Re: [saag] can an on-path attacker drop traffic?

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 04 October 2020 02:25 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A416D3A0AA7 for <saag@ietfa.amsl.com>; Sat, 3 Oct 2020 19:25:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-56bpU3pjsV for <saag@ietfa.amsl.com>; Sat, 3 Oct 2020 19:25:29 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C81B3A0AA6 for <saag@ietf.org>; Sat, 3 Oct 2020 19:25:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E16F389D2; Sat, 3 Oct 2020 22:30:37 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ofYbkGs6ZI-l; Sat, 3 Oct 2020 22:30:36 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 836EC389CF; Sat, 3 Oct 2020 22:30:36 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 8BB79A14; Sat, 3 Oct 2020 22:25:26 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Eric Rescorla <ekr@rtfm.com>, Fernando Gont <fernando@gont.com.ar>, IETF SAAG <saag@ietf.org>
In-Reply-To: <CABcZeBNuBhu8KUoZJsY3VR8LzDa78_n53rRZ-5nMrpCbqh_6KQ@mail.gmail.com>
References: <4645.1599064072@localhost> <6859c97d-3f0c-0361-5e72-5b82e93568f7@gont.com.ar> <CABcZeBNuBhu8KUoZJsY3VR8LzDa78_n53rRZ-5nMrpCbqh_6KQ@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sat, 03 Oct 2020 22:25:26 -0400
Message-ID: <14793.1601778326@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/K4zzIroxJGg-W5u5RJs-Ci3lXSU>
Subject: Re: [saag] can an on-path attacker drop traffic?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2020 02:25:31 -0000

Eric Rescorla <ekr@rtfm.com> wrote:
    > As I think this discussion reveals, we don't have a really precise
    > description of MITM, in part because it's quite an old term from an era
    > where we had much less ability to analyze security protocols than we do
    > today. One result of improvements in analysis is the need for precise
    > definitions so that we can formalize the guarantees of systems against
    > those definitions.

I'm very much in agreement.

    > For capabilities, our basic assumption is what is often called a
    > Dolev-Yao attacker, in which the attacker has complete control of the
    > channel (this is what 3552 describes as the Internet Threat model
    > [0]).

"Dolev-Yao" is a bit of a mouthful, but maybe if I say it really fast as if
it's the name of a Kata it will work for me :-)

    > However, it's also useful to try to consider more limited
    > attackers such as those who can only read from the wire and those who
    > cannot remove packets. To my knowledge, we don't have a consensus set
    > of precise definitions for these yet, though both 3552 and QUIC [1]
    > make a stab at this). Similarly, some attacks are well-defined
    > (reflection, identity misbinding, KCI, impersonation etc.) and some are
    > not.

The QUIC 21.13.3.1 "on-path" attacker seems to be a Dolev-Yao attacker.

The 21.13.3.2 "off-path" attacker seems to have the ability to observe
packets, which I normally would not think an off-path attacker would have.
So this definition is very surprising to me.

RFC7416 has some terms (sinkhole, wormhole) that might be useful.
I notice that sections 21.13.3.4 about how an off-path could become on-path
by offering "better" routing.

Perhaps this is worth an hour of IETF109 SAAG time.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide