Re: [tcpm] Privacy problems of TCP Fast Open

Michael Tuexen <michael.tuexen@lurchi.franken.de> Tue, 21 May 2019 07:13 UTC

Return-Path: <michael.tuexen@lurchi.franken.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D841C12017E for <tcpm@ietfa.amsl.com>; Tue, 21 May 2019 00:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0_4JNMq03nAF for <tcpm@ietfa.amsl.com>; Tue, 21 May 2019 00:13:17 -0700 (PDT)
Received: from drew.franken.de (mail-n.franken.de [193.175.24.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A963120167 for <tcpm@ietf.org>; Tue, 21 May 2019 00:13:16 -0700 (PDT)
Received: from [IPv6:2a02:c6a0:4015:12:245d:a85d:1:989e] (unknown [IPv6:2a02:c6a0:4015:12:245d:a85d:1:989e]) (Authenticated sender: lurchi) by drew.franken.de (Postfix) with ESMTPSA id 3224F721E281C; Tue, 21 May 2019 09:13:12 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
In-Reply-To: <fd9f22b0-03ee-a1ef-ee97-02a93bf2648b@informatik.uni-hamburg.de>
Date: Tue, 21 May 2019 09:13:11 +0200
Cc: tcpm@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <4194EE28-DCDF-46A3-8D26-5920E55040FD@lurchi.franken.de>
References: <ba3887b6-1554-9a67-8834-4bb598cf18f0@informatik.uni-hamburg.de> <fd9f22b0-03ee-a1ef-ee97-02a93bf2648b@informatik.uni-hamburg.de>
To: sy@informatik.uni-hamburg.de
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/0ZBOHAv-kAuwgUIl3Uk5wpo2FMM>
Subject: Re: [tcpm] Privacy problems of TCP Fast Open
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 07:13:21 -0000

> On 20. May 2019, at 23:19, Erik Sy <sy@informatik.uni-hamburg.de>; wrote:
> 
> I think it is important to warn users about the privacy risks of RFC
> 7413. For example, Mozilla reacted to the privacy problems of TCP Fast
> Open by deprecating this protocol on all it's Firefox branches. In
> total, TCP Fast Open has significant issues with respect to user
> privacy, performance and deployment on the real-world Internet. From my
> point of view, it is about time to deprecate RFC 7413.
Hi Eric,

my understanding is that a cookie is specific to a client address, a server
address and a server port. So it would make sense for a client to remove
entries from the cookie cache on an address change. Assuming that, how
does your described host based attacks relate to the server just using
the client IP address for tracking? If you are trying to hide you IP-address
(like using a TOR browser) you don't want to use TFO, but you are not
optimising for small RTTs in that case, so it makes no sense in that case.

Best regards
Michael
> 
> Regards,
> Erik
> 
> On 5/10/19 14:14, Erik Sy wrote:
> 
>> Hi everyone,
>> 
>> TCP Fast Open has significant privacy problems which are not considered
>> in RFC 7413.
>> For example, this protocol allows a passive network observer to
>> correlate connections established by the same client, which protocols
>> such as TLS 1.3 and QUIC actively protect against. Furthermore, Fast
>> Open cookies present a kernel-based tracking mechanism which is quite
>> persistent. Amongst others, they can be used to conduct cross-browser
>> tracking on the same operating system.
>> For further details please refer to this article:
>> https://arxiv.org/pdf/1905.03518.pdf
>> 
>> I suggest, that the working group takes steps to highlight these privacy
>> problems of RFC 7413.
>> 
>> Regards,
>> Erik
>> 
>> _______________________________________________
>> tcpm mailing list
>> tcpm@ietf.org
>> https://www.ietf.org/mailman/listinfo/tcpm
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm