Re: [saag] can an on-path attacker drop traffic?

Michael Richardson <> Sun, 04 October 2020 02:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A416D3A0AA7 for <>; Sat, 3 Oct 2020 19:25:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f-56bpU3pjsV for <>; Sat, 3 Oct 2020 19:25:29 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0C81B3A0AA6 for <>; Sat, 3 Oct 2020 19:25:28 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1E16F389D2; Sat, 3 Oct 2020 22:30:37 -0400 (EDT)
Received: from ([]) by localhost (localhost []) (amavisd-new, port 10024) with LMTP id ofYbkGs6ZI-l; Sat, 3 Oct 2020 22:30:36 -0400 (EDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 836EC389CF; Sat, 3 Oct 2020 22:30:36 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 8BB79A14; Sat, 3 Oct 2020 22:25:26 -0400 (EDT)
From: Michael Richardson <>
To: Eric Rescorla <>, Fernando Gont <>, IETF SAAG <>
In-Reply-To: <>
References: <4645.1599064072@localhost> <> <>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Sat, 03 Oct 2020 22:25:26 -0400
Message-ID: <14793.1601778326@localhost>
Archived-At: <>
Subject: Re: [saag] can an on-path attacker drop traffic?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Oct 2020 02:25:31 -0000

Eric Rescorla <> wrote:
    > As I think this discussion reveals, we don't have a really precise
    > description of MITM, in part because it's quite an old term from an era
    > where we had much less ability to analyze security protocols than we do
    > today. One result of improvements in analysis is the need for precise
    > definitions so that we can formalize the guarantees of systems against
    > those definitions.

I'm very much in agreement.

    > For capabilities, our basic assumption is what is often called a
    > Dolev-Yao attacker, in which the attacker has complete control of the
    > channel (this is what 3552 describes as the Internet Threat model
    > [0]).

"Dolev-Yao" is a bit of a mouthful, but maybe if I say it really fast as if
it's the name of a Kata it will work for me :-)

    > However, it's also useful to try to consider more limited
    > attackers such as those who can only read from the wire and those who
    > cannot remove packets. To my knowledge, we don't have a consensus set
    > of precise definitions for these yet, though both 3552 and QUIC [1]
    > make a stab at this). Similarly, some attacks are well-defined
    > (reflection, identity misbinding, KCI, impersonation etc.) and some are
    > not.

The QUIC "on-path" attacker seems to be a Dolev-Yao attacker.

The "off-path" attacker seems to have the ability to observe
packets, which I normally would not think an off-path attacker would have.
So this definition is very surprising to me.

RFC7416 has some terms (sinkhole, wormhole) that might be useful.
I notice that sections about how an off-path could become on-path
by offering "better" routing.

Perhaps this is worth an hour of IETF109 SAAG time.

Michael Richardson <>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide