Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
Christian Huitema <huitema@microsoft.com> Mon, 01 August 2016 21:02 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D23012D890 for <spud@ietfa.amsl.com>; Mon, 1 Aug 2016 14:02:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXrR8mHCzL6O for <spud@ietfa.amsl.com>; Mon, 1 Aug 2016 14:02:54 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0110.outbound.protection.outlook.com [104.47.34.110]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2725412B016 for <spud@ietf.org>; Mon, 1 Aug 2016 14:02:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2tEwyI8mQ7xHVVopHf822mcBJNS0dasymQwdSzIyofM=; b=EzyZCU7DTPdneQaCI4yVpMw7IbqTQSFjvXDuP5Otur/Witmfy4cOSUmWWjiQZ3FqGTd+Onn8aNvUMcvlSCXmzLctQ47/FcR+ro/cEJfA2n0gy7LE5r5cw2GsnxPL20mZd9tNuttkiaXiAGJARUNiVCzQtw1AwZsvw/8wDlQ667s=
Received: from BN6PR03MB2675.namprd03.prod.outlook.com (10.173.143.150) by BN6PR03MB2673.namprd03.prod.outlook.com (10.173.143.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Mon, 1 Aug 2016 21:02:51 +0000
Received: from BN6PR03MB2675.namprd03.prod.outlook.com ([10.173.143.150]) by BN6PR03MB2675.namprd03.prod.outlook.com ([10.173.143.150]) with mapi id 15.01.0549.022; Mon, 1 Aug 2016 21:02:51 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Tom Herbert <tom@herbertland.com>
Thread-Topic: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
Thread-Index: AQHR6o+XeijpweZ3K0OXgZM+Fyi9e6AxZMEAgAJDfwCAAI01AIAAAquAgAANJ4CAAENGAIAAAs2AgAABAgCAAABuYIAACz4AgAAB9VA=
Date: Mon, 01 Aug 2016 21:02:51 +0000
Message-ID: <BN6PR03MB2675609D3C32F40FB0F2641AA8040@BN6PR03MB2675.namprd03.prod.outlook.com>
References: <409B6F52-B637-4333-915B-A8127C80C98B@trammell.ch> <d27266cf-87f6-17b1-3038-e0f614c6c773@cs.tcd.ie> <84F6AEC6-7DE3-4D1F-9014-201279F70E56@tik.ee.ethz.ch> <5194f988-0e25-7f5a-75cf-6ed3646e012d@cs.tcd.ie> <402A30BB-1A20-4D54-95CA-7C50D8C0F26B@tik.ee.ethz.ch> <dc29fa73-88fd-3dc4-7497-f1bd2fa60422@cs.tcd.ie> <8722FE8E-1026-43D5-BE17-1D6B4031C0D8@tik.ee.ethz.ch> <1b261e1e-a543-53df-8a2a-7dddae415a14@cs.tcd.ie> <D2CEDF13-E508-4732-B8F6-98FBBDDC7EE6@tik.ee.ethz.ch> <CALx6S34gVFDJ6mV=GVrfK5doTK2BbRRWXvxeqFUtidfPp5XGKg@mail.gmail.com> <5717b856-eaf9-4142-72fa-7e58b4cd61a5@artdecode.de> <CALx6S36zv4=S8tgRNqwee0j973Y_gJ7RBnnnV+0vBq_4kn7PVw@mail.gmail.com> <aa2afa2c-23d0-bf50-a82e-654fd08f373a@cisco.com> <CALx6S375si8km=8NhMfgWAtqE09Xju3CH1k3ktuae6gi8XT5ww@mail.gmail.com> <a2426583-22d7-85a1-e7a5-791c755f9209@cisco.com> <CALx6S37Ni=qA-BcnNQepRwe3ZC48RNmirRVjCe1fv2bT3gQnWw@mail.gmail.com> <CAKKJt-d02CmE7cW59s=A68SL=EQVTEVYOBzP74bnVXsEmfsY=A@mail.gmail.com> <CALx6S36paAxPP317aDGybkrPWtJ9L+ZuTYOHTQ11ejwUgJ7vFg@mail.gmail.com> <CAKKJt-efM3k5jL6EJmMP-t69SGNUyDxPu_xurvnGNtLSFZ87VQ@mail.gmail.com> <BN6PR03MB26752FBA8655DA802A769450A8040@BN6PR03MB2675.namprd03.prod.outlook.com> <CALx6S34oC+OZuMpdzJ49f8Ew0qEnMOxxKX=mqDsausEsbWt0Ug@mail.gmail.com>
In-Reply-To: <CALx6S34oC+OZuMpdzJ49f8Ew0qEnMOxxKX=mqDsausEsbWt0Ug@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [2001:4898:80e8:8::593]
x-ms-office365-filtering-correlation-id: 4e24e17a-bdc6-438c-233d-08d3ba4f3393
x-microsoft-exchange-diagnostics: 1; BN6PR03MB2673; 6:z5P/MAjXM/QWSgdZaRhobg2FR2JZY4JDPDZWmJrRKLmg/RvLcXIS+CypMCLArSO2tWYkpWSdq0h/ErzD8p3Igas3ELMohSesmwOkKJiOEgvfrT3dTCieId3DhKBaBxNrL0hGRzvuUOaslPmLJ8APPMXGCcRAeD+hhmpMuFfC3/MuXA8IZPdgifG5TYGv422d2T3E1pE5RPe7Go2ecpdeiMRneaYN3ILAXUOvdcQviXB3Qvwg70+c3+cZ+NZfpBOJwLQYd8kYvXc8LfajKTv+O+SXf3ZLkdaMioJIHVLKt9+qPPRxZzOhEO4UU4+0oG08iASTlMrWw1yRDqiLdSpZfg==; 5:BLUfoJa88LhcW0Vz9n+bkjy4GUCmE7muBTGCcuAlE2IiEBqkVY1qESoDbNJegyM9PJt1ecX35r0RaWcnmOE9cDIM9I31UfeKbJqT+I2+fWBY9lPEL+Gkd8Sso6fuYZAAd6ybcTkSsynaPmgAzNmNdw==; 24:U9a3FpHwlW1oEYM2h4i5+1IkkuYzz7hWSRABuc414win1JCiqD/mUz+ebOfkFm5nJy6aXQlV4RONlTDdxbd0LG+TthYFufK8lvFBBiifGec=; 7:KHFxuqiAE6lMY58B9732IJYHeb+AnADA04RJCy4W1a9FUbbXd2L9ese8bCgaQP3NnAq+A716X2g2ACnLnq+MJui/rgbPu3dqUqwSCQnQ9zZT652bqTsqZriOyrgqRQr1+CbDkfED8VPzy8cOaWSSG/aDtmqD3U2hKtqlqhYkubfuvhLNN0zaju1+2/OL6w2b9rXsNUZzJoT2lPMrb6o8A6glvj1Q+DX4AllQeONAsswMt9V5RmC7cdnHqBw25VCq
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN6PR03MB2673;
x-microsoft-antispam-prvs: <BN6PR03MB2673B21871C17B17AA81AF29A8040@BN6PR03MB2673.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BN6PR03MB2673; BCL:0; PCL:0; RULEID:; SRVR:BN6PR03MB2673;
