[Cryptography] ALPACA
Christian Huitema
huitema at huitema.net
Fri Jun 11 20:35:44 EDT 2021
On 6/11/2021 5:28 AM, Peter Gutmann wrote:
> Jerry Leichter<leichter at lrw.com> writes:
>
>> The paper points out that the entire technique can be avoided if the web site
>> uses SNI*and marks SNI as required*.
> You don't even need SNI, the solution is in the certificate via the
> extKeyUsage extension. However as with SNI it's widely ignored, and just as
> widely set to garbage values.
The ALPACA attack works by redirecting a client connection for protocol
X to a server for protocol Y, so the that when interpreted as protocol X
the protocol Y messages create interesting side effects on the client.
This is exactly what application protocol negotiation via ALPN
addresses. If ALPN was widely deployed, the attack would no be possible.
It is probably not widely deployed yet, but that is coming because ALPN
is pretty much the new port number. That was in any case the experience
during the early deployment of QUIC. Several servers would be supporting
multiple application layer protocols on top of QUIC/TLS, and using the
ALPN to connect to the specified protocol. Unknown ALPN would result in
a connection failure. If everything runs on port 443, expect to see ALPN
used to demux multiple applications, from HTTP to DNS, VPN, etc.
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210611/6ea64163/attachment.htm>
More information about the cryptography
mailing list