IETF Logo Mail Archive

[saag] Re: On path Active Attackers, and Meddlers in the Middle

Carsten Bormann <cabo@tzi.org> Mon, 06 January 2025 22:57 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51164C14F6BC for <saag@ietfa.amsl.com>; Mon, 6 Jan 2025 14:57:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zB6P_xT0lA6U for <saag@ietfa.amsl.com>; Mon, 6 Jan 2025 14:57:18 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [134.102.50.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2B27C15152F for <saag@ietf.org>; Mon, 6 Jan 2025 14:57:18 -0800 (PST)
Received: from smtpclient.apple (p548dc3ec.dip0.t-ipconnect.de [84.141.195.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4YRqM10qx3zDCbK; Mon, 6 Jan 2025 23:57:17 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.300.87.4.3\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAMm+LwhO=U7x+1rDxm4zggEREfnZkSUDx8XgZqoVUbCgaiaROA@mail.gmail.com>
Date: Mon, 06 Jan 2025 23:57:06 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <67D1B1C9-5CDB-433E-B2B0-8D29003A57F9@tzi.org>
References: <173492140581.368793.2134938880856955223@dt-datatracker-65f549669d-2xld9> <31053.1734922088@obiwan.sandelman.ca> <CAMm+LwijiCJrp8E4inCqCG5gdT+eQnAAAo8oBebzBnzAY1rq3w@mail.gmail.com> <668E2661-ED74-47A3-8F93-EC83E902E9DE@tzi.org> <24107.1736114729@obiwan.sandelman.ca> <CABcZeBNnkaUTEk5ahLfTVRSCSZn-y2hHORVYUrWqpERngfPzUg@mail.gmail.com> <DC6F5CF1-26E0-4687-91A8-37A5C36EE7B9@icloud.com> <3306FD27-F79E-4F91-8F07-D56B9A039D93@deployingradius.com> <CAMm+LwhO=U7x+1rDxm4zggEREfnZkSUDx8XgZqoVUbCgaiaROA@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3826.300.87.4.3)
Message-ID-Hash: EUWVCQ2MPPVL76VHNCZ6YA4MKKDNJPAG
X-Message-ID-Hash: EUWVCQ2MPPVL76VHNCZ6YA4MKKDNJPAG
X-MailFrom: cabo@tzi.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: joncallas=40icloud.com@dmarc.ietf.org, Michael Richardson <mcr+ietf@sandelman.ca>, IETF SAAG <saag@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: On path Active Attackers, and Meddlers in the Middle
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/PZTvKJkCUFInfhSTPtuF16R1nwM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

On 6. Jan 2025, at 23:52, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 
> Simpler AOPA like replay attacks or downgrade attacks are much easier to pull off.

Replay attacks generally don’t need active on-path attack capability.
Passive on-path suffices to catch the data to be replayed, and injection can then be from off-path.

Grüße, Carsten

v2.29.0 | Report a Bug | By Email | System Status