Re: [secdir] secdir review of draft-ietf-core-stateless-05
Klaus Hartke <klaus.hartke@ericsson.com> Tue, 17 March 2020 15:38 UTC
Return-Path: <klaus.hartke@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CAE73A078B; Tue, 17 Mar 2020 08:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNNXcfx8RgzC; Tue, 17 Mar 2020 08:38:10 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2070.outbound.protection.outlook.com [40.107.20.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8F03A0787; Tue, 17 Mar 2020 08:38:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V1tp8ywYB8JwQiHZEvUY3aUOiAWN4OMgfv4xxUcSVtFV7O7/QZR8tkkDBlzLg/YTsfLg+t5HsTbbUjtq1KT4mqUcF3xmBeaATvCDEdEb2etXqF1p75Idt0sGA2RrBPtXtWr3STGK6tq5Pven/pkPYh2YQ0+NtINYXWj5jZ/9w5Udv7/arQWD6B+lZgcV1Fhqs0xjU9N9YIYr95yCEzOJWc94KZOfBOv+N5MLAKn/R2VTHZ24UiGuWurtinpDzQqlv0flrAZdSKtD00eFVBhFr3BuMNVcunAYbez8AZ3BqPUrhhNh+0Ok5Enr6M7567nYjFOWjta7/yJAaZTnppnT+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=eyeAp0BBy6hL+kuijrTdbDbDPGnDPhQUy3QC63ZcgjY=; b=JcdDG28/AJVEmFYCFR3tUFUSNljZkiuvhy3BgTOB2HvzCvimh3GmduszzRGwX/ZV5oezt6tERI61y0Gw5lZJfBkd9jPTIBdJ98Nk6+rDpI0FFiClqFJmpgcoZzfvg6qydg7/ofy0cMfTB6c9QrkBKXtrKMVMev/iDINJfHe7LGhylCTf6IvriEWqVfUeHX11gDQN0PEcw3F+1vecNsJSNQOjwA9zPX7TqEJvCdcQTxNpqb/+LUcFj/E94EbqdxMTXIbX+uOthNcX6vldj712MNGxAX5HMOgLX6Y1YDDgLbwJGpIOe5XjscYDsPnCOxupPyv8X28HZyz4QmYfcSmobw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=eyeAp0BBy6hL+kuijrTdbDbDPGnDPhQUy3QC63ZcgjY=; b=M5JSL3Mt5UeU7rDao/4EWaMXuFpaggH/58teDQnoCOQ3EDrstq8gFCYz/outFlDFvwWvufduuXleulyuiZkJlyV6Njy3UiECcVwOwfpFG1vV9oG2lMxXcbL8RO65ChWTmX3t8Jzt1bEsGa4MeNlydoQ6sOz09DASvflo2qd2L30=
Received: from AM7PR07MB6707.eurprd07.prod.outlook.com (20.181.27.203) by AM7PR07MB6360.eurprd07.prod.outlook.com (10.186.168.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Tue, 17 Mar 2020 15:38:07 +0000
Received: from AM7PR07MB6707.eurprd07.prod.outlook.com ([fe80::36:4d0:5e29:8c43]) by AM7PR07MB6707.eurprd07.prod.outlook.com ([fe80::36:4d0:5e29:8c43%3]) with mapi id 15.20.2835.013; Tue, 17 Mar 2020 15:38:07 +0000
From: Klaus Hartke <klaus.hartke@ericsson.com>
To: David Mandelberg <david@mandelberg.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-core-stateless.all@ietf.org" <draft-ietf-core-stateless.all@ietf.org>
CC: "hartke@projectcool.de" <hartke@projectcool.de>
Thread-Topic: secdir review of draft-ietf-core-stateless-05
Thread-Index: AQHV+uu9nK6WdknHm0uk+B22lZBRZ6hM6f7g
Date: Tue, 17 Mar 2020 15:38:07 +0000
Message-ID: <AM7PR07MB6707CF51E3AEF0DB4464DA6AE6F60@AM7PR07MB6707.eurprd07.prod.outlook.com>
References: <9ea24cd9-e194-9820-a903-9cc09ef19504@mandelberg.org>
In-Reply-To: <9ea24cd9-e194-9820-a903-9cc09ef19504@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=klaus.hartke@ericsson.com;
x-originating-ip: [145.14.112.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e218a92c-0182-4fcd-7b14-08d7ca8930f2
x-ms-traffictypediagnostic: AM7PR07MB6360:
x-microsoft-antispam-prvs: <AM7PR07MB63608EB997B0ED26AE747AFAE6F60@AM7PR07MB6360.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0345CFD558
