Re: [Tcpcrypt] attack resilience (was "v3 of the charter")
Joe Touch <touch@isi.edu> Fri, 02 May 2014 15:06 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D7991A6F64 for <tcpcrypt@ietfa.amsl.com>; Fri, 2 May 2014 08:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.251
X-Spam-Level:
X-Spam-Status: No, score=-4.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBftNtAqbBzg for <tcpcrypt@ietfa.amsl.com>; Fri, 2 May 2014 08:06:07 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 938BB1A6F27 for <tcpcrypt@ietf.org>; Fri, 2 May 2014 08:06:07 -0700 (PDT)
Received: from [192.168.1.93] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id s42F4bQm016967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 2 May 2014 08:04:46 -0700 (PDT)
Message-ID: <5363B407.9080700@isi.edu>
Date: Fri, 02 May 2014 08:04:39 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Erik Nygren <erik+ietf@nygren.org>, marcelo bagnulo braun <marcelo@it.uc3m.es>, tcpcrypt@ietf.org
References: <CAKC-DJi=Vj7Ga+Ns=J1VtunnSbYXHv-A32M01+z-RyWayJ4xbQ@mail.gmail.com>
In-Reply-To: <CAKC-DJi=Vj7Ga+Ns=J1VtunnSbYXHv-A32M01+z-RyWayJ4xbQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/2yDvU-HHVDo53-JtbeJ7k0u-HXQ
Subject: Re: [Tcpcrypt] attack resilience (was "v3 of the charter")
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 15:06:08 -0000
IMO, the point below is a useful way to compare candidate approaches. These all fall under effectiveness and cost, and we don't need the charter to state such to consider those issues. Joe On 5/2/2014 6:41 AM, Erik Nygren wrote: > At what stage should we discuss attack resilience, and in particular the > ability of one end-point to launch an asymmetric resource DDoS attack > against the other end-point? This has historically been an area where > remediations have been critical for both TCP extensions as well as for > crypto systems. Just look at SYN flood attack mitigations (eg, > SynCookies), the failure of TTCP and the additions to TFO to address > those gaps, the need for tokens in the DTLS handshake, and especially > the challenges in defending servers exposing TLS to DDoS attacks. > Mitigations need to be traded off against added round-trips as well as > privacy exposures. > > Should there be a line-item in the charter on this topic, or should this > be covered in post-charter discussions? > > For example, a client clearly must not be able to force a server to do > expensive crypto operations until there has at least been one packet > handshake. End-points under duress can also presumably chose to > fallback to plaintext TCP (although this could motivate an attacker to > try and force end-points into this mode). Optional proof-of-work client > puzzles (when under duress) are also an option, but add complexity and > potential risks in regimes outside of client:server uses of TCP. > > Erik > > > > _______________________________________________ > Tcpcrypt mailing list > Tcpcrypt@ietf.org > https://www.ietf.org/mailman/listinfo/tcpcrypt >