[Anima-bootstrap] GRASP and BRSKI

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 14 September 2016 02:18 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3935512B173; Tue, 13 Sep 2016 19:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpOtVR33lCir; Tue, 13 Sep 2016 19:18:05 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74A1212B128; Tue, 13 Sep 2016 19:18:05 -0700 (PDT)
Received: by mail-pa0-x232.google.com with SMTP id id6so161956pad.3; Tue, 13 Sep 2016 19:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:organization:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=lII9quktdeEIhzU+YqTxAvvA2j3/KMMVFQRiqVlJR4U=; b=kKsLLct+51hTypDMFa68i+X6T0xu5R/Fpvy8r7HU/3Lm9Kx3J1DNjqJYyr46khHsCy YOaKFj5+m2Mn0ed3uzUL8BLtm10WQZaFlgtnFwz3p5PkTOVHLnVawG+SF5gypILZcbF4 XAaAos//fJcIbRJXI/yR1G3DnbB8tuDLlTY/qb3iIEwdppGusj3YBcj7F2PDSYrvMf6k 1gPsHu7DwxB53M3MPWDRJQvwZGgEZgvXsAJnbleGok/Yk4jBO6BKVV+6nygENgG41d/E u0qCEt1TvYvzvudmVkdD4WL4VI1Gtwj+Yctfb8YsWF2kWpVVj2CC9BPNfPjbv9oO1qZX /APQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:from:organization:subject:message-id:date :user-agent:mime-version:content-transfer-encoding; bh=lII9quktdeEIhzU+YqTxAvvA2j3/KMMVFQRiqVlJR4U=; b=dvQlBoMQbLUqtHKMsuSj/GCfjjTCiZf42JzhxRlCwQuRVQ25DMQpZWvm3ewW6LF+In fbEr2OPXB8G8CM7GMuGPjuQfaOPfVukSxB3t42/XRyQgqxOryiHhQhCsp8qlxdhuGpMk hZN4NpQhCcmyGScRtOvpXyLT6cmHHKlZAQI1xqWSJU3D4gGk/LI7hx4f5g3X7t1u3LnP gqCh6h/JN/09rthRpnFCeYVHUuJaZJczwZf0E9/6eb+Fzu69vY1w2Djd3mu05QLORsOx VOt7wqO0JSkFsE4xMWpvTjr5stIAfd7lNtdVIslh/bWm4saLOqwixPi9afcmneZqB/Wb bYlA==
X-Gm-Message-State: AE9vXwOkMweKdiOEIRkxiIrHNUfMPIu9Rj61EAxytS1cv7JqT75t8Ed6qQKh8FhneFaVVw==
X-Received: by 10.66.43.82 with SMTP id u18mr258884pal.28.1473819484818; Tue, 13 Sep 2016 19:18:04 -0700 (PDT)
Received: from ?IPv6:2001:df0:0:2006:c0da:ac17:5f6d:8e76? ([2001:df0:0:2006:c0da:ac17:5f6d:8e76]) by smtp.gmail.com with ESMTPSA id tj5sm1103323pab.37.2016.09.13.19.18.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Sep 2016 19:18:03 -0700 (PDT)
To: Anima signaling DT <anima-signaling@ietf.org>, anima-bootstrap@ietf.org
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <eaffc0e2-5c10-d742-2eec-2561dc6772de@gmail.com>
Date: Wed, 14 Sep 2016 14:18:04 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/a4lU0CbLxI9h8xWZbnj1-p756Hc>
Subject: [Anima-bootstrap] GRASP and BRSKI
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 02:18:07 -0000

(apologies for any duplicates)

I've been playing around to verify that GRASP as currently
defined can support the secure bootstrap discovery requirements
(i.e. proxy discovering registrars, and joining node (pledge)
discovering proxies).

I think we agreed that a registrar should broadcast its presence
(by flooding out its coordinates across the AN), so that's
what I modelled.

Toerless wanted to emulate the priority/weight parameters
available in mDNS and to know the distance (hop count) to each
registrar. I included that; it would be easy to remove.

There seemed to be some lack of consensus about whether pledges
should broadcast their presence (by sending a link-local discovery
multicast) or whether the proxy should broadcast *its* presence
(by flooding out its coordinates on-link). I modelled both methods.
The bootstrap team does need to choose.

Pledge broadcasts:
- pledge has to do two steps [discover() and synchronize()]
instead of one [get_flood()].
- on-link attacker knows that the pledge exists and (knowing its
address) might be able to intercept its subsequent unicast BRSKI
messages if promiscuous mode is possible.
- nothing stops an attacker from discovering the proxy by acting
like a pledge and then attacking it directly.

Proxy broadcasts:
- on-link attacker will not be told that a pledge exists (but might
still be able to intercept its unicast BRSKI messages if promiscuous
mode is possible).
- nothing stops an attacker from attacking the proxy directly.

Running code, of a sort, is at
https://www.cs.auckland.ac.nz/~brian/graspy/brski/

Please start with the README file.

Regards
   Brian