Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Off-path and on-path (S 9.3.2) #3841

Closed
ekr opened this issue Jul 8, 2020 · 1 comment · Fixed by #3985
Closed

Off-path and on-path (S 9.3.2) #3841

ekr opened this issue Jul 8, 2020 · 1 comment · Fixed by #3985
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing

Comments

@ekr
Copy link
Collaborator

ekr commented Jul 8, 2020

I find the text in 9.3.3 confusing, because it says:

Unlike the attack described in {{on-path-spoofing}}, the attacker can ensure
that the new path is successfully validated.

This is odd because on-path attackers are generally regarded as stronger than on-path attackers. Why can't an on-path attacker complete this attack.
@MikeBishop
Copy link
Contributor

I think you're right that the text is confusing, if not quite incorrect.

An on-path attacker can rewrite a source address, causing an apparent migration, but can't cause path validation to succeed with that source address unless it is actually on-path from both endpoints to the spoofed addresses as well. An off-path attacker which can race packets successfully can cause migration with successful path validation to a path which includes it, becoming a limited on-path attacker.

This also feels slightly duplicative of 21.12.3; it might be worth condensing some text between these sections.

@LPardue LPardue added this to Triage in Late Stage Processing Jul 14, 2020
@martinthomson martinthomson added the editorial An issue that does not affect the design of the protocol; does not require consensus. label Jul 21, 2020
@project-bot project-bot bot moved this from Triage to Editorial Issues in Late Stage Processing Jul 21, 2020
martinthomson added a commit that referenced this issue Aug 5, 2020
@martinthomson
Strike confusing paragraph
89ac297 
This text could be read to imply that an off-path attacker is more
capable than an on-path attacker, which is rarely true.  What it was
meant to point out was that it is easier to move traffic onto a path
that you are on.  What it fails to acknowledge is that it is also easier
to move traffic *off* a path that you are on.

In other words, the treatment of this in 21.12 is more thorough and we
don't need to talk about limitations.

Mike suggested that there is some duplication between this attack and
the more comprehensive analysis in 21.12.  That is true, but these serve
different purposes.  This is to describe attacks and the normative
requirements on endpoints necessary to avoid them.  The other section is
a thorough and hollistic analysis.  I couldn't see any truly
straightforward changes.  That doesn't mean that we won't find a way to
clean this up, or that it would be undesirable to have fewer words, but
I've not the time for that right now.

Closes #3841.
@martinthomson martinthomson mentioned this issue Aug 5, 2020
Merged
Late Stage Processing automation moved this from Editorial Issues to Issue Handled Aug 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-transport editorial An issue that does not affect the design of the protocol; does not require consensus.
Projects
Late Stage Processing
  
Issue Handled
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Strike confusing paragraph quicwg/base-drafts
4 participants
@martinthomson @larseggert @ekr @MikeBishop