Re: [Spud] The reset middleboxes attack
Phillip Hallam-Baker <phill@hallambaker.com> Sun, 29 March 2015 11:59 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 11F101A8750
for <spud@ietfa.amsl.com>; Sun, 29 Mar 2015 04:59:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.122
X-Spam-Level:
X-Spam-Status: No, score=0.122 tagged_above=-999 required=5
tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001]
autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZyD3hFJ84ZA9 for <spud@ietfa.amsl.com>;
Sun, 29 Mar 2015 04:59:00 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com
[IPv6:2a00:1450:4010:c04::22d])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AB08F1A874E
for <spud@ietf.org>; Sun, 29 Mar 2015 04:58:59 -0700 (PDT)
Received: by lbcmq2 with SMTP id mq2so90155493lbc.0
for <spud@ietf.org>; Sun, 29 Mar 2015 04:58:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:cc:content-type:content-transfer-encoding;
bh=otH/IXZqQkPvygXpJwdEtGJcxUNCVKgBN01wOEmeZUk=;
b=Soe6G7Ras9kOwcU3s9byfOSHGUjNvWLoo0CeN3pxvi8/UeptwQ92HmBeuEDATjFI5C
rW3WoAK8B+JEp2M6crz+TfcYfMFvqzlxfuzlaW2/S9JWP+9Tp6T5Mxhn9uosCeUfMa4f
8hQ/pfHOy16RlejtuuD5DNYhbVJPqNKkfs87hIfpgAf0zPs6hzWhFevlGtmEtTgTJXvT
80KKhNga0ZnX3Oc5bIcLC4ac3R2QF1FDgRb0JmnHJjN0CXmHOEZlFeJktA5J6SiiebHN
BzmCZV8eIifSr12Ktsb8HFs4sT3lAfppIR3RkLlETd/cITScbXhOkvAfMgyV2c8MPhZu
hSrQ==
MIME-Version: 1.0
X-Received: by 10.112.13.7 with SMTP id d7mr24882327lbc.79.1427630338206; Sun,
29 Mar 2015 04:58:58 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Sun, 29 Mar 2015 04:58:58 -0700 (PDT)
In-Reply-To: <33962F88-F1E9-4ED7-863A-97AED7836A75@gmail.com>
References: <DM2PR0301MB0655748F52C0984FB6BF8E93A8F60@DM2PR0301MB0655.namprd03.prod.outlook.com>
<33962F88-F1E9-4ED7-863A-97AED7836A75@gmail.com>
Date: Sun, 29 Mar 2015 07:58:58 -0400
X-Google-Sender-Auth: aRozHhDoNWIUQUFGjiYi5QwNvLY
Message-ID: <CAMm+LwgsuvTzR9yMKZC00U8C+z_qwOL_FhKKNqbd4yxHYZQjQQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/w9Tn7TDYZ6iH6PEA2ySnZIMc-gM>
Cc: Christian Huitema <huitema@microsoft.com>, Eric Rescorla <ekr@rtfm.com>,
"spud@ietf.org" <spud@ietf.org>, Jana Iyengar <jri@google.com>
Subject: Re: [Spud] The reset middleboxes attack
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2015 11:59:01 -0000
On Sun, Mar 29, 2015 at 4:28 AM, Yoav Nir <ynir.ietf@gmail.com> wrote: > Hi, Christian > > I understand the issue. Is this something we are really worried about? It has always been possible to do this with TCP by sending a RST, and that worked on the endpoints as well, and TLS has never protected us from that attack. > > To get the solution to work, presumably the initiator generates a secret and sends its has in the OPEN command. This allows the initiator to close the connection by sending the pre-image. But what if we want both sides to be able to close the connection? We either need to transmit the pre-image in the encrypted part of the protocol (what Joe’s architecture diagram calls “transport”), or we need a per-endpoint hash, requiring the responder to also send a hash in the ACK command. The latter doubles the state on the middlebox. The problem with state these days is not size. It is the fact you need state because once a path is stateful it is fixed. If I have a stateless protocol like DNS over UDP, it does not matter which server/host my packets end up at. If I have to keep one byte of state then it does. That is what causes problems. Here we have already accepted that the middleboxen is stateful Raspberry Pi 2 comes with 1GB of RAM for $40. The chip is much cheaper. It is going to run out of horsepower long before it runs out of RAM. RST attacks are real and are used as attacks against TCP. So it is worth the freight
- [Spud] The reset middleboxes attack Christian Huitema
- Re: [Spud] The reset middleboxes attack Tirumaleswar Reddy (tireddy)
- Re: [Spud] The reset middleboxes attack Eric Rescorla
- Re: [Spud] The reset middleboxes attack Yoav Nir
- Re: [Spud] The reset middleboxes attack Phillip Hallam-Baker
- Re: [Spud] The reset middleboxes attack Yoav Nir
- Re: [Spud] The reset middleboxes attack Dave Dolson
- Re: [Spud] The reset middleboxes attack Caitlin Bestler
- Re: [Spud] The reset middleboxes attack Yoav Nir
- Re: [Spud] The reset middleboxes attack Bless, Roland (TM)
- Re: [Spud] The reset middleboxes attack Christian Huitema
- Re: [Spud] The reset middleboxes attack Bless, Roland (TM)