Re: [xmpp] IQ Handling vulnerabilities

Dave Cridland <dave@cridland.net> Mon, 10 February 2014 20:22 UTC

Return-Path: <dave@cridland.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D67931A046A for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 12:22:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.778
X-Spam-Level:
X-Spam-Status: No, score=-0.778 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_44=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJ-Ofl_XdNpe for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 12:22:25 -0800 (PST)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 7F9051A047C for <xmpp@ietf.org>; Mon, 10 Feb 2014 12:22:23 -0800 (PST)
Received: by mail-ob0-f177.google.com with SMTP id wp18so7814777obc.36 for <xmpp@ietf.org>; Mon, 10 Feb 2014 12:22:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zUjqFfRFunXVFQEEpolYJicoeKnUNX8YJ582KhjPXtk=; b=Kq1hpH3GhR66OUjlj8nb2e7PVtMgzfgX/G9o+gkdLg4m3NALW0MwMcAF2EvCaJZIQk ZTfNgXi5Y5tqWNS+6ZXH1UZAvMPRV8RKln4n9zKTKA+vt0oUsx6cF07Gqqq5+n3LkXo4 Nj+tq6YJX+Oyn59ysTHBELYl6LjB8sNQ4M8zs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=zUjqFfRFunXVFQEEpolYJicoeKnUNX8YJ582KhjPXtk=; b=LnMzm4vu5GUFoGMmTpQF9+d9eigISLZEAtBMaMrqBvYGMdwUGGA3deDVbyzyIPQ6OT 4C8Zj7EaOXxGO1qFaUlZNCiJi5k1Q8IM+QHqVPPzdAbtltMkA+4M69M0XPMkr/yq5g2e d4bKZOOyQO1IZ88YgQSh5hVDQ0CXTY9EVyP7Okqk+Ae674ZWSl2fsuN0CUDWmBAe2PF9 4sD2lxZwBhH5w5n8CNs0R26QG7qFo/98pl6En9TDnwnzeH2bc52tFHfc0ExZ5/G+OhAR RryZ5E9ELumtLwSTFUHD6l3ia+tBGgjspGpPWGUTwD7hlE9RhjLuy/nA0TDquZ8KUmZR Yv+Q==
X-Gm-Message-State: ALoCoQkCksCiBrlOIpvzmOea8HRL52g19WrzEYlm6rsZMzGmdAotT/EuqVTcO1Lk30OXeM/VR7sI
MIME-Version: 1.0
X-Received: by 10.60.134.200 with SMTP id pm8mr8263487oeb.40.1392063743008; Mon, 10 Feb 2014 12:22:23 -0800 (PST)
Received: by 10.60.55.138 with HTTP; Mon, 10 Feb 2014 12:22:22 -0800 (PST)
In-Reply-To: <CF1E771D.38FA7%jhildebr@cisco.com>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <CF1A4928-54B5-4A95-9A4B-0EC572A3CDBD@cisco.com> <CF1E56C5.38F45%jhildebr@cisco.com> <1078DA63-EB0B-4724-A4DA-BA1B5C4FE4EC@xnyhps.nl> <CF1E771D.38FA7%jhildebr@cisco.com>
Date: Mon, 10 Feb 2014 20:22:22 +0000
Message-ID: <CAKHUCzzv0Eeh6mnohci4apsAMsajHHJ7oszikeLQZtpkPQiucw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Content-Type: multipart/alternative; boundary=047d7b417831e8919504f213184b
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 20:22:27 -0000

On Mon, Feb 10, 2014 at 7:33 PM, Joe Hildebrand (jhildebr) <
jhildebr@cisco.com> wrote:

> Or add a nonce to each round:
>
> nonce = crytpo_rand()
> start = sha1(nonce + crytpo_rand())
> start+1 = sha1(nonce + start)
>
> Regardless, there exist solutions.
>

At the risk of diving into what's quite clearly a bit of a bikeshed at this
point...

I wondered whether there's value in going a step further. What if an entity
constructed ids based on a random per-session key, the original "to" value,
and a suitable salt (which itself need not be cryptographically random),
such that the id was the salt followed by a (truncated, probably) HMAC
result as follows:

id = salt + hmac(salt + to, session-key)[0:10]

That way, on receipt of such an id in an iq response or error, the sender
could validate the id somewhat securely?

I suspect a single session-key is a little simplistic; but that's easy to
adapt.

The advantage here isn't really in the <iq/> case we've been mostly
discussing, but the other cases of a returned id - since we don't want to
track outbound directed presence, or message, ids for an arbitrary length
of time. (I assume).

Dave.