IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt

mohamed.boucadair@orange.com Thu, 06 January 2022 08:25 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CAEB3A0D22 for <tsvwg@ietfa.amsl.com>; Thu, 6 Jan 2022 00:25:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7oHV_K07jbKA for <tsvwg@ietfa.amsl.com>; Thu, 6 Jan 2022 00:25:12 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 985673A0D1C for <tsvwg@ietf.org>; Thu, 6 Jan 2022 00:25:12 -0800 (PST)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr25.francetelecom.fr (ESMTP service) with ESMTPS id 4JTztZ193JzCrG5; Thu, 6 Jan 2022 09:25:10 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1641457510; bh=SZZAFtTMEzUjrRNVkQu6B28bmE2SPpRkDD9GXNhE9o0=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=l0L4RFFhz8rX/T+CQNB1yiWUqWneiIgKqchwS0KE3TyYZBMUtvJQzoZvNoy7t62dh +HcxYkpeqocYvg9uSBnWT3IDT0OpkdxkoOS4MzdXtKZ/jJ7Fun7AuXJFhEGxWoSScK jLRY0zjJvO6dEnNFBfqPrs6qKN5TsxNIJghz+aZxJ0gFBF4KSwS6rZ/kNmhxY3q6qv OaNfALLLzr/yHqd13o3KKsQT45nIPHqA+/+DHaSisDLZeF78fZfEx85cvS3xgSwupS 4s41ZT7cmSH5FujXjMMZQbNQaehrssnylPro2kNcsIE9H8jFkk2B++LXrlMQPqvkzh aT4nv2MQcf6wQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr01.francetelecom.fr (ESMTP service) with ESMTPS id 4JTztZ0LT2zDqJ8; Thu, 6 Jan 2022 09:25:10 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
CC: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
Thread-Index: AQHX8A1/Rhb2d4rstUiGiZQ8n2rW+KxVwxnw
Content-Class:
Date: Thu, 06 Jan 2022 08:25:09 +0000
Message-ID: <12053_1641457510_61D6A766_12053_68_1_787AE7BB302AE849A7480A190F8B93303546EB95@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <163785494316.17506.9044882518269944059@ietfa.amsl.com> <24268_1638965971_61B0A2D3_24268_138_1_787AE7BB302AE849A7480A190F8B933035460D95@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <250f239f-edeb-eaab-d67f-92c672d78a77@erg.abdn.ac.uk> <22260_1639058448_61B20C10_22260_249_1_787AE7BB302AE849A7480A190F8B933035461A08@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <bbc7a30d-1bff-9c91-9694-7440f840d8fc@erg.abdn.ac.uk> <16146_1639063425_61B21F81_16146_169_1_787AE7BB302AE849A7480A190F8B933035461B80@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <27f3b079-f470-9f37-5d31-8428bf72b0c9@erg.abdn.ac.uk>
In-Reply-To: <27f3b079-f470-9f37-5d31-8428bf72b0c9@erg.abdn.ac.uk>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-01-06T07:47:25Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=2293cf66-d3eb-43cd-8bd2-578e3122c46f; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/tb1NS83aTuZIFMwV9aHRqMt8kIw>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2022 08:25:18 -0000

Hi Gorry,

Thank you for the clarification. 

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : Gorry Fairhurst <gorry@erg.abdn.ac.uk>
> Envoyé : lundi 13 décembre 2021 11:38
> À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
> Cc : tsvwg@ietf.org
> Objet : Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-dplpmtud-
> 02.txt
> 
> On 09/12/2021 15:23, mohamed.boucadair@orange.com wrote:
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> >> -----Message d'origine-----
> >> De : Gorry Fairhurst <gorry@erg.abdn.ac.uk> Envoyé : jeudi 9 décembre
> >> 2021 15:48 À : BOUCADAIR Mohamed INNOV/NET
> >> <mohamed.boucadair@orange.com> Cc : tsvwg@ietf.org Objet : Re: I-D
> >> Action: draft-ietf-tsvwg-udp-options-dplpmtud-02.txt
> >>
> >>
> > [snip]
> >>>> This I wonder - if really this is necessary that all probes carry a
> >>>> random nonce, in the past we have managed with sequentially
> >>>> numbered probes - initialised with a hard to guess value
> >>> [Med] If you have the initial random value close to the nonce bounds
> >>> (0,
> >> 2^32 - 1), randomness does not add much because of nonce wraps
> >> around. A more efficient approach to prevent off-path attacks is to
> >> use random nonces per request.
> >>
> >> GF2, Well I see the sender generating a sequence of probes...
> >> probably not many per RTT, and each carries a RES option and the
> >> nonce. An off-path attacker will find it hard to guess a random nonce.
> > [Med] Fully agree if the nonce is always random.
> >
> >> Probes need to be indentifiable uniquely in the case of path
> >> reordering or
> >> (unlikely) duplication. I'm suggesting successive probes could be
> >> numbered sequentially, to achieve this - but you could also use a PN
> >> sequence or whatever means to achieve uniqueness.
> > [Med] I thought you were suggesting that a given sender will generate a
> nonce once, and then sequentially increment it when it has to send a REQ.
> 
> GF3: I'm suggested that I think this is OK to provide off-path attack
> protection. Without knowledge of the starting value of the token/nonce, an
> attacker is statistically unable to forge a packet that  causes the sender
> to react,
> 
> An on-path attacker can see any plaintext token/nonce and could forge such
> a pacekt, however this attacker can also see the probe requests, and could
> forge an apparently valid response or ICMP PTB packet or selectively drop
> probe packets - all of which would change the sender state. This could
> potentially force a reduction in the packet size - and with some effort
> could black hole the traffic. An on-path device can always do this -
> without attacking DPLPMTUD.
> 
> >   I think this is suboptimal compared to generating a random nonce to
> uniquely identify each REQ. Sequentially incrementing the nonce may not be
> a good guard especially if a host sends regulars probes to check an
> increase of the PLPMTU (the draft says, this happens "From time to time").
> 
> GF3: I'm not sure this add much protection - if someone really wants
> protection from on-path attacks, then the design could use an encrypted
> probe packet contents to avoid mis-directing the search logic - (but still
> on-path devices could selectively drop). A downside is that this makes the
> implementation at the sender more complex - where it might need to
> maintain a list of currently valid nonce/tokens to accommodate delay and
> reordering by the path.
> 
> Still, the current proposal does not constraint any way to select a valid
> nonce/token for each probe, so you could still do that within the spec.
> 
> I may have misunderstood or have missed something else, if so, do let me
> know.
> 

[Med] The attack I had in mind is a misbehaving node that is on-path for a first probe query from a sender. That misbehaving node can then easily guess the nonce for subsequent probes from that sender even if these probes are not transiting via the misbehaving node (off-path attack).

> >
> > I don't think a sequence number is needed with a 4-byte nonce.
> GF3: I agree - we need tro uniguely identify probes, this can be done
> using the 4-byte field.

[Med] ACK.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email