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(39860400002)(366004)(376002)(136003)(199004)(4326008)(186003)(26005)(66946007)(44832011)(2906002)(110136005)(66476007)(76116006)(66446008)(64756008)(66556008)(478600001)(33656002)(966005)(6506007)(9686003)(7696005)(55016002)(316002)(81166006)(52536014)(71200400001)(5660300002)(8936002)(86362001)(8676002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:AM7PR07MB6360; H:AM7PR07MB6707.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WfjPjdmQ52TqTSi+nNsyKrGtyax4hoNGHloguBJJ0p46JkErxTh53301OWEyzrDKxdZHiN8AzDe8rsTUXsh25AGGeSi1JvZyaZdHRJPJAfac0DLms9f05QSkJAOEwMiWlNisWGkWnVD21q99uAt9R/HtioT3uzOewB1xxVPJp+F54MItnGFzc1f6oT3kkJqC7CXBCHLWCzWhsfs98N+0VvHJwvNKuH5hMI92P99RHuF74LsbC5K8c+DzAYrr4ZqOx+nLqxVcU8LxNdlM4BJCicPWbAOHamH7Hk+UqvRoGrGirTTZj9VVw5Qfyw2fE+miZKSwTyhRibM9Qk7LktSx8eFy9zJHx0u9mBZ7vWTPYUat1somdWTag8z4xNbHEqaZrCF2LW+UvzM2rc487V1IPHRRmepytCffaoNFjlC00aYkfqdljZEOHk2kPnS17ePbpk6P8UYB/A5MFGsy9UntUMdx/jaGhCr+e5hhcLpTF9nGuv7Dz0Oc0dXytL6ULGIJ1TW3c4dCxQHp4HeAuJ+esw==
x-ms-exchange-antispam-messagedata: 09XCC2i6MUBzS+wAdcfGYgruXKFSv5H5YDlQj5DaGOMjaq9DFGbDRRFWQ7FDTeVHA9x9w1NjjfQGxhCHowxeVvMqlieRkplEeUlJktKmdKvi6ioV9BO9AkKbWqMryfZyuCRvAXkNGLW+ga2CZcCBQQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e218a92c-0182-4fcd-7b14-08d7ca8930f2
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2020 15:38:07.5209 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GEzD4Cwg3hfe+3gG8hj/Fd5o4oM2wRSq+AnPET3zoFwbAwCimXKnc8CbsGQdDHZPjkk7cfzIUztNZWlO4Qxr5npylkUYGifa3dmvxTDXbIU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6360
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/scnCsUUwb3ovd9aQxOfbuswhgjY>
Subject: Re: [secdir] secdir review of draft-ietf-core-stateless-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2020 15:38:13 -0000
David Mandelberg wrote:
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG.
Thanks a lot!
> I think this protocol change increases the amount of data that a CoAP server
> would reflect in a DoS attack using spoofed source IP addresses with UDP. I
> don't see any opportunity for amplification though, just reflection of more
> data sent by a malicious client. I'm very much not a DoS expert though, so I
> have no idea if this is an issue at all.
Right, the amount of data that can potentially be reflected increases. The CoAP RFC already has a section on reflection and amplification [1]; I will add an explicit reference to that section to the draft.
> What happens when a client changes the (implementation-private) format of
> the state it puts in the tokens? E.g., what if a client sends a request, applies a
> software update, then receives the response? (I'm guessing that's a more
> likely situation with UDP, since the software update would probably interrupt
> a TCP session.) If an attacker can predict when the software update will
> happen and how the new version will interpret the old version's tokens, can
> they replay anything maliciously? (Assuming the replay window includes
> some messages from just before the software update.)
Right, false interoperability with previous implementation versions might cause a security issue. I will add a paragraph along these lines to the draft ("...SHOULD include a version indicator in the serialized state...").
Klaus
[1] https://tools.ietf.org/html/rfc7252#section-11.3
- [secdir] secdir review of draft-ietf-core-statele… David Mandelberg
- Re: [secdir] secdir review of draft-ietf-core-sta… Klaus Hartke
- Re: [secdir] secdir review of draft-ietf-core-sta… Carsten Bormann