Re: [tsvwg] Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes
Claudio Porfiri <claudio.porfiri@ericsson.com> Tue, 31 May 2022 11:20 UTC
Return-Path: <claudio.porfiri@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5A1C14792E for <tsvwg@ietfa.amsl.com>; Tue, 31 May 2022 04:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.854
X-Spam-Level:
X-Spam-Status: No, score=-7.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y52bZNIV7VA4 for <tsvwg@ietfa.amsl.com>; Tue, 31 May 2022 04:20:53 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20623.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::623]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD746C157902 for <tsvwg@ietf.org>; Tue, 31 May 2022 04:20:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tr3eJpmrIFlEFRuo8/knjOZ3TuksKcC9dzgHr7UxJPmlP1ufbvNRvSbhYxhxJGPSMrmNdR4PY1wKxGLi8N3k0Bn1kCK4HTc+Ab0V8cFUVR+pv+oJ0agwSDhEolot8h9CLRZbT7eWA3cEjAD7zcnv1ptTW13UqXW/K0ERYLQONlWHFEMHmNumvRk+rfDE9POLDTdVHM8ENNZgVvt0a0LUsJPfZKpixw54oIF2D9XJ+n6Tx+y+zlu5xzQoph7DMxb0UjkIA5V0hD7TMeU8rMbovASAJe2jWluCyOkE5l6sf/GhC15N72LEepvDdcEL0Xd9//eQ9JQEg/FA+VG/iSi7dQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JCakysRqtelHPKtedN+e6XYSAhwoHBLRJGUZssXYrqk=; b=jqVRvrp0mZnfoj3hJCLZynnUAxVVz43S2FsAguayMxObNzg/QXmtc3OP7/NLjKAO/tmfAdMYMKrWpqh75CmxTl4u7TDtRNj6K4bV5aeAg24UOunwfVhD27ZWPOx7KpXEgER//nuRNSjEBT0pdRLlv42n7Uf8n39DTHL2BDrq+5LwE60vwt19lGbFWcl38VGbT9M8od6PG6JoDUYAFHuPp3ybcAeWLXxR0QUsVClYU8u3fKei4VCfVf/gSq3gsew0vNclBM7rQsgBvt+NzdquISm3g7ciXQxn3i0i9Zo2VtKpNrMMj03u7EcZXn7bsm+gl1/5/hYAiCWfblCQYcxFvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JCakysRqtelHPKtedN+e6XYSAhwoHBLRJGUZssXYrqk=; b=npgyss1YMJkyju6mDhPPslWz1GAZJKp0/ZmebZSVyvR2CA4s8DtmuL1HSCfpJkNWrxXn/Fr2BUbb7qZ96bTdb7rZBRmY3LO9iMCaLsh39hvvKrK4I6P7x6+k8zDmqW6I4fPKBxzXZLV/jtvIDg++uYz8RfZtO/rv2Ugnb0I8Idg=
Received: from PAXPR07MB7871.eurprd07.prod.outlook.com (2603:10a6:102:136::16) by HE1PR07MB3433.eurprd07.prod.outlook.com (2603:10a6:7:38::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Tue, 31 May 2022 11:20:47 +0000
Received: from PAXPR07MB7871.eurprd07.prod.outlook.com ([fe80::a0d2:90de:8861:546e]) by PAXPR07MB7871.eurprd07.prod.outlook.com ([fe80::a0d2:90de:8861:546e%6]) with mapi id 15.20.5314.012; Tue, 31 May 2022 11:20:47 +0000
From: Claudio Porfiri <claudio.porfiri@ericsson.com>
To: Kylin <245872825@qq.com>, "aimecava@gmail.com" <aimecava@gmail.com>, draft-ietf-tsvwg-2960bis <draft-ietf-tsvwg-2960bis@ietf.org>, tsvwg <tsvwg@ietf.org>
Thread-Topic: Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes
Thread-Index: AQHYdNwK4318RbEPJUuGEs7kJPcPra041rqA
Date: Tue, 31 May 2022 11:20:47 +0000
Message-ID: <PAXPR07MB787170BC645526F2B3ADB88687DC9@PAXPR07MB7871.eurprd07.prod.outlook.com>
References: <tencent_D69B96AFB186F58C2DC5FD392E381F457408@qq.com>
In-Reply-To: <tencent_D69B96AFB186F58C2DC5FD392E381F457408@qq.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c06150f2-d63a-43a2-eca0-08da42f79c77
x-ms-traffictypediagnostic: HE1PR07MB3433:EE_
x-microsoft-antispam-prvs: <HE1PR07MB3433F057D30A50F8CCC6946287DC9@HE1PR07MB3433.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4nc8hZ8ecnwEfFGp1rQL0qZYC71VxuUYsuyW//0wDok6uYqyu5ll/Jo/rAobsHchTb2ydGJFmDN1B9viAMVA619TZ5FmWBtWzyvKYzzwlmTXU5Ah+LgxSqTQG4Ep9NVAK9ri8b3f8LA1jMGZcCITStRFmsY6NN0ggwh12RpGR7AJlNwHkVbejyIBY5yx9Q0bcvHeMOERI/AKsnVbaZZcfRxOYN+EBRzuWxMMwi+uI0GlKZcXAat3PgDjv+N9OX4/I8RLhzUS7hdNyZvhUmPfksEnOFSk/kp0rsro97kGZma6njJ25xtClbfi9GvQRhoiGE2cJ2vP8iX2zlAF5YvymxTrfbHhZZaoGDpyRQgKeHLZ3nPoOoA9eaNWItEso/GDvFJHj5VkxnEgeJ0OnXjPu/nKmx9GYq62og6kp/aC59awVF3nah+6unyV7C5/Cjh4vFdF0VKb7/XYtmegizkB4ueFvBMGPDeUod0qrHt9yrLY8oLEFs58fxpHHdRj2pSasY1oQiNK5esaNL+HptnpPYXGwfTEl3SLhfyOhbEoHpbONNmc6S0oVkWQOiN9d9BgUngylH42Rou4iRlacLOjG5i81oMQcckrlm/pKvTm2rYzteY3ahdpfynW0lqLImeeMwBHFtThOiEOWF+/XhCjGrHBRDbaFaDVOwVQLIr9OeJ3se97245l3kBICGB17E5vTC2GgsPZC++k0Ub4qzHDEZfqP/M6TOXmyO225vPxy+gh/uT6IMEnP4zs94X0iZ+MA5apJUWNGPRTRL+9YzAK17zQVrFmGiYJ5Ry3Hqc5fnKY+41AYrKd0pld+gA9LEfFcgwgfRznQO0EMnktE6Pojw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB7871.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(2906002)(33656002)(166002)(5660300002)(508600001)(8936002)(38100700002)(44832011)(52536014)(86362001)(55016003)(83380400001)(53546011)(6506007)(7696005)(186003)(26005)(9686003)(82960400001)(316002)(8676002)(66946007)(71200400001)(76116006)(122000001)(64756008)(66446008)(38070700005)(110136005)(66556008)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mg+ofJKahpHGtOKA2un+j0LtaygVOYzaRWxJgLl9OiV/3muJSNmQXrikeL0fumsRT6EGGVt8M5mJ1y9Wth0fUF7t0LztjHwXt5apQF2sLghtmI1vR9Yg7qaPWn2ASwYDuXukAa6KCuM33FToprcJZOWXYTTk4VOYKELIWoUXC19LMdzPFHA4fx5pIIK6SyoErqoLgvvAKK/Txx0lxfqrmQVO8iw0URlsXg9Ap+0uPR5qfKpqgbcnpCzVy81Sh91BHXBkBmFpXSeQFhWe2khRDj5BKkIVH3wiPEFdz+m4/9/qIhVj9CASJfjgHWK/Ujcu5ZIxCb4O8iB75siBAx8kxj+6qBODXZfE6NPB+wXkKTvwgvWDgQg3MupQS7ISljMIl1rxb0+9kmswyzdS0O5kI1A9kwiTLiOstKNLmF82vTgDt3UmWwIh3sr1IAmxZMZV5jnR7o/BWhagwmoLnxhbzmaU8+3lqBxbCs+BwEMkdj/8fxfn3S08yheD1ZR5ozNev4WM3qEp0R1j90aIE0gzcnVUvzY/qyNZoL6ovq0moty2sKDLjdRsuUoSyVLobEo7N/ABbVAk8Yf72I0qbRSgfLD8dkOPbruSjzvaEQNiSpfjN3xg0pQNDMQnUUQXCuMBf/9miD04IGQaUaDM+iN1smduDcB3PgZKxvLKLsINi7rNhOaJR4ZhVRvS/x8cTnXcwxX1GwfwFuQvRAG4zgE06jHZFzXYtroIa5BMn6W1nvK6y63Llmqt65j+/joImBnLaZdK6QKTCyySARWYSdfaS8++4BQwJDJIJeeoPZmp4tz73dHhxjPlxoYUmulTluU+fqzyDznQjo0eTO/PhAVTqHycKQJD9AtVkkscZ0dsKhkA6Av7TmJ8Br+jnzXsQv5lAYyFijY2Ihw3UpQHVtz72X768i5X/iJFpHk31Ozn9Hxb9nKtO6nDDxPBgJwun9gYVb+ggzt/8nuSli2Nn4ZZ7sHetuay2mLkHHNUZwb8JAuX7lC+YtKNAICuluE+JxF4wikB+5YaRv6gJSwqnOeXNiWmh+1I1xP3w2s9ErH8gvLV/5cglaWIHQp2dQCQ8KPssc7eqZug5cgrgCVMMew5W/+uMY6I5OjGS/bLG1rwLyBNNXzmaNs5wtuzr3JM/02SEfyc93sPAZ3gm+DMusF4gOFf0Wn1n4f9pGvLn9oCvn9Q44RkaLv/LVkgsMjrcgqEqWaLODln8nNaAiIabNcEEYV3+v2jGmwd/pwhbyvh2vnXONVdJP0/hdWb8P0UMMKZr8prtzMLhw8fAGN9gGa13xawt13Oo+Djw67+vwXGQHHE07X7jtetnR+lkQBelnKiQiCHgN1BJ1qXi2bVIjwMBsKrqjAcgP54teMB9zysYYYHWpEt7OkDcv2rZj0TSrvmu/E0ZhcogNPxp5lisHhS137hh29GjixxhyN4uevSl2SQ29U1eiUlgDolW2grrTPtjvrByz49zygY8Aj8ZOqGmZDW7leVOkIRPxmIHKvLojNuz1CuZ4TwInvxc1kvCwLpO/9GlH6nZZDtUnT1QJ/vo3GIPLH2iOU5jG8x2BmW9x4Eqqr4//7fSkg3DGIT2dVIkobNyT7JsSJ2wXMUjGAj1SKS6JLqpeauMVPPXKTfghNI92g/6jTCp2XZqgq/OM9jZ7ckyePRV+L3Op4yqKIqSQkkLtg7aAxMNiqy3yLNRHyYJOlAiHCVJpGg5I7dhztIytioPXuXl0w+hCc4hcs4p6asGhtrXca8ILSYPbvoZiQ=
Content-Type: multipart/alternative; boundary="_000_PAXPR07MB787170BC645526F2B3ADB88687DC9PAXPR07MB7871eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB7871.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c06150f2-d63a-43a2-eca0-08da42f79c77
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2022 11:20:47.5338 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ShYUDBWP9jfUCqOBpwlcVZ/uHhuBRl/X1Xmt/yJ5jr4KNApKWlE00CQISvvmc8w7u8S2lM7J2L0efC2WMOi6ENr8MF3LJJmufbA4bfJmK2g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3433
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/enJkBsIs68_Tl3d5o1leaNipbHs>
Subject: Re: [tsvwg] Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2022 11:20:56 -0000
Hi Kylin, from draft-ietf-tsvwg-rfc4960-bis-19 - Stream Control Transmission Protocol<https://datatracker.ietf.org/doc/draft-ietf-tsvwg-rfc4960-bis/> The Initiate Tag is allowed to have any value except 0. See Section 5.3.1 for more on the selection of the tag value. If the value of the Initiate Tag in a received INIT chunk is found to be 0, the receiver MUST silently discard the packet. BR, Claudio Porfiri From: Kylin <245872825@qq.com> Sent: Tuesday, 31 May 2022 12:49 To: aimecava@gmail.com; draft-ietf-tsvwg-2960bis <draft-ietf-tsvwg-2960bis@ietf.org>; tsvwg <tsvwg@ietf.org>; Claudio Porfiri <claudio.porfiri@ericsson.com> Subject: Re: Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes hi experts about the change: if the value of the initiate tag in a received Init chunk is found to be 0, the receiver must silently discard the packet whether it is already write to the new rfc4960? ---Original--- From: "aimecava@gmail.com<mailto:aimecava@gmail.com>"<aimecava@gmail.com<mailto:aimecava@gmail.com>> Date: Fri, Aug 20, 2021 12:41 PM To: "draft-ietf-tsvwg-2960bis"<draft-ietf-tsvwg-2960bis@ietf.org<mailto:draft-ietf-tsvwg-2960bis@ietf.org>>;"tsvwg"<tsvwg@ietf.org<mailto:tsvwg@ietf.org>>;"claudio.porfiri"<claudio.porfiri@ericsson.com<mailto:claudio.porfiri@ericsson.com>>; Cc: "245872825"<245872825@qq.com<mailto:245872825@qq.com>>;"37633825"<37633825@qq.com<mailto:37633825@qq.com>>; Subject: Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes Hi dear IETF experts, Recently we found two confusing scenarios: 1) The endpoint received an Init Msg with Init Tag equal to 0 would send Abort with the Verification Tag with