IETF Logo Mail Archive

Re: [tsvwg] Regarding DTLS and UDP options

Tom Herbert <tom@herbertland.com> Tue, 18 April 2017 18:16 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E922A1292F4 for <tsvwg@ietfa.amsl.com>; Tue, 18 Apr 2017 11:16:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id leJsBScYDg9u for <tsvwg@ietfa.amsl.com>; Tue, 18 Apr 2017 11:16:55 -0700 (PDT)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68989126E01 for <tsvwg@ietf.org>; Tue, 18 Apr 2017 11:16:55 -0700 (PDT)
Received: by mail-qt0-x232.google.com with SMTP id g60so815014qtd.3 for <tsvwg@ietf.org>; Tue, 18 Apr 2017 11:16:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=grGYfphP6kb7Wj5CPRHsyS8Hg4SSNQCMI8+34fanYSQ=; b=NaXolWL66IkIpT33iRk32xuvmXLfU9wvYShUqBFEHtXEl9svh5DFB9eISdS2fYjeCi GvpBaMcwh+u4OnNEM+haOYmdoc4bbxKTYKs1iGIydgIUtD/uyI2lSlhF/LaEf7A/zAkX eyIlNJNVtP7P63iAqlpFuCXsMZTev/HuG8zWBR7KDwaBUnzbTtcShM8krb2uto4Bxqbo TW5OGB1ubKDceHYDQJdvguWQEJSOkoAFdABJZhYkJJCFWQemtKEp2xm9fqeRi6bl4Y1R n+xfAv6xbAWjE60DM6jJpK2RzG3XgpwXqfZ/iGKyuXoGTSkiHLZc+Zo4KL6Q+l+Cmiss REJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=grGYfphP6kb7Wj5CPRHsyS8Hg4SSNQCMI8+34fanYSQ=; b=UArf4DM42L7AIjFkO0Fa8QFKNAIhzYOOuxeOt3MdVdvzyuY9vBo6lGDmPe+c8en5jq x0tiY6DfsVVMWgG8DihgH7JVl9J5O72T28No+HI/NDvT7WIIXtxIbwBmhnw3Vb1e3kBD pWsvtRRYDdeRbpHl45gQBAgNiOWPVhkyQktTi6Rz5k4rlLT7nuVJ60Bp9KFfFRHHIE8A 9b7b7kmTC3uhIU1zGLf5MgY4PX/CYPJkboBsnyTfrRKUu+QuqL3LUZbz/jFwnX5z+Dyb WXJciSuthU9VGHetM2odkJWZ5Y8kd+yP+qGGLdaIwXbcPQRRloUz/IxI9BzXb3SIYxC1 XeJQ==
X-Gm-Message-State: AN3rC/4NYRghX8cUcQCLeqkWly+2QFb5pNitgiiIavQlRy9ukd43+bAL X5im7NTlbNpt40nZV/Q5YBN3OMLpiw==
X-Received: by 10.200.45.122 with SMTP id o55mr15211677qta.203.1492539414537; Tue, 18 Apr 2017 11:16:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.97.10 with HTTP; Tue, 18 Apr 2017 11:16:53 -0700 (PDT)
In-Reply-To: <cf24acdf-002c-f6ed-de20-d1193ea229a3@isi.edu>
References: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com> <CACL_3VFkr3mGe-yTbvHrTZcKVCpEv3FeSOyoShUxCK5+9Tdqqg@mail.gmail.com> <c79fe3d0-8567-ea7d-72fc-bd33732df60e@isi.edu> <CACL_3VHmoCSo23OWqQFq7upw749CqMK7iazXrBKZARzwbzY5mw@mail.gmail.com> <f97f08d4-0070-437a-e22a-8782497c76eb@isi.edu> <4e36af95-84c3-bc7e-b18a-614f8bfab662@isi.edu> <58F48403.8080302@erg.abdn.ac.uk> <a0f656e8-e847-db54-6046-2078364d428b@isi.edu> <CALx6S36HYHdbGoJHNb+mVY6reu9RLikLxDJqrPgwO9tF1EfSgQ@mail.gmail.com> <8b1829ba-4e8d-5ee1-e24c-f42962f47dde@isi.edu> <CALx6S36=7KbTtv9QNUBTg6gPYQQighsPD_+mWNc=wUQTX70VBQ@mail.gmail.com> <8378ae17-c023-25a2-76e7-07b858916849@isi.edu> <CALx6S35chiqMtqKa+zahfZnLZrQzfYUF7D9m0QGbkwFVpRwHag@mail.gmail.com> <bfc36611-6817-fbf9-a9c7-5bdde179b665@isi.edu> <CALx6S34qAh0mXGi8nuRtTiorf_1TE4V0NQ1QhqCcW0hmxOgc-Q@mail.gmail.com> <58F5C07C.4000707@erg.abdn.ac.uk> <CALx6S35N5WYvPHzTNo+trUecGgFPWv+xyXu4uampijc2w=DoSw@mail.gmail.com> <cf24acdf-002c-f6ed-de20-d1193ea229a3@isi.edu>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 18 Apr 2017 11:16:53 -0700
Message-ID: <CALx6S349mwFhZ6-2tmLjPLPz4YcX6efoZckRiEPW3y4A3nKKjA@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Cc: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/kVxIh2ZUPSiU_asG6sI5yXOsQ7s>
Subject: Re: [tsvwg] Regarding DTLS and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 18:16:57 -0000

>> A related concern I have is around security and whether ambiguity can
>> be exploited. For instance, someone could easily forge a UDP fragment
>> using the UDP option. If a device supports UDP options they will
>> interpret this as fragment, if they don't they will see this as plain
>> UDP packet. This are very different interpretations of the same bits
>> however both devices could claim protocol conformance-- that's a
>> potential problem. This becomes a real problem if the ambiguity can be
>> somehow exploited to bypass security.
> UDP packets and TCP packets can already be forged.
>
> If that's your concern, you need to use true transport-layer or network
> layer security.
>
1) Yes, that is my concern. UDP is already dicey in terms of security,
the risks introduced with these extensions needs to be thoroughly
vetted before I'd ever deploy in my network
2) It can't be a requirement to turn up security everywhere just to
use UDP options
3) My example is a contrived attack against the new protocol that
might be deployed, the mitigations to defend such an attack should be
part of the protocol not deferred to some other layer

> And endpoints can claim conformance all they want; forged packets are
> already noncompliant. No protocol is robust to forged packets except
> those that support authentication or encryption.
>
That's misses the crux of my argument. In my example, an attacker
forged a packet with can be "correctly" interpreted as either fragment
or a non-fragment. Which interpretation depends on the node that
processes it (sort of a Copenhagen Interpretation for network
protocols I suppose :-) ). But a packet cannot simultaneously be a
fragment and a not fragment, that is nonsensical (packets don't have
duality in this instance). This must be considered an error condition.
This ambiguity does not occur in IP or IPv6 and has been introduced by
the protocol specification not incorrect implementation. It's unlikely
in practice that this would cause problems, however, as I mentioned
above, if this can be exploited as a security vulnerability that will
be a concern of mine.

I thought a one point there was the idea that the UDP checksum would
be incorrect so that in the case I describe above a fragment would be
dropped and not misinterpreted by a node that doesn't support
fragments. Is there a reason that wouldn't work?

Tom

v2.23.0 | Report a Bug | By Email