Re: [saag] can an on-path attacker drop traffic?

Peter Gutmann <> Sun, 04 October 2020 04:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 103583A0DD9 for <>; Sat, 3 Oct 2020 21:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9cAJp080REpy for <>; Sat, 3 Oct 2020 21:43:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F266F3A0DD6 for <>; Sat, 3 Oct 2020 21:43:02 -0700 (PDT)
Received: from ( []) (Using TLS) by with ESMTP id au-mta-49-ZnqwzzHNN0m9WpkNApmtHw-1; Sun, 04 Oct 2020 15:42:57 +1100
X-MC-Unique: ZnqwzzHNN0m9WpkNApmtHw-1
Received: from (2603:1096:202:15::21) by (2603:10c6:220:37::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32; Sun, 4 Oct 2020 04:42:52 +0000
Received: from (2603:1096:202:15:cafe::73) by (2603:1096:202:15::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34 via Frontend Transport; Sun, 4 Oct 2020 04:42:51 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=none action=none
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3433.34 via Frontend Transport; Sun, 4 Oct 2020 04:42:49 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 4 Oct 2020 17:42:47 +1300
Received: from ([]) by ([]) with mapi id 15.00.1497.006; Sun, 4 Oct 2020 17:42:47 +1300
From: Peter Gutmann <>
To: Dan Harkins <>, Eric Rescorla <>, "Fernando Gont" <>
CC: Michael Richardson <>, IETF SAAG <>
Thread-Topic: [saag] can an on-path attacker drop traffic?
Thread-Index: AQHWgUYXwImtjh9v5US2r7Xor+/lhKmC8hsAgAC69ACAAk3YAIABFA5R
Date: Sun, 4 Oct 2020 04:42:46 +0000
Message-ID: <>
References: <4645.1599064072@localhost> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ee6c1ee8-373d-4c1a-30f1-08d8681ff270
X-MS-TrafficTypeDiagnostic: MEAPR01MB5077:
X-Microsoft-Antispam-PRVS: <>
X-MS-Oob-TLC-OOBClassifiers: OLM:5236
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: TUZd3xHFFUMfpDjqP3+YDkTtjKDOUW3hGoHeBpOFWhJOhkX7HGEiCxKT6/CJ3Xeiy03U8UvT/dXgOnFHUhG2iSHz7sbtQjLujxH2XbEoVthc78Qo1sn5g0gaO71chUzr7AGuO27gDbiSpGfHnNyu1+ASWN3TimBSvbmlIzK/zXJVmMy42u5ITAOZRwjLJdwfydaPDIyqKOZjU20sGAKV7hBaO4rmz0TEpZardlUG53oLW687Y72PNYOd0Dl2236jztim1ZsoWr9SB1YW9pyvQw/ac+ZNpjBunJ4GpLeajjEDbyDVxHJ5+BdgdUFnFhFv8E2BlNXZQKYN8c2Qpemk5E/f8XvRpFG2AxpWqQEPBNYoQxoy9B37OH/1sXgRMUJ4rpAPQA0z3In2AVgfznGt4Q==
X-Forefront-Antispam-Report: CIP:; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM;;; CAT:NONE; SFS:(4636009)(346002)(376002)(39860400002)(136003)(396003)(46966005)(86362001)(336012)(5660300002)(316002)(786003)(356005)(54906003)(8936002)(83380400001)(110136005)(36906005)(7636003)(2906002)(82310400003)(8676002)(4326008)(47076004)(82740400003)(26005)(478600001)(186003)(2616005)(70206006)(70586007); DIR:OUT; SFP:1101
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2020 04:42:49.0170 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ee6c1ee8-373d-4c1a-30f1-08d8681ff270
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[]; Helo=[]
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB5077
Authentication-Results:; auth=pass smtp.auth=CAU17A13
X-Mimecast-Spam-Score: 0
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [saag] can an on-path attacker drop traffic?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Oct 2020 04:43:05 -0000

Dan Harkins <> writes:

>Which is fine but what use do you see in a protocol that is secure against
>this "limited attacker" but not against the more powerful attacker?

Because it's far easier to deploy a relatively straightforward, realistic
protocol secure against a general attack than it is to deply an awkward,
complex, impractical protocol that's theoretically (but often not practically)
secure against a more unlimited attacker.  To quote the end of John Gordon's

  Now most people in Alice's position would give up. Not Alice. She has
  courage which can only be described as awesome. Against all odds, over a
  noisy telephone line, tapped by the tax authorities and the secret police,
  Alice will happily attempt, with someone she doesn't trust, whom she cannot
  hear clearly, and who is probably someone else, to fiddle her tax returns
  and to organize a coup d'etat, while at the same time minimizing the cost of
  the phone call.

  A coding theorist is someone who doesn't think Alice is crazy.

I don't need a theoretically perfect protocol that's practically un-
deployable, I just need something that's practical and good enough for the