.gmail.com> <CAN1APdfpJ0rYPPiOgfcdDRx3noh+YYvJatP0MYTqRRXMBwF6pA@mail.gmail.com> <3d558827-f2a7-877c-e00a-d6a22ef241c5@gmail.com> <CANatvzzZEuJ3TY=+0BMLqbBE5mScG_Jnrypg3xkciykOX78G8A@mail.gmail.com> <CAN1APdfov8Q3E+5NkT5pmMeU=eB=fsnDFe_=BK7TDE0TpXD3yA@mail.gmail.com> <142211e0-c7c9-642f-69ef-5f0d722b77cc@gmail.com> <529ac475-5291-2b2e-acf9-05efe720d584@huitema.net> <6937_1518251684_5A7EAEA4_6937_191_1_5A7EAEA5.2000605@orange.com> <CANatvzz_2BeRns5E-OO=CKKwK66LgMd=3vVCM84_+OAxj8CutQ@mail.gmail.com> <d3c8688a-3f01-30b1-a3de-1300a43c1d99@gmail.com> <835e5014-3306-e7ac-fed0-3c90320551a9@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 18 Feb 2018 09:25:44 -0800
Message-ID: <CABcZeBOHgM1xnvmx=CWEEeLnU9bO3DuFCYzbk6m2Kg=sxbYZYA@mail.gmail.com>
Subject: Re: Malicious Version Negotiation Handling (Was: Questions about Version Negotiation Concerning Possible Handshake Interruption)
To: Lingmo Zhu <zlm2006@gmail.com>
Cc: Kazuho Oku <kazuhooku@gmail.com>, alexandre.ferrieux@orange.com, Christian Huitema <huitema@huitema.net>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, "quic@ietf.org" <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="089e0822b6a4785c2105657fe006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/oIZ9z55Und-La5KkUXdzNQM5U-A>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2018 17:26:28 -0000
On Sun, Feb 18, 2018 at 7:48 AM, Lingmo Zhu <zlm2006@gmail.com> wrote: > Hi all > > After some discussion with Kazuho and thanks to his help, I want to > propose that for Version Negotiation handling, "a client MAY wait for a > handshake packet after receiving a Version Negotiation packet". > Can you describe the precise attack you are concerned about? The VN packet contains the client's randomly chosen CID, so only an on-path attacker can forge a VN, but such an attacker can also generate a bogus ServerHello or other messages that would cause the QUIC negotiation to fail. -Ekr > >
- Questions about Version Negotiation Concerning Po… Lingmo Zhu
- Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
- Re: Questions about Version Negotiation Concernin… Martin Thomson
- Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
- Re: Questions about Version Negotiation Concernin… Lingmo Zhu
- Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
- Re: Questions about Version Negotiation Concernin… Kazuho Oku
- Re: Questions about Version Negotiation Concernin… Mikkel Fahnøe Jørgensen
- Re: Questions about Version Negotiation Concernin… Lingmo Zhu
- Re: Questions about Version Negotiation Concernin… Christian Huitema
- Re: Questions about Version Negotiation Concernin… alexandre.ferrieux
- Re: Questions about Version Negotiation Concernin… Martin Thomson
- Re: Questions about Version Negotiation Concernin… Kazuho Oku
- Re: Questions about Version Negotiation Concernin… alexandre.ferrieux
- Re: Questions about Version Negotiation Concernin… Lingmo Zhu
- Malicious Version Negotiation Handling (Was: Ques… Lingmo Zhu
- Re: Malicious Version Negotiation Handling (Was: … Mikkel Fahnøe Jørgensen
- Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
- Re: Malicious Version Negotiation Handling (Was: … Lingmo Zhu
- Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
- Re: Malicious Version Negotiation Handling (Was: … Subodh Iyengar
- Re: Malicious Version Negotiation Handling (Was: … Lingmo Zhu
- Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
- Re: Malicious Version Negotiation Handling (Was: … Christian Huitema
- Re: Malicious Version Negotiation Handling (Was: … Eric Rescorla
- RE: Malicious Version Negotiation Handling (Was: … Lubashev, Igor
- Re: Malicious Version Negotiation Handling (Was: … Christian Huitema
- Re: Malicious Version Negotiation Handling (Was: … Mikkel Fahnøe Jørgensen
- Re: Malicious Version Negotiation Handling (Was: … Spencer Dawkins at IETF