IETF Logo Mail Archive

Re: [tcpm] tcp-auth-opt issue: support for NATs

Eric Rescorla <ekr@networkresonance.com> Thu, 07 August 2008 19:36 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 464893A6962; Thu, 7 Aug 2008 12:36:17 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A54633A6962 for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYs7ANK+LU0b for <tcpm@core3.amsl.com>; Thu, 7 Aug 2008 12:36:15 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id EA01B3A688F for <tcpm@ietf.org>; Thu, 7 Aug 2008 12:36:15 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 4921150846; Thu, 7 Aug 2008 12:45:45 -0700 (PDT)
Date: Thu, 07 Aug 2008 12:45:45 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Joe Touch <touch@ISI.EDU>
In-Reply-To: <489B487D.2060809@isi.edu>
References: <4890F4BE.6060302@isi.edu> <396556a20807301622l4cb33deuff73cd13d7a75ba1@mail.gmail.com> <4890FBE8.1020203@isi.edu> <396556a20807311700w1eda50b0o5da7ae52e6c1691a@mail.gmail.com> <48935FFD.4090805@isi.edu> <396556a20808051826w1a839577q956f379f56db1165@mail.gmail.com> <20080806020257.D1C69525D8F@kilo.rtfm.com> <396556a20808061742y19f8f5fh78fe66bfe4d415be@mail.gmail.com> <20080807011812.DDC8050846@romeo.rtfm.com> <396556a20808071047q5bda8acbje7a8fc9f9bf2e597@mail.gmail.com> <20080807180512.77604529E4D@kilo.rtfm.com> <489B3B72.8030604@isi.edu> <20080807182005.04B5B52A03A@kilo.rtfm.com> <489B407A.6030001@isi.edu> <20080807185224.3A46750846@romeo.rtfm.com> <489B4436.1000807@isi.edu> <20080807190941.E539F50846@romeo.rtfm.com> <489B487D.2060809@isi.edu>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080807194545.4921150846@romeo.rtfm.com>
Cc: Adam Langley <agl@imperialviolet.org>, tcpm@ietf.org
Subject: Re: [tcpm] tcp-auth-opt issue: support for NATs
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At Thu, 07 Aug 2008 12:09:49 -0700,
Joe Touch wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi, Eric,
> 
> <indiv hat on>
> 
> Eric Rescorla wrote:
> |> <indiv hat on>
> |> If we ignore source IP addresses, we probably end up needing to go
> |> through a set of possible keys when a SYN arrives.
> |
> | Well, not if you use unique key-ids.
> 
> I've noted before that I don't think it's a good idea to assume
> cryptographic properties of fields in the header or option except for
> the MAC.

Well, I don't think of this as a cryptographic property. All that's
required is a relatively even distribution of key-ids. They need
not be secret.


> | Well, that's certainly true at some level, but if you use any
> | randomness at all in key-id assignment, you would expect to have
> | about N/256 key-ids where N is the number of keys. Unless N is
> | very large, the number of duplicate key-ids is likely to be high
> | enough that this doesn't seem like a very impressive attack,
> | especially since the attacker can force you to compute a MAC with
> | *every* packet he sends, not just SYNs.
> 
> N could easily be fairly large, e.g., in peer-to-peer hubs. Note that
> this should be an issue only for SYNs; once a connection is made, the
> socket pair is already static (by TCP rules), so the appropriate key for
> that socket pair (thus determined during the SYN handling) can be
> installed - e.g., by a link.

That just removes the amplification angle. The attacker can still
force the victim to do one MAC computation per transmitted 
packet.

-Ekr
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email