Re: [tsvwg] L4S & VPN anti-replay interaction: Explanation
Jonathan Morton <chromatix99@gmail.com> Tue, 18 May 2021 02:26 UTC
Return-Path: <chromatix99@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923E23A1978 for <tsvwg@ietfa.amsl.com>; Mon, 17 May 2021 19:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13FH6EfQ8Myf for <tsvwg@ietfa.amsl.com>; Mon, 17 May 2021 19:26:21 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A3103A1979 for <tsvwg@ietf.org>; Mon, 17 May 2021 19:26:21 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id i22so11650696lfl.10 for <tsvwg@ietf.org>; Mon, 17 May 2021 19:26:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=x3YkOpqrITTS3+PJ8Mp98W2sHF6fsEO2+G7jgfi6y+U=; b=E3f5kcPiAl1smSXMDFQiGS+WYYunIfrN336gEXYYe1dzrD+qIqWJfAuPjsSchGJGHh KOmi4GP/vt/niF/X0rbHvXjuL/+k2fZsHcT1KsNgBHH8vtBP5RdDN4gshiCec28Tg9iz UENw7AhlIXP/qx3JEM/6tK0KxKJh+89/BBG8eUG97k+l3USx/fIC2FSUxTtuvGZ3SCA5 OLxdvxfQsygVmDi3Vn9x5geEiaAZB9JCMGbkIdaHTKgLiE7+aMhci66JE2s8pzm8gIsx xq4wSwxa0dx1F5r+j8Fwoe405XKj9s1PwlPK2R3ZXKoKk6HLE3b5tJgQB7nOvEb+Na2f jkHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=x3YkOpqrITTS3+PJ8Mp98W2sHF6fsEO2+G7jgfi6y+U=; b=q4/GTuR8eZ6210ukvJlqcwiXmh1+PUZCl1f9+x7KNZ0rzDtZeVswED9XmMO+Wyqq8r IIBH6fQmEYzXM2p3vzJrAjix2ufDT6UZl6w0aNLYjjMwjVx7h6hs6WHSYOA1pRBNpTTn 8kpOF/3atb24sVblvyBNVbMDas26iYwgLJ/AmdjMvnZh+wmbjw52OQOio27OX0N/XSJT 320TVeRWqYiBrPc2A9MvcC9Ivs1McahuVL9RJrH0JzXQU8bpl47qw5Ex69ZU4ZhZiACw V65lTpyo7dOXyke9lM67iPSyaUOsXB1QCqVuKfIWRRZyr24EIRAyTxS7ySPpKB3P715i t0eQ==
X-Gm-Message-State: AOAM530CXFOY1OfkKBR+rQ3WU/P8I3+GMPV9jP5xFe/3XxeIT4JBl0jZ ZosoucOIuikp5mCMWBi9B/Q=
X-Google-Smtp-Source: ABdhPJxUcThsPXA+ybtRvo63PXH/udl3NagrKWTBtJiLEADKHv/zMQ6ooo9pUxrTqwfq1F61cCQ4uw==
X-Received: by 2002:ac2:5298:: with SMTP id q24mr14763lfm.615.1621304778023; Mon, 17 May 2021 19:26:18 -0700 (PDT)
Received: from jonathartonsmbp.lan (37-136-237-77.rev.dnainternet.fi. [37.136.237.77]) by smtp.gmail.com with ESMTPSA id 17sm925092lfr.53.2021.05.17.19.26.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 May 2021 19:26:17 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Jonathan Morton <chromatix99@gmail.com>
In-Reply-To: <54329b8c-f56e-f72c-138e-6c700648080a@bobbriscoe.net>
Date: Tue, 18 May 2021 05:26:16 +0300
Cc: "Black, David" <David.Black@dell.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A6A28DDB-2450-4E46-9DB5-DE3458E4781F@gmail.com>
References: <MN2PR19MB4045206ECB759EEE5FA3C60383539@MN2PR19MB4045.namprd19.prod.outlook.com> <54329b8c-f56e-f72c-138e-6c700648080a@bobbriscoe.net>
To: Bob Briscoe <ietf@bobbriscoe.net>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/-AVvIrW4j93qsNhfsToJDbN7VPY>
Subject: Re: [tsvwg] L4S & VPN anti-replay interaction: Explanation
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2021 02:26:27 -0000
> On 18 May, 2021, at 2:51 am, Bob Briscoe <ietf@bobbriscoe.net> wrote: > >> The problem arises at step 1 – mixing L4S and non-L4S traffic in the same VPN. IPsec has addressed the analogous problem for Diffserv by requiring (MUST) support of multiple VPN sessions (which IPsec calls Security Associations, SAs) between the same endpoints, and strongly recommending (SHOULD) that traffic in different Diffserv classes use different SAs (RFC 4301, Section 4.1, paragraph spanning pp.13-14). > > [BB] In the thread where Sebastian first pointed out this interaction, I asked if you knew how prevalent it is for IPsec implementations to follow that SHOULD. Indeed, are you aware of any implementations at all that follow it? > > You might have noticed the Cisco troubleshooting guide I found about how to remedy Diffserv interacting with replay-protection, which implies that the different DSCPs do not always have separate SAs: > https://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/116858-problem-replay-00.html > > It occurs to me that multiple application sessions can come and go within a VPN. So it might be some time after the set up of a VPN when an application is launched that starts to use different DSCPs within the VPN. The VPN would not have known this in advance, so then it would have to set up a new SA on the fly. Then it would have to either buffer or discard the new Diffserv packets while it did the new key exchange. The easy way out of this, for tunnel-mode SAs, is to maintain the same DSCP on all outer headers belonging to the same SA. This permits it to establish fewer SAs between a host pair (typically 1) than the number of DSCPs that might theoretically be encountered (always 64). Since middleboxes on the tunnel path will only see the outer header, they won't then reorder packets based purely on the DSCP, and no systematic DoS attack against the replay window can be mounted via the DSCP field. I'd appreciate data on whether IPsec implementations take this approach in practice. L4S does not have recourse to this approach, because the ECT(1) codepoint is the only identifier informing middleboxes that high-fidelty CE marking is expected rather than RFC-3168 marking. The only thing that *could* safely be done here is to revert the ECN field to Not-ECT on tunnelled L4S packets. That seems like rather a retrograde step, and the vulnerability would still exist with respect to non-participating users who are still using an existing RFC-3168 compliant VPN, that preserves the ECN field of the inner packet on the outer header. - Jonathan Morton
- [tsvwg] L4S & VPN anti-replay interaction: Explan… Black, David
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Jonathan Morton
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Dave Taht
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Black, David
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Bob Briscoe
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Jonathan Morton
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Sebastian Moeller
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Magnus Westerlund
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Black, David
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Magnus Westerlund
- Re: [tsvwg] L4S & VPN anti-replay interaction: Ex… Black, David