[tsvwg] Request for consensus call for Auth in UDP options
Tom Herbert <tom@herbertland.com> Sat, 07 September 2024 01:33 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2829BC14F6B8 for <tsvwg@ietfa.amsl.com>; Fri, 6 Sep 2024 18:33:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lk0xlrWpEjUA for <tsvwg@ietfa.amsl.com>; Fri, 6 Sep 2024 18:33:42 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 486E9C14F69F for <tsvwg@ietf.org>; Fri, 6 Sep 2024 18:33:42 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a86910caf9cso668735066b.1 for <tsvwg@ietf.org>; Fri, 06 Sep 2024 18:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1725672820; x=1726277620; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=v9M5NLomqEQre3Q5lRfKUgS/MTwn2Gghx8tqBGZVhkc=; b=akWPwmBbOlC4ITtUYTn/TY0x+rvIU6bxOx/R8OooUmiEpIKHs4UZ/gS2mEF/aKNcEs woiDgkelnlVYpeOtbd9ZHrehH0L5AE0fowKlbVNzbfsRO2RxbuGsG+FA8pQnTfsa7wPS aer6bGN2437uZwcj2ZM9BB9RNnCOJygo5XDXo+WSPUCjfN/wkWH5fsMV+/hYQ+58GKQK j5isbhpTMMI8V+29Zvub4BYEhYFm/QrHVHBHSl+0ZOCCumMlhlfnzTEmSN1/pjTI9r4y PUXLZPccw6lSHp/3j2oHcVNwErGCyPZ/tYH01Z2p/dk/mVvc798y/SxFktu7r9bRez6m ANSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725672820; x=1726277620; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=v9M5NLomqEQre3Q5lRfKUgS/MTwn2Gghx8tqBGZVhkc=; b=MOZXAJ13JPDwRB7zDCY7ja59WP0F/twgiJ/5mNLa/RSiUpL8X1MUfm0iqQ5sYpCFPE H0xQpLnBMoOf/kHkWeuclSu13YjzxGUwJnCAmovRFmSbx8mRcRnUuUe3wHwZISeCsC8q gZYjscJD70PrQajq9sgpjlMWtYdrfiW7qAayHN0Zmh+mLmERITO9OPncJ7PJ6u/4mzGH GYUt8V/FPgG7JWKyCawTA4eodA4ZfyeFIsZVzZpod5qrF8ciKlt2Q8Q533c0MBE4dIGE kerADzfN6Op36TGEtvSZk77ohGXchFJu/fOCvlruiYuFGCaaS651qv5gVjBFWJgaxJ7i j+NQ==
X-Forwarded-Encrypted: i=1; AJvYcCXU28g0QR3nE3B0Fc0S6qWbUFsrGsjhfb2VzPuSMhM+M/1IFBzWNaCLB+I6RQTNFj80JCGgBA==@ietf.org
X-Gm-Message-State: AOJu0Yz21sJJmri+SK4V0+VHs4WcNcJgpfeo3w6TfeOVE7v3c1jEo2hY xDfX40c/mmKHSCZ0I20MFBMh//J7Z8kOQVxJJSekpPiuJfiWmsgPXor0Tg7MxqtmqnsZLs0oxlx NobLWEo3WBut7OMv0Y2N3DL6TnNR9FLs2XF6v
X-Google-Smtp-Source: AGHT+IFbgT2Aj0RuxdPKcKTkhYMcvRHzHHgkitHOaNx+ON135UNrj9PSCU1z8YeWm1Pxj7pTH3WPtgSQ7oHKGRl8SWo=
X-Received: by 2002:a17:906:6a29:b0:a80:f616:5cf9 with SMTP id a640c23a62f3a-a8a42cab866mr1167271166b.0.1725672819295; Fri, 06 Sep 2024 18:33:39 -0700 (PDT)
MIME-Version: 1.0
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 06 Sep 2024 18:33:28 -0700
Message-ID: <CALx6S34JjFegygq3D=XnJxiy9tARNtkw2v4BqaCXS80u2J478g@mail.gmail.com>
To: tsvwg-chairs@ietf.org, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 5BD7Y6TBZ3KR52LGGJWPNXDMRJTTQLFI
X-Message-ID-Hash: 5BD7Y6TBZ3KR52LGGJWPNXDMRJTTQLFI
X-MailFrom: tom@herbertland.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Request for consensus call for Auth in UDP options
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hsv83lTcNoGeWeTnlv0APO2JZFI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
TSVWG chairs, I have raised an objection to the UDP Options draft that the Authentication may be ignored by a receiver. I believe this is a serious security vulnerability in the protocol. If a sender uses the option that must mean that a key negotiation must have happened, so when the sender places the option in a packet they naturally have the full expectation that the receiver will validate the authentication credentials. If the receiver elects to ignore the authentication then they will not only allow legitimate senders but an attacker will be able to access the system as well-- so basically there is no security and the user is at risk for harm. Ignoring an authentication option is not safe. The counter argument seems to be that it should be up to the receiver to decide if the authentication option must be validated. That stands in contrast to other authentication protocols like IPv6 AH that explicitly require authentication option to be validated if it is present (if they can't validate, then the packet MUST be dropped). If the idea is that the user decides this then security is wholly dependent on the user configuring the protocol correctly, so a slight misconfiguration could allow a major breach (note this cannot happen in IPv6 AH). Please consider doing a consensus call on whether ignoring an Authentication option in UDP options is allowed. Thanks, Tom
- [tsvwg] Request for consensus call for Auth in UD… Tom Herbert
- [tsvwg] Re: Request for consensus call for Auth i… touch@strayalpha.com
- [tsvwg] Re: Request for consensus call for Auth i… Tom Herbert
- [tsvwg] Re: Request for consensus call for Auth i… touch@strayalpha.com
- [tsvwg] Re: Request for consensus call for Auth i… Christian Huitema