Re: [TLS] draft-tschofenig-tls-dtls-rrc-00 - DTLS Return Routability Check (RRC)

"Martin Thomson" <mt@lowentropy.net> Tue, 09 July 2019 10:15 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 661151203FC for <tls@ietfa.amsl.com>; Tue, 9 Jul 2019 03:15:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=rKZtIi7z; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=YWpowOdK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SSNYAcU1QWnC for <tls@ietfa.amsl.com>; Tue, 9 Jul 2019 03:15:56 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 591E91203FB for <tls@ietf.org>; Tue, 9 Jul 2019 03:15:56 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 657CA21E3E for <tls@ietf.org>; Tue, 9 Jul 2019 06:15:55 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Tue, 09 Jul 2019 06:15:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=TIrLm TB43FbOVbpl4IQNymNWMIe9w6zdzC/igR60sYE=; b=rKZtIi7zHrumaB4HGeTAW EK6m312jF9gAeW663hJJyQf5khKO01MJeYu5UsIWTk0Fpiwb7UjO4pEzD7ny3L01 5NMOACmzxGPqZRZP/EVMeyB8aBLcNxFJ4SI136eW3lfsjG2M3wQV9ByyNH9bgHte BY72aoqNB0r3rA7QNNoOu2vQFiiLjYZh+V/QHz8lipXcxl/4CBZbhFTtUJ6ZIrzp 4ZwgGyd8INJjE718vJ/W3pCCj2dkbr10GhD55+kyOlLVjwi8V5DYFJ0kEIFpqyNS U5L9pQK9YneJa6r2vrD2M9QAJNnSs229MEansexL0+TVvuEFg+1fLzs9WEMe7WTT w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=TIrLmTB43FbOVbpl4IQNymNWMIe9w6zdzC/igR60s YE=; b=YWpowOdKsUGqNgqBr+k7H5EgADKIVgQ6h5EolRFgF3wbifyuqy+IbZBnH coR86Y5XDN+Q/mTj2OTACSY3wBKtmcVIWQWQzAaXv8ddF+RTBreGnA0JbaLRba8F LL2cYkW8oQk0Iij8RLEZHwaDLfKfRJaSSna0D8OryCksqcVNyQ378Ldn2OEt6czP EXgXpwcjBhPhHlGGeuHLa7n+1ideEhYgvsi1oBD72WUrNOxYQ06/3K4Xi7PvoR9z 6aOX8fj0fv7aMtOsG1jjUvweFMOl+ocY79+vQ00ag96Eqy+X1nZ6pqem9M5orQYy sYnLN/pNIz8+5jphowWdlbHChmu/Q==
X-ME-Sender: <xms:WmkkXfxoog_tbSjgAiPNVCk023PmbN_AFsUsWaTo7YpsXWyAxHKXyg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrgedvgddvlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgnecurfgrrh grmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtnecuvehluhhs thgvrhfuihiivgeptd
X-ME-Proxy: <xmx:WmkkXSstEuIa2Jp_oaW8gcI4q4jrX7Ts0qI8EavgPsqX0Ilu-v8eUw> <xmx:WmkkXYAD59NG98evgSJOWx9kLXTv3KQ2h1cjRkPX-P1s41A_pnOhjQ> <xmx:WmkkXWqsI1nI91WGgtO08mQN0P8FG-3RcsBzaxFvt779BRhFoPZwpg> <xmx:W2kkXdf7m9xSlre8rmmS4kqQV88LQGyLcW_1sMQZhGXZztXkpmr8zw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 96EDCE0193; Tue, 9 Jul 2019 06:15:54 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-731-g19d3b16-fmstable-20190627v1
Mime-Version: 1.0
Message-Id: <47c5fe54-d88d-4333-a443-55aa44e0b4a0@www.fastmail.com>
In-Reply-To: <VI1PR08MB5360A60F2F16D354DA6F9FD2FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <VI1PR08MB5360A60F2F16D354DA6F9FD2FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
Date: Tue, 09 Jul 2019 20:15:54 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zVMBXfkCKEB-qYp5B6GN3USIZso>
Subject: Re: [TLS] draft-tschofenig-tls-dtls-rrc-00 - DTLS Return Routability Check (RRC)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 10:15:59 -0000

Hey Hannes,

This definitely looks like it needs attention.

This looks fairly lightweight, which is a good goal, but we have lots of experience with this in QUIC now that suggests that there are trivial denial of service attacks that can be mounted on simple designs.  Have you looked at the connection migration section in QUIC in any detail?  There are a few cases described there that don't appear to be covered in your proposed design.  

It's possible that you have a different threat model in mind, so maybe this doesn't apply.  We might be well served by having a discussion about that though.

On Tue, Jul 9, 2019, at 19:05, Hannes Tschofenig wrote:
>  
> Hi all, 
> 
> 
> working on the DTLS connection id drafts we noticed that there is one 
> security aspect, which could benefit from an extra mitigation technique.
> 
> 
> The issue is that an on-path adversary could intercept and modify the 
> source IP address  (and the source port) of a DTLS datagram.  Even if 
> receiver checks the authenticity and freshness of the packet, the 
> recipient is fooled into changing the CID-to-IP/port association. This 
> can lead to black-holed or redirected traffic. Of course, an on-path 
> adversary can do lots of things to traffic and the problem is 
> self-fixing but it still lead us to work on a solution in form of a 
> return-routability check. 
> 
> Here is the draft:
> 
> https://tools.ietf.org/html/draft-tschofenig-tls-dtls-rrc-00
> 
> 
> Ciao
> 
> Hannes
> 
> 
>  IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose the 
> contents to any other person, use it for any purpose, or store or copy 
> the information in any medium. Thank you. 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>