IETF Logo Mail Archive

Re: [tsvwg] Some unclear points about rfc4960 (SCTP).

Michael Tuexen <michael.tuexen@lurchi.franken.de> Wed, 18 August 2021 16:51 UTC

Return-Path: <michael.tuexen@lurchi.franken.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E97FA3A08B6 for <tsvwg@ietfa.amsl.com>; Wed, 18 Aug 2021 09:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2NKt2QI6jiC for <tsvwg@ietfa.amsl.com>; Wed, 18 Aug 2021 09:51:15 -0700 (PDT)
Received: from drew.franken.de (mail-n.franken.de [193.175.24.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1839B3A08A7 for <tsvwg@ietf.org>; Wed, 18 Aug 2021 09:51:13 -0700 (PDT)
Received: from smtpclient.apple (ip1f100e9c.dynamic.kabel-deutschland.de [31.16.14.156]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id 37339721BE019; Wed, 18 Aug 2021 18:51:07 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
In-Reply-To: <AM0PR07MB4066DC7A9667546864D4E3BA87FF9@AM0PR07MB4066.eurprd07.prod.outlook.com>
Date: Wed, 18 Aug 2021 18:51:06 +0200
Cc: "zhouming948@foxmail.com" <zhouming948@foxmail.com>, "draft-ietf-tsvwg-2960bis@ietf.org" <draft-ietf-tsvwg-2960bis@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <192B081B-AE50-40CE-BFFA-9D01A3163436@lurchi.franken.de>
References: <69189a98-630b-4ff0-a265-6ab7e3a5e3b8@VE1EUR02FT051.eop-EUR02.prod.protection.outlook.com> <AM0PR07MB4066DC7A9667546864D4E3BA87FF9@AM0PR07MB4066.eurprd07.prod.outlook.com>
To: Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/PT36lYUEsc8ZPioUd-aYW1ibbso>
Subject: Re: [tsvwg] Some unclear points about rfc4960 (SCTP).
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 16:51:20 -0000

> On 18. Aug 2021, at 09:30, Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org> wrote:
> 
> Hi,
> I think that behavior in case of duplicated INIT is quite well described in section 5.2
I agree, but it doesn't deal with INIT chunks containing invalid mandatory parameters.
> If there are implementation handling INIT without considering the Association’s Status, the fault is in those implementations not in the specification.
But I think we can improve the wording used in the specification. Although, I agree the intention of the specification
is unchanged.

Best regards
Michael
>  
> Regards,
> Claudio
>  
>  
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of ??????
> Sent: Tuesday, August 17, 2021 6:57 PM
> To: draft-ietf-tsvwg-2960bis <draft-ietf-tsvwg-2960bis@ietf.org>; tsvwg <tsvwg@ietf.org>
> Subject: [tsvwg] Some unclear points about rfc4960 (SCTP).
>  
> Dear IETF experts,
>  
> I read rfc4960 (SCTP) and felt that there were some unclear descriptions in the document. I hope to get your reply, so I wrote this email to you. And I think it's better to describe these more clearly in the subsequent version of the RFC.
> The following description describes some scenarios requiring abort Association in rfc4960:
> Page25
> 
> 
> 
> Page26
>  
> 
> Page30
>  
> 
> Page31
>  
> 
> Page56
>  
> 
> As can be seen from the above description, when an init message or init ACK message is received,
> (1)If the init tag in the message is 0, the association must be released
> (2)If the mandatory parameters in the message are not fully carried, the association must be released
> (3)When the OS value or MIS value in the message is 0, it is strongly recommended to release this association
>  
> The following description also shows that there can only be one SCTP association between two SCTP endpoints at any time:
>  
> 
>  
> Because init messages can be forged arbitrarily, take the scenario where the initial tag in init message is 0 as an example. 
> In this scenario, a malicious attacker can destroy other associations at a very low cost:
>  
> 
> For the other two scenarios, i.e. init message with missing mandatory parameters or init message with OS value / MIS value of 0, the effect may be similar.
> I think from the original intention of the protocol design, these error scenarios should be handled according to the following. However, the RFC does not specify how to deal with the established association endpoint when receiving this wrong init (or init ACK) message, and whether the corresponding association should still be removed.
>  
> 
> Unfortunately, the SCTP implementation of Linux will be affected by the attacks described above, such as the open source lksctp.
> I hope to receive your reply to clarify the above unclear areas.
> Thank you very much.
>  
> Yours faithfully!
> Zhouming.

v2.23.0 | Report a Bug | By Email