IETF Logo Mail Archive

Re: [TLS] Forged RST (was: About encrypting SNI)

Eric Rescorla <ekr@rtfm.com> Wed, 16 April 2014 23:01 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 519981A0387 for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 16:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gEO3Br3GXszb for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 16:01:36 -0700 (PDT)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by ietfa.amsl.com (Postfix) with ESMTP id DADDD1A038D for <tls@ietf.org>; Wed, 16 Apr 2014 16:01:35 -0700 (PDT)
Received: by mail-wi0-f175.google.com with SMTP id cc10so2133723wib.8 for <tls@ietf.org>; Wed, 16 Apr 2014 16:01:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=9jLSpCmY8g3oWz4T3aoLH92jB2eEYsAMRjtVpQA82Ik=; b=d3sg3SUh5TJ7pdnTm3Io1WYpCa5wVng2IZHcpuah0IJHU1hm8XcugoE9LqepJIJP1U pwWF5c1l6fQ+M/vD0HMqa6JpsXZlXEArPE6OQnTDnDIuJu/Wt6hy9I9lNGuXOLY1lq/G nJ3ELWmypv6OpVuXhfzQzkTDWjdiwNEADENgZxOnr0DICCJ6zDlVPItaLGrwsYP1piAb ZkvklFxBvTalFTEEA6w4Oe957znqQf6Vte+jU31d/ac5kMpBSh7/imDGIzNINaf2o9my hgjmF/wkfJopENv0Fne+T4dwP22NKd41Eb/M5JsWv3Qms756wMROJ1DVkdfW0mHinf8j sELg==
X-Gm-Message-State: ALoCoQmMrvVfbnEc0aUnh8pNLmX072o0p+77oXtc1FDjFsGeDF5w5h16kuy3hj80GwGmzLXoZkf5
X-Received: by 10.180.212.76 with SMTP id ni12mr9438982wic.49.1397689292157; Wed, 16 Apr 2014 16:01:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Wed, 16 Apr 2014 16:00:52 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <534F0A33.9070408@akr.io>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <534DB18A.4060408@mit.edu> <m2ppkhl08c.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAFggDF13=bKS3_kRz_uh-6y71TQ9O4v1e3+xs3fiM4YZwjAULA@mail.gmail.com> <CALCETrU-w=yon9TVzbvGSbznEgThxzUkzy4Yeu+CBfSp7Zk2hw@mail.gmail.com> <CAFggDF3i1ku++GWMp=03aL3ogpHO_Fg9qJ3daZuLN4SH5Fcj8g@mail.gmail.com> <534F0A33.9070408@akr.io>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 16 Apr 2014 16:00:52 -0700
Message-ID: <CABcZeBPtMY1LsvR6ggxi6d2nMXBP=kCdZfgP9HRGswKSBGq3Pw@mail.gmail.com>
To: Alyssa Rowan <akr@akr.io>
Content-Type: multipart/alternative; boundary="001a11c351a4c3f91d04f730e5e0"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/JF7_hsXQt6VejMjZsTn1xWaSZH0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Forged RST (was: About encrypting SNI)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 23:01:40 -0000

On Wed, Apr 16, 2014 at 3:54 PM, Alyssa Rowan <akr@akr.io> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 16/04/2014 21:34, Jacob Appelbaum wrote:
>
> > [...] and that often results in say, a forged TCP RST packet.
>
> Which, incidentally, we should consider something to address,
> especially if we do indeed have a bakeoff of some form for a fancier
> TLSv2.0.
>
> NSA calls this technique QUANTUMSKY (one of their less catchy cover
> names) but it's been around for aeons (most famously in the Chinese
> 'Golden Shield'): any man-on-the-side can simply RST your TCP
> connections if they don't like the way they smell, and this is (by
> far) the cheapest and easiest way for a nation state adversary (or
> malicious coffee shop WiFi) to selectively disrupt, or censor,
> communications.
>
> Could we plug that hole in a future version of TLS?
>

My sense is that this is out of scope for TLS proper, though (D)TLS could
certainly be part of the solution, as in:

http://tools.ietf.org/html/draft-ietf-tsvwg-sctp-dtls-encaps-03

Which is used in WebRTC data channels.

(Which reminds me, I promised to review this too so I need to get on it...)

Best,
-Ekr

v2.23.0 | Report a Bug | By Email