its own association but not the Initiate Tag in Init Msg. I believe this behavior is as expected as rfc4960 since: a) page 8 says: An association can be uniquely identified by transport address used by the endpoints in the association. (The other endpoint is using the same IP pair so the association is determined.) b) page 26 says: If the value of the Initiate Tag in a received init chunk is found to be 0, the receiver must treat it as an error and close the association by transmitting an Abort. (The receiver must close the association by transmitting an Abort and the Verification Tag in the Abort is using the Verification Tag of the existing association. The reason not to fill in the Verification Tag using the Initiate Tag of the received Init Msg is said on page 8 that two SCTP endpoints must not have more than one SCTP association between them at any time.) But from the perspective of security, it is too easy to attack the existing SCTP association using an Init Msg with the Initiate Tag filled with 0. Would you consider adding some comments in rfc4960 that in this situation the Abort should be sent with the Verification Tag filled with Initiate Tag in recieved Init Msg? 2) If an endpoint of an association received an Init Msg with init chunk less than 20 bytes, for example the TSN only has three bytes, it could abort the existing association. I believe this behavior is as expected as rfc4960 since page 57 says: If an endpoint receives an init but decides not to establish the new association due to missing mandatory parameters, it should respond with an Abort chunk and the verification tag field must be the initiate tag value of the peer. (This means the receiver would fill the Verification Tag of the Abort message with the Verification Tag of this own association but not the Initiate Tag in the receiving Init Msg.) Still, this "less than 20 bytes" situation could be used as an attack method to bring down an existing association easily. So would you consider adding comments that in this situation the Verification Tag of the Abort should use the Initiate Tag in Init Msg received. Or do you have some good reasons I have not thought about in using the Verification Tag of the existing association? Please help me to understand that. Thank you! Best regards, Chenzhong Guo
- Re: [tsvwg] Questions on rfc4960 abort init tag e… aimecava@gmail.com
- Re: [tsvwg] Questions on rfc4960 abort init tag e… Michael Tuexen
- Re: [tsvwg] Questions on rfc4960 abort init tag e… Michael Tuexen
- Re: [tsvwg] Questions on rfc4960 abort init tag e… Michael Tuexen
- Re: [tsvwg] Questions on rfc4960 abort init tag e… aimecava@gmail.com
- Re: [tsvwg] Questions on rfc4960 abort init tag e… aimecava@gmail.com
- Re: [tsvwg] Questions on rfc4960 abort init tag e… aimecava@gmail.com
- Re: [tsvwg] Questions on rfc4960 abort init tag e… Claudio Porfiri