[TLS] draft-tschofenig-tls-dtls-rrc-00 - DTLS Return Routability Check (RRC)

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 July 2019 09:05 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7EA01203AF for <tls@ietfa.amsl.com>; Tue, 9 Jul 2019 02:05:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WIbQMdnli96 for <tls@ietfa.amsl.com>; Tue, 9 Jul 2019 02:05:39 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50041.outbound.protection.outlook.com [40.107.5.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D34AE120397 for <tls@ietf.org>; Tue, 9 Jul 2019 02:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vnkXvvLmXUvcwoqhT36VH4xjcNZc66AETpzP6AIVVeo=; b=rfqMfNFB7Li5Fm5oo3mztTm2bn3ORxmeSZ/qilrstMMJYlJQTaJ3BAi0KSPQP4gRn3AJvH9AVoORQSRxcoWeq1T2IGTmJ9fkyhdL4Hqw+ChFl7lXZA2KocNa2DOx6KBaKAYoO3TBm+JmRla4n4RvlwO1EdGeOMsZ9csNNe2JTYM=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB3725.eurprd08.prod.outlook.com (20.178.14.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Tue, 9 Jul 2019 09:05:36 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77%3]) with mapi id 15.20.2052.020; Tue, 9 Jul 2019 09:05:36 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: draft-tschofenig-tls-dtls-rrc-00 - DTLS Return Routability Check (RRC)
Thread-Index: AdU2NXH6l5nrxsDQQh2DGNc/pbIIBA==
Date: Tue, 09 Jul 2019 09:05:36 +0000
Message-ID: <VI1PR08MB5360A60F2F16D354DA6F9FD2FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: b3817a9a-9742-4470-b47e-9499f5f60af5.0
x-checkrecipientchecked: true
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.119.152]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86ae70a2-6fd6-47d5-87f4-08d7044c9b0e
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB3725;
x-ms-traffictypediagnostic: VI1PR08MB3725:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <VI1PR08MB3725BE1EADECE3A849559355FAF10@VI1PR08MB3725.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(136003)(396003)(376002)(346002)(40434004)(53754006)(199004)(189003)(53936002)(6436002)(606006)(6506007)(26005)(8676002)(102836004)(33656002)(68736007)(81156014)(81166006)(1730700003)(8936002)(25786009)(3846002)(790700001)(7736002)(6116002)(7696005)(5660300002)(966005)(14454004)(6916009)(71200400001)(99286004)(72206003)(74316002)(71190400001)(66066001)(52536014)(2351001)(9686003)(66476007)(66556008)(64756008)(66446008)(478600001)(2501003)(316002)(2906002)(5640700003)(236005)(476003)(55016002)(73956011)(54896002)(66946007)(86362001)(486006)(76116006)(256004)(14444005)(5024004)(6306002)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3725; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8b/Pii7oLu6IHgIqNc+NDaFKwZutfkVsUkqC03fpvmfpe8al68cdCgkQ/QlBb2corNs3n/X1vTU6UQZYaycV2seppIUydxbQLPS9p41n6zUIsjZPMJkN3ZC9aKGAzSgt3uqqd8v3dXIKeMixa81n7DK2L/SbjVkKHU73h3vDT5NpwoVZzy8zyBqh3XaQQphpI7by0sIKawfAaPi8+M3v7c4qeoN/WtuewJ7T3Xfjwjwop0MOsiNMfy451clZGAnfCS3OuIkyCgRh8LEDAH4YgIRDTZaVbKDKBW2kxUnwvnNr8zeJ9Y8nlMRJtiB7vZKA/+Op1v/VHHutYsUe4MRGD044Q5+ovVq/Dq78xJq3wQUMUXVNJZRUMH5cZ433c0DwYTFRb0sFE7JWpAdXGnHz3crvhkbAOyNnjMeedeTkr7Q=
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB5360A60F2F16D354DA6F9FD2FAF10VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86ae70a2-6fd6-47d5-87f4-08d7044c9b0e
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 09:05:36.0460 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hannes.Tschofenig@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3725
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Y1JcAEfb2LXUgWL9_rNvb4iDoso>
Subject: [TLS] draft-tschofenig-tls-dtls-rrc-00 - DTLS Return Routability Check (RRC)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 09:05:42 -0000

Hi all,

working on the DTLS connection id drafts we noticed that there is one security aspect, which could benefit from an extra mitigation technique.


The issue is that an on-path adversary could intercept and modify the source IP address  (and the source port) of a DTLS datagram.  Even if receiver checks the authenticity and freshness of the packet, the recipient is fooled into changing the CID-to-IP/port association. This can lead to black-holed or redirected traffic. Of course, an on-path adversary can do lots of things to traffic and the problem is self-fixing but it still lead us to work on a solution in form of a return-routability check.

Here is the draft:
https://tools.ietf.org/html/draft-tschofenig-tls-dtls-rrc-00

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.