Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32

Christian Huitema <huitema@huitema.net> Wed, 10 April 2024 02:12 UTC

Message-ID: <9bff172e-1cf3-4403-8088-eb9a25ba4185@huitema.net>
Date: Tue, 09 Apr 2024 19:11:40 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Joe Touch <touch@strayalpha.com>
Cc: "C. M. Heard" <heard@pobox.com>, Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>, "Gorry (erg)" <gorry@erg.abdn.ac.uk>, Martin Duke <martin.h.duke@gmail.com>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
References: <f98c67c3-45e2-49bf-9b3e-6545239355a1@huitema.net> <0CCBFF2B-9397-4E86-85F0-FD109A426C45@strayalpha.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <0CCBFF2B-9397-4E86-85F0-FD109A426C45@strayalpha.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/V4eEumAEFID6TYFz6Hp6ijt_hTc>
Subject: Re: [tsvwg] Review of draft-ietf-tsvwg-udp-options-32
Precedence: list

On 4/9/2024 3:41 PM, Joe Touch wrote:
> 
>> On Apr 9, 2024, at 12:17 PM, Christian Huitema<huitema@huitema.net>  wrote:
>>the maximum segment size option.
>> Anything that adds clear text to an already encrypted packet should be considered an attack.
> That would make all TCP or IP options used with TLS an attack. Please let us know when those are addressed.

But there have indeed been attacks against clear text TCP headers, from 
SYN attacks to RST to data insertion. There are also lots of 
intermediaries that like to mess with the TCP headers, for example 
rewriting flow control parameters or the maximum segment size option.
These have been addressed over time in TCP.

These attacks are largely mitigated in encrypted transports like QUIC. 
Adding clear text options to encrypted transports will bring new attack 
scenarios, which will typically only be discovered over time and which 
will necessitate ad hoc mitigations.

-- Christian Huitema

[tsvwg] Review of draft-ietf-tsvwg-udp-options-32 Martin Duke
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Gorry (erg)
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Tom Herbert
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Tom Herbert
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Joe Touch
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Sebastian Moeller
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… touch@strayalpha.com
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Martin Duke
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Christian Huitema
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Erik Auerswald
[tsvwg] Discarding the UDP surplus area when prot… C. M. Heard
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… C. M. Heard
Re: [tsvwg] Discarding the UDP surplus area when … Tom Herbert
[tsvwg] github issue long term archiving[ wa… Sebastian Moeller
Re: [tsvwg] Discarding the UDP surplus area when … Gorry Fairhurst
Re: [tsvwg] Review of draft-ietf-tsvwg-udp-option… Zaheduzzaman Sarker