x-forefront-prvs: 0021920B5A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(24454002)(199003)(377454003)(74316002)(5002640100001)(7696003)(92566002)(2900100001)(7846002)(7736002)(99286002)(77096005)(305945005)(2950100001)(105586002)(106356001)(106116001)(3280700002)(8676002)(11100500001)(8936002)(76576001)(81156014)(5005710100001)(81166006)(54356999)(86612001)(101416001)(97736004)(68736007)(110136002)(3660700001)(586003)(9686002)(10090500001)(50986999)(76176999)(87936001)(33656002)(10290500002)(10400500002)(2906002)(8990500004)(93886004)(4326007)(86362001)(122556002)(189998001)(6116002)(102836003)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR03MB2673; H:BN6PR03MB2675.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2016 21:02:51.7853 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR03MB2673
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/bSGQS4kmxy_ejVg4NeBs1aRytCI>
Cc: Eliot Lear <lear@cisco.com>, spud <spud@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Brian Trammell <ietf@trammell.ch>, Stephan Neuhaus <sten@artdecode.de>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 21:02:55 -0000
On Monday, August 1, 2016 1:52 PM, Tom Herbert wrote: > > The question is also whether we need to send an explicit "end > connection" signal. Network devices want this to know when to free > their connection tracking state, but in a multipath Internet I don't > readily how this would be a useful signal either. The concern about the "end" signals is potential misuse -- something similar to spoofing TCP RST -- think "man on the side" attacks. The spoofed packets will not fool the endpoint, but they can cause intermediate systems to drop state, and effectively force an ongoing connection to stop. Any design would have to somehow mitigate this spoofing attack. -- Christian Huitema
- Re: [Spud] Extensibility considered harmful? was … Kyle Rose
- Re: [Spud] Extensibility considered harmful? was … Stephen Farrell
- Re: [Spud] Extensibility considered harmful? was … Stephen Farrell
- [Spud] Detecting and Defeating TCP/IP Hypercookie… Brian Trammell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Mirja Kühlewind
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephan Neuhaus
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] Extensibility considered harmful? was … Kyle Rose
- Re: [Spud] Extensibility considered harmful? was … Brian Trammell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Christian Huitema
- Re: [Spud] Extensibility considered harmful? was … Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Christian Huitema
- Re: [Spud] [Privsec-program] Detecting and Defeat… Spencer Dawkins at IETF
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Spencer Dawkins at IETF
- Re: [Spud] Extensibility considered harmful? was … Ted Hardie
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] Extensibility considered harmful? was … Stephen Farrell
- [Spud] Extensibility considered harmful? was Re: … Brian Trammell
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Spencer Dawkins at IETF
- Re: [Spud] [Privsec-program] Detecting and Defeat… Michael Tuexen
- [Spud] Extensibility considered harmful? was Re: … Brian Trammell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Christian Huitema
- Re: [Spud] [Privsec-program] Detecting and Defeat… Michael Tuexen
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Eliot Lear
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Michael Tuexen
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Mirja Kühlewind
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephan Neuhaus
- Re: [Spud] [Privsec-program] Detecting and Defeat… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Mirja Kühlewind
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Mirja Kühlewind
- Re: [Spud] [Privsec-program] Detecting and Defeat… Joe Touch
- Re: [Spud] [Privsec-program] Detecting and Defeat… Ted Hardie
- Re: [Spud] [Privsec-program] Detecting and Defeat… Ted Hardie
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Stephan Neuhaus
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Tom Herbert
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Brian Trammell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Brian Trammell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Mirja Kühlewind
- Re: [Spud] Detecting and Defeating TCP/IP Hyperco… Tom Herbert
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell
- Re: [Spud] [Privsec-program] Detecting and Defeat… Stephen Farrell