IETF Logo Mail Archive

Re: [TLS] Sending fatal alerts over TCP

Nico Williams <nico@cryptonector.com> Tue, 20 December 2011 18:22 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD13D21F853E for <tls@ietfa.amsl.com>; Tue, 20 Dec 2011 10:22:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.583
X-Spam-Level:
X-Spam-Status: No, score=-0.583 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_05=-1.11, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2gViohwyE5k for <tls@ietfa.amsl.com>; Tue, 20 Dec 2011 10:22:09 -0800 (PST)
Received: from homiemail-a87.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 2289621F85AE for <tls@ietf.org>; Tue, 20 Dec 2011 10:22:09 -0800 (PST)
Received: from homiemail-a87.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTP id D092A26C073 for <tls@ietf.org>; Tue, 20 Dec 2011 10:22:08 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=U8Mz75l4kFP39rkP2mR5ZdLh5N3TldPSNc/G/qwpmC8C d9NFvykNybh2icnvkw+S5K8otIdwnLO/dXFnYakeRe1yCBEEOxRHTDpZxbGZQYhc J0Nc8Eh62YpfOYsw+0tIrwDKQZHRxqlpTCvA6WdyVe/cqFlVcPSo9PRhu7IDjq4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=vocaG9Lb7E/nnghjU9c0pe2rWf4=; b=LQXPiERSSk8 P0vRD/mfLiEiB85P9OpDtv//oyaEEV+Vaog580XQu8CqR1jZWZkInjm+B7e5lpnY Du8SmH/QA2A4bGteEFxcPw99KxMH28G6ced7UXsaAGRk6gYcYal4vUdUpr7m6MBj BmQrICBToE3oCQ8FF5fcRNOunmk8oSWM=
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a87.g.dreamhost.com (Postfix) with ESMTPSA id B6D2E26C06F for <tls@ietf.org>; Tue, 20 Dec 2011 10:22:08 -0800 (PST)
Received: by pbdd12 with SMTP id d12so5214975pbd.31 for <tls@ietf.org>; Tue, 20 Dec 2011 10:22:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.73.234 with SMTP id o10mr4865806pbv.90.1324405328357; Tue, 20 Dec 2011 10:22:08 -0800 (PST)
Received: by 10.68.32.227 with HTTP; Tue, 20 Dec 2011 10:22:08 -0800 (PST)
In-Reply-To: <82ehvzidu4.fsf@mid.bfk.de>
References: <82ehvzidu4.fsf@mid.bfk.de>
Date: Tue, 20 Dec 2011 12:22:08 -0600
Message-ID: <CAK3OfOii8KKJdkveiyyN3gj9pTgzGPSKnK9QUUzffSvhMkvNBw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Florian Weimer <fweimer@bfk.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] Sending fatal alerts over TCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2011 18:22:11 -0000

On Tue, Dec 20, 2011 at 7:15 AM, Florian Weimer <fweimer@bfk.de> wrote:
> What is the best way to deal with this?  I plan to avoid closing the
> connection immediately after sending the alert, essentially waiting for
> the client to close the connection.  (There will be a short timeout, but
> denial-of-service issues have to be dealt with out-of-band anyway.)

Your approach seems to be a variable-sized queue with a minimum time
on the queue for each socket on that queue.

A variant on this: use a fixed-sized queue.  Create a fixed-sized
queue, shutdown() SHUT_RDWR (but don't close()) after sending the
fatal alert, add the socket to the queue; if the queue is full take
out the oldest socket and close() it.  No need for a reaper thread:
properly behaved clients will cause those sockets to close, leaving no
state beyond a file descriptor around on the server side; bad clients
will not be able to do anything more serious than a) consume a bound
number of server-side resources, b) cause legitimate clients to get
RST before being able to see fatal alerts.

The right size for the queue will depend on the latency for sending,
receiving and processing the fatal alert message relative to typical
connection lifetime.  But it will probably be easiest to size the
shutdown socket queue as a fraction of the max open connections you
can/want to handle.

A fixed-sized queue seems to have better DoS protection: you know what
is the max number of sockets in this state is that the attacker can
force you to have, and you convert a resource consumption DoS into a
case where bad clients can cause some legitimate clients will get an
RST without first seeing a fatal alert.

> Are there any better options?

I think a fixed-sized queue w/o a reaper thread is likely easier to
code and is simpler to analyze regarding DoS attacks than a variable
size queue with a reaper thread and a "reasonable" timeout per-socket
on that queue.

Nico
--

v2.23.0 | Report a Bug | By Email