Re: [secdir] Secdir last call review of draft-ietf-tsvwg-datagram-plpmtud-15
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 04 March 2020 15:55 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A5A43A11EE; Wed, 4 Mar 2020 07:55:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dP4X4bnAYW_B; Wed, 4 Mar 2020 07:55:29 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id D38933A1186; Wed, 4 Mar 2020 07:55:28 -0800 (PST)
Received: from GF-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id D168F1B003B1; Wed, 4 Mar 2020 15:55:20 +0000 (GMT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, secdir@ietf.org
Cc: draft-ietf-tsvwg-datagram-plpmtud.all@ietf.org, last-call@ietf.org, tsvwg@ietf.org
References: <158328103137.7648.9240148667630328703@ietfa.amsl.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <b721e053-e8f7-07d0-42c5-11fd25d5d6ea@erg.abdn.ac.uk>
Date: Wed, 04 Mar 2020 15:55:20 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <158328103137.7648.9240148667630328703@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zIxQz6dkXEUqlMTyPjYS5b_0GZw>
Subject: Re: [secdir] Secdir last call review of draft-ietf-tsvwg-datagram-plpmtud-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 15:55:38 -0000
Thanks for this review Stephen. On 04/03/2020 00:17, Stephen Farrell via Datatracker wrote: > Reviewer: Stephen Farrell > Review result: Has Issues > > > Hi, > > As Hilary Orman always nicely says: do not be alarmed, > this is just a secdir review:-) > > I classed this as "has issues," but the issues below should be > fairly easy to fix. Maybe all but 2 are real issues that say are > worth fixing, if I'm right about 'em (but I'm also often wrong > too:-) > > Cheers, > S. > > - Abstract: This draft aims for proposed standard but is > updating a BCP (RFC8085/BCP145). I'm happy to leave the > process-lawyering for that to others. We spoke with our TSV ADs and they don't see any issue with this. BCP and Standards track are equivalent. > - 4.1: I'm not sure if this is recommending that PLs allow for > padding outside of cryptographic protection. If so, that > seems like an anti-pattern when considering the overall set of > requirements one might envisage for a PL. If not, that's fine, > but would it be worth stating that? We suggest adding to the security considerations, see later. > - 4.4: Would you count the AEAD tag length in the MPS of an > AEAD-encrypting PL or not? I assume not, and the tag length > is counted as PL overhead even if sent as a sort-of trailer > within the ciphertext? Yes, all PL-overhead is included, but I think worth noting explicitly in Section 4.1 to avoid doubt. I suggest we add: OLD: Protocols that permit exchange of control messages (without an application data block) can generate a probe packet by extending a control message with padding data. NEW: Protocols that permit exchange of control messages (without an application data block) can generate a probe packet by extending a control message with padding data. The total size of a probe packet includes all headers and padding added to the payload data being sent (e.g., including protocol option fields, security-related fields such as an AEAD tag and TLS record layer padding). > - 4.4: What'd be the MPS etc for an MP-TCP-like PL? Is that > well-defined? For MP-TCP this isn't an issue, but each PL could have it's own issues and needs to work out what MPS means. > - 4.5: (a nit) "The validation SHOULD utilize information that > it is not simple for an off-path attacker to determine > [RFC8085]." A SHOULD that's that vague seems likely prone to > issues. Might be best to just s/SHOULD/ought/ or something > like that. RFC8085 does provide some examples, and this is a common-enough transport requirement to protect from DDOS. Could the SHOULD be retained and this be fixed by a more specific reference perhaps? (see Section 5.1 of [RFC8085]). > - 6.2.3: what if TLS record layer padding is being done as > well? Probably just needs a mention, so people don't get > their sums/APIs wrong. Agree. Please see proposeed text above and the proposed adds to the security considerations below. > - 6.3: I am surprised that the QUIC description here is ready > to be an RFC before QUIC itself. I do see there are > normative references, but the potential for a breaking change > still exists, and seems a bit unwise. (I'd suggest, holding > this in the WG 'till the referenced QUIC drafts are in the RFC > editor queue, or else taking that bit out and putting it into > a new I-D.) > > - section 9: Ok this is a stretch so maybe not worth bothering > with but... A PL doing all this may be emitting oddly sized > padding octets from time to time that piggy-back on > application data. That (number of padding octets and the > pattern with which those are emitted) seems like a medium-nice > covert channel e.g. for exfiltrating data, not necessarily to > the packet destination but to anyone on-path who can observe > the signal. I think this is useful. Security thoughts are always welcome. How about adding two extra paras to the Security Considerations, are these near?: "DPLPMTUD methods can introduce padding data to inflate the length of the datagram to the total size required for a probe packet. The total size of a probe packet includes all headers and padding added to the payload data being sent (e.g., including security-related fields such as an AEAD tag and TLS record layer padding). The value of the padding data does not influence the DPLPMTUD search algorithm, and therefore needs to be set consistent with the policy of the PL. A secure PL MUST provide cryptographic protection for the padding if this is needed to satisfy the security requirements of that PL. A PL that implements this spec would send probe packets, whose size and frequency can be observed by the network. Designers of search algorithms need to consider whether the size of probe packets and the pattern of probing could result in a potential covert channel (e.g., for exfiltrating data to an on-path device or the endpoint of the connection). " Gorry >
- [secdir] Secdir last call review of draft-ietf-ts… Stephen Farrell via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Gorry Fairhurst
- Re: [secdir] Secdir last call review of draft-iet… Stephen Farrell