Re: [TLS] DoS risks from draft-vkrasnov-tls-jumpstart-00

Martin Thomson <martin.thomson@gmail.com> Fri, 15 May 2015 17:42 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 985311A00B5 for <tls@ietfa.amsl.com>; Fri, 15 May 2015 10:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoExRWbEtBZo for <tls@ietfa.amsl.com>; Fri, 15 May 2015 10:42:33 -0700 (PDT)
Received: from mail-yk0-x22a.google.com (mail-yk0-x22a.google.com [IPv6:2607:f8b0:4002:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BE5F1A00B0 for <tls@ietf.org>; Fri, 15 May 2015 10:42:33 -0700 (PDT)
Received: by ykec202 with SMTP id c202so36277785yke.2 for <tls@ietf.org>; Fri, 15 May 2015 10:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vrWVV4lTQzdngcklBl+nVXqOR+49WB+wuveXXYC6Iaw=; b=kx+MfYrLlJnLgLk/2Mq50KeCPOjjAoTOdvVpERgAAt19TjXDazn2hfOmGoZhjwLjRJ o2TsqmgQtTGyTdkG7AYmzT9SRN09xrpZNZzhXNik6ED0zZ1zwVpPAGjgYFaZjfahAE16 0Xp8UIUa9vhaR7hSpdYa+UhFpQ+AXelyMFrlkn7KpdbAzXIAAQwSso/XBW9IGeXMrhug Byzx6Y5otU635dK0LuwUOlfF7ObeClCALnFWuOKWT6/3vafFOyGPSpjZV3/pOo4MAMcI l97P+M70mOssweKxGN6K3K2qLkyfp4eVlDkKwROMUO8Lxe5yodua25XAgFvRt8rOfyjh 2Gyg==
MIME-Version: 1.0
X-Received: by 10.236.20.230 with SMTP id p66mr10689798yhp.181.1431711752682; Fri, 15 May 2015 10:42:32 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Fri, 15 May 2015 10:42:32 -0700 (PDT)
In-Reply-To: <CACsn0c=0XMyzQ4DOVYo9sxSfMheHGmQy14txUJMH71Y_nCPLpg@mail.gmail.com>
References: <CACsn0c=0XMyzQ4DOVYo9sxSfMheHGmQy14txUJMH71Y_nCPLpg@mail.gmail.com>
Date: Fri, 15 May 2015 10:42:32 -0700
Message-ID: <CABkgnnWzOTcPPGwC+n+TDZCYQOMaYSogTuxAzsngGydTnkamDw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ispfZzxkYre7NIAwsSqxnCiMFoY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] DoS risks from draft-vkrasnov-tls-jumpstart-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 17:42:34 -0000

On 14 May 2015 at 19:37, Watson Ladd <watsonbladd@gmail.com> wrote:
> There does not appear to be
> a cookie mechanism to mitigate this problem.

You are absolutely right about this.  DTLS does offer a mechanism like
this, and it seems likely that it will become part of TLS 1.3, but
attempting to retrofit a performance optimization onto TLS 1.2 without
that sort of basic DoS mitigation seems unwise.  Maybe DTLS 1.3 will
use the padding extension to avoid the amplification attack too.

One advantage of the cookie mechanism is that it is optional.  You can
get the performance benefits when the server isn't stressed and still
have a fallback in case of high load.