Re: [tsvwg] L4S and the RACK requirement
Bob Briscoe <ietf@bobbriscoe.net> Thu, 21 July 2022 14:43 UTC
Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCEBEC14F73F for <tsvwg@ietfa.amsl.com>; Thu, 21 Jul 2022 07:43:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.421
X-Spam-Level:
X-Spam-Status: No, score=-5.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.685] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BareiOh5QKoL for <tsvwg@ietfa.amsl.com>; Thu, 21 Jul 2022 07:43:09 -0700 (PDT)
Received: from mail-ssdrsserver2.hostinginterface.eu (mail-ssdrsserver2.hostinginterface.eu [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24159C14F75F for <tsvwg@ietf.org>; Thu, 21 Jul 2022 07:43:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=In-Reply-To:From:Cc:References:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jBTuB3zQaIr56jBZ7TrS3qa1OrnZO+TQOdyw6qLW7DA=; b=70A4SSVo8FgEZHn3h+lxWoCZgI N0y6KLqSHz3EggxJv2HTuaOg+px/rnzmW5+27AAOlMKWxiLDyD1J7UlYj6jALb3jfdIsyR9fPDis/ FEZSuNhmktZUyfuAGXSrS1DYwm+1R5Ut1ps+PjJ/4fLiOMoRuLuls0qAVETaKNiNAInsjcuHDrTRZ W8CdzVUpa78rjlJtvk6ED2/UHlkYNf2qjB6/wjUWP7V4x4/jH+qOjlO8aYJBy5i/GV5l+7guRIe4y Ax7G0XVWfoex/IfV3kMRV2nuyTdmQTzqGTdYQrkLpabk7+2xv1VNZ+K1EetZPK5eDxVaVgX2D6Mbw qY3gqMmw==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:35934 helo=[192.168.1.11]) by ssdrsserver2.hostinginterface.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <ietf@bobbriscoe.net>) id 1oEXOU-0003pz-Oa; Thu, 21 Jul 2022 15:43:07 +0100
Content-Type: multipart/alternative; boundary="------------OQ8EGuVfc3lnU1tEUoKCjgyr"
Message-ID: <5c1a723a-c9d8-4ac5-0c13-a8d2df62a52f@bobbriscoe.net>
Date: Thu, 21 Jul 2022 15:43:06 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-GB
To: Wesley Eddy <wes@mti-systems.com>, lloyd.wood@yahoo.co.uk
References: <fb6d2979-a6a4-b122-a90e-4a0732ee89fa@mti-systems.com> <1316285020.1534460.1550493368197@mail.yahoo.com> <a535883e-6812-1ca5-9ce2-c005d534a0ba@mti-systems.com>
Cc: Tsvwg IETF List <tsvwg@ietf.org>
From: Bob Briscoe <ietf@bobbriscoe.net>
In-Reply-To: <a535883e-6812-1ca5-9ce2-c005d534a0ba@mti-systems.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hostinginterface.eu
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hostinginterface.eu: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hostinginterface.eu: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/xrWdhVmjng-TbLyh0C2O5CFdD3k>
Subject: Re: [tsvwg] L4S and the RACK requirement
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2022 14:43:13 -0000
Wes, Lloyd, I'm dredging up this old 2019 thread, because a Security Directorate review just asked us to provide more background on these two lines in ecn-l4s-id that resulted from this thread. Specifically: The recommendation to detect loss in time units prevents the ACK- splitting attacks described in [Savage-TCP <https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-26#ref-Savage-TCP>]. Lloyd actually originally said "ACK-splitting and packet counting" attacks. Having looked into all three attacks in [Savage-TCP], I believe that detecting loss in time units (as opposed to ACK counting) doesn't prevent or mitigate any of them (details below). Lloyd might have meant attack #2 in the paper (DupACK spoofing). But that concerns how the CC guesses whether packets are leaving the network when it doesn't have any other info (i.e. no SACK). This is an orthogonal question to whether to use time rather than ACK counting to deem whether there has been a loss. So, it's not relevant to the point being made about loss-detection, so doesn't belong in this L4S draft. Therefore, we've decided to just remove these two lines from the draft (which Wes originally argued for on similar, but not quite the same, grounds). Details of the 3 attacks in Savage-TCP: #1 ACK division Description: The receiver exploits a sender's CC that increases cwnd by one segment per ACK rather than per SMSS bytes. Effect: The receiver causes the sender's CC to be more aggressive for its flow. Mitigated by RACK? *No* (anyway this attack was since mitigated by the byte counting (ABC) RFC) #2 DupACK spoofing Description: The receiver exploits the fast recovery algorithm that inflates cwnd by one segment for every 3 DupACKs received in addition to the first three that triggered fast-retransmit/fast recovery. Before an RTO timeout, the attacking receiver can move on to repeatedly DupACK'ing a later packet. Effect: The receiver causes the sender's CC to open cwnd indefinitely by continually repeating the same DupACK, without needing to acknowledge new data. Mitigated by RACK? *Not specifically.* RACK replaces the trigger for FR/FR (by counting in time not DupACKs). But RACK-TLP [RFC8985] doesn't say anything about whether fast recovery still increments cwnd every 3 DupACKs after that. And it doesn't need to, because this vulnerability in TCP fast recovery was already highlighted in the latest spec of fast recovery [RFC5681; §3.2; step 4] with a suggested mitigation. #3 Optimistic ACKing Description The receiver sends a stream of ACKs that anticipate future data Effect: The receiver causes the sender's CC to open cwnd more aggressively than the standard expects Mitigated by RACK-TLP? *No.* Bob On 23/02/2019 00:03, Wesley Eddy wrote: > On 2/18/2019 7:36 AM, lloyd.wood@yahoo.co.uk wrote: >> Am I the only person who remembers Savage attacks from ack splitting >> and packet counting? >> >> http://cseweb.ucsd.edu/~savage/papers/CCR99.pdf >> >> there's the support for the MUST NOT, at least. I's not the lack of >> scale that is the major issue there, it's being open to abuse. ack >> counting didn't work... >> > I think it's only sort-of related, but not really. > > The tricks described there are ways to get a sender to be overly > aggressive if it doesn't implement ABC (or other mitigations) so is > growing a congestion window based on units of packets rather than > bytes. The L4S requirement here is about retransmission / loss > detection though (reducing the window) happening based on units of > time vs packets (rather than bytes vs packets). > > > -- ________________________________________________________________ Bob Briscoehttp://bobbriscoe.net/
- [tsvwg] L4S and the RACK requirement Wesley Eddy
- Re: [tsvwg] L4S and the RACK requirement Yuchung Cheng
- Re: [tsvwg] L4S and the RACK requirement Black, David
- Re: [tsvwg] L4S and the RACK requirement Yuchung Cheng
- Re: [tsvwg] L4S and the RACK requirement Black, David
- Re: [tsvwg] L4S and the RACK requirement Scheffenegger, Richard
- Re: [tsvwg] L4S and the RACK requirement lloyd.wood
- Re: [tsvwg] L4S and the RACK requirement Bob Briscoe
- Re: [tsvwg] L4S and the RACK requirement Bob Briscoe
- Re: [tsvwg] L4S and the RACK requirement Yuchung Cheng
- Re: [tsvwg] L4S and the RACK requirement Wesley Eddy
- Re: [tsvwg] Linux DCTCP response to loss (was: L4… Bob Briscoe
- Re: [tsvwg] L4S and the RACK requirement Bob Briscoe
- Re: [tsvwg] L4S and the RACK requirement Neal Cardwell