Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 29 July 2016 20:40 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4949C12D88A for <spud@ietfa.amsl.com>; Fri, 29 Jul 2016 13:40:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.588
X-Spam-Level:
X-Spam-Status: No, score=-5.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qfaq0XeWVIK1 for <spud@ietfa.amsl.com>; Fri, 29 Jul 2016 13:40:46 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B4FA12D8AC for <spud@ietf.org>; Fri, 29 Jul 2016 13:40:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7CE2EBE39; Fri, 29 Jul 2016 21:40:44 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_PVpakF09s9; Fri, 29 Jul 2016 21:40:42 +0100 (IST)
Received: from [192.168.1.5] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 58399BE33; Fri, 29 Jul 2016 21:40:42 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1469824842; bh=wQpnyIDPJir4M8iKdEyOY/HeASXWPERgcF4ZgoLxf5I=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=fbfnjUDMzlUN1UTeA+x4cZG0BY2J37I3/4eL6Cw92HeD4eLPII+Q/Qgbs+1xuUNqn fKNyNsclAPdhyqejLE3CO5oiy0ezzFIFLAUCIAMG7I83I9Z34A3d6Es9RYSEF6Xvyf jvpKUWB1nYNaooL2ofv4LHfrmULGVRISvnN8SNjg=
To: Ted Hardie <ted.ietf@gmail.com>
References: <409B6F52-B637-4333-915B-A8127C80C98B@trammell.ch> <d27266cf-87f6-17b1-3038-e0f614c6c773@cs.tcd.ie> <84F6AEC6-7DE3-4D1F-9014-201279F70E56@tik.ee.ethz.ch> <5194f988-0e25-7f5a-75cf-6ed3646e012d@cs.tcd.ie> <402A30BB-1A20-4D54-95CA-7C50D8C0F26B@tik.ee.ethz.ch> <dc29fa73-88fd-3dc4-7497-f1bd2fa60422@cs.tcd.ie> <CA+9kkMDaamgb_qZkmAMvU9-6ACwt3-GFKBkOprD+HcK=QLSupg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <205d99b2-4246-4a77-35f0-7c8a86a1ceed@cs.tcd.ie>
Date: Fri, 29 Jul 2016 21:40:42 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CA+9kkMDaamgb_qZkmAMvU9-6ACwt3-GFKBkOprD+HcK=QLSupg@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040802080307010604050808"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/d8eXwZFwKBrIRLulD7Tf6YUcPKU>
Cc: Brian Trammell <ietf@trammell.ch>, "privsec-program@iab.org" <privsec-program@iab.org>, =?UTF-8?Q?Mirja_K=c3=bchlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, spud <spud@ietf.org>
Subject: Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2016 20:40:49 -0000

Hiya,

On 29/07/16 21:18, Ted Hardie wrote:
> On Fri, Jul 29, 2016 at 12:37 PM, Stephen Farrell 
> <stephen.farrell@cs.tcd.ie
>> wrote:
> 
>> 
>> Hiya,
>> 
>> On 29/07/16 16:54, Mirja Kühlewind wrote:
>>> Hi Stephen,
>>> 
>>> I see registries as a needed and valuable part of our 
>>> standardization process. People ignoring registries as well as 
>>> things that are explicitly specified in a standards document is a
>>> different problem.
>> 
>> Registries can be a useful way to support extensibility. They can 
>> also be a nuisance that allow for the promulgation of crazy ideas. 
>> And probably lots in between and all at once;-)
>> 
>> None of the generalities above help in this specific case where I 
>> remain convinced that any extensible-generic-PLUS is liable to be 
>> highly dangerous. (And I'm unsure if a non-extensible-PLUS can be 
>> usefully transport independent.)
>> 
>> 
> So, it's not clear to me exactly what you mean by "transport 
> independent"

I guess I meant a future in which PLUS-defined PDUs are used as
meta-data in/with various transport protocols.

> here, so let me drill down a bit.  I think PLUS is proposed for a set
> of transports that use the UDP demux (and thanks to Stuart Cheshire
> for a useful shorthand for that function).  It expects that those
> transports will integrity protect their transport headers and treat
> as confidential some aspects of their state exchange (a multiplexing
> transport, for example, might decide that the state of the flows
> being multiplexed should be confidential).  A PLUS with very limited
> semantics (start, stop, delay tolerant, drop tolerant) would likely
> be broadly applicable to that class of transports and yet be
> transport independent (for that specific meaning of transport).

If plus were limited to only emitting those signals then I'd be far
less concerned. I think that would mean that there is no need for any
extensibility and hence no registry. I do not claim to know if those
and only those signals would be sufficiently useful to be adopted by
transport protocols and implementations thereof.

> 
> The folks arguing for this have a set of concerns:
> 
> *) Some useful path elements are impaired now, compared to 
> previously.

FYI, I find the term "impaired" scarily vague in this context. It could
mean anything from "0.1% less reliable" to "no longer allows me assert
that the person using the machine is over 18." That lack of specificity
and the absence iiuc of public data describing the claimed impairments
damages the argument of the PLUS proponents here.

> How can we safely repair that impairment?

That depends on what is considered impairment and without a shared idea
of that I don't think we can get to an answer.

> Where safely means:  not restoring
> plaintext for inspection nor providing a worse-than-current side 
> channel for identification.  (I accept that analysing one against 
> "current" requires understanding ease of attacking the side channel)
> 
> *) If there is a new, popular transport protocol, how do we ensure 
> that it does not end up as the new HTTP, used for a variety of things
> not because it is suitable on design fit but because it gets through
> the network? 

(Aside: if new transports are as successful as http, then we're making
progress I think:-)

> To put this another way, how do we make sure that the
> new design pattern given above opens innovation at that transport
> layer?
> 
> While the proponents of PLUS believe that a substrate approach is the
> most deployable (because you can redefine things like SRTP to run
> over PLUS instead of bare UDP), we care much more that the approach
> meets those concerns than the approach be a substrate.  If you want
> to call it a "design pattern" and implement it in a couple of
> candidates from that design pattern, fine.  You end up describing the
> thing multiple times rather than once, but cut and paste is a fine
> tool.

I agree with your last there. I actually think cut'n'paste is likely
a better approach here - it means that one can evaluate the essential
signals in each case, whereas the substrate/shim approach requires
that one has that dangerous extensibility. And for what real value?

> 
> Does this description make sense to you?  Or are we still a bit at 
> cross purposes here?

Aside from the vagueness in "impairment" I think I understand it yes.
(And this may be a thing where it's possible to not be talking at
cross purposes and yet still disagree as to whether there ought be
any path forward at all for PLUS.)

Cheers,
S.


> 
> Ted
> 
> 
> 
> _______________________________________________ Privsec-program 
> mailing list Privsec-program@iab.org 
> https://www.iab.org/mailman/listinfo/privsec-program
>