IETF Logo Mail Archive

Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls

David Schinazi <dschinazi.ietf@gmail.com> Wed, 07 August 2019 16:59 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5949312068D for <babel@ietfa.amsl.com>; Wed, 7 Aug 2019 09:59:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCslBn_L_5yb for <babel@ietfa.amsl.com>; Wed, 7 Aug 2019 09:59:33 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35BC61200F8 for <babel@ietf.org>; Wed, 7 Aug 2019 09:59:33 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id i21so6905147ljj.3 for <babel@ietf.org>; Wed, 07 Aug 2019 09:59:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XHdl0S+yOnon2Ma3jhsdN9YNM9WQsjjFxkK8EubSNZE=; b=qjyw0+8642CCk7AnSoCBin995lhuXm36/qTESUeuYZff98uqBBr9JoC9gUv2yv1lc/ ArzlOwF1oOC8SN40Sw2p9884R3leE6Zj5gQ9OGGCWdG4I/NG64CDi19iFGvoMPqeYlOR +Rnjbrk+Gnqb+kQowRaSMVfRoGWmzN4SjuA7vwbzD5MSVYd5hJPChmjz81GeslQdclLu GhS7rs11ecM3MwKrZLKdE2yxH+g99R3gsjWhsDMzHkYTPpfc8/d09xU4FxP3tk3nD1Qi FHC83/jfZgZDsW6PKgxv/XfE6ED5XeP3Wxwi5RKOIonk0WeEDLEHwv/2lOLXLibzRRgs 48kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XHdl0S+yOnon2Ma3jhsdN9YNM9WQsjjFxkK8EubSNZE=; b=oHUR64KBpi2OdsOQOQR1hWuv4GtDn+95dG75wmVQgZY5dwr5vhYb/UQp7TqEoCx841 KUAvg9b6uXnnQfLUQJp8Hq/3ykTWIox8eLC8g+Ys5woh9qLmkdD/ICn1d7hThA6qNNOG dEI0ul/JBwtOAa2Oxw+ukjEU1N6ROf84n0VHA6FtNnnfuyosXy8bFOmyFTDRs9500fw+ 5RimBxhKfiTvgQV8CqRwXUkhYO3csGnV5gCalmSwSpLTIz7F7hnDNx3nsTvbcLXCaKNz ah6ySTRru+sgvsObDezgj1sbQVoFzzxCaOKNi3JSI5CQgf9VIH9VF5+nsAvt9ObV+o4k vIpQ==
X-Gm-Message-State: APjAAAWISVbC/8zYPz5XDg3c0VL44eVK9EpO/M4YcrU2qM4jCWlS0ob2 ashbaT94TKaCl5vRRLidnz5HuKd9qbZ1gvaItDE=
X-Google-Smtp-Source: APXvYqxXeqq1DrhCoIOEdhB0aN4I9Cc9POPWiSgeS4w5K3zOL1RYdePr/nMJ3ya/21Cm1LoAs97tJ2zX5bIxKLbr9Ds=
X-Received: by 2002:a2e:89c8:: with SMTP id c8mr5579117ljk.70.1565197171285; Wed, 07 Aug 2019 09:59:31 -0700 (PDT)
MIME-Version: 1.0
References: <156105440578.3118.4917846383408119793.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCFC76069@DGGEMM528-MBX.china.huawei.com> <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com> <87y305alt8.wl-jch@irif.fr> <CAGnRvupg9VK11h1Kk29u1EndAGj8xHa6BRuezk25_hUDkDNbgw@mail.gmail.com>
In-Reply-To: <CAGnRvupg9VK11h1Kk29u1EndAGj8xHa6BRuezk25_hUDkDNbgw@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 07 Aug 2019 09:59:20 -0700
Message-ID: <CAPDSy+7MoCdH8Yo59DyNV45rBxa8NgP-Wxt=2jFYkyJTJ0CkJQ@mail.gmail.com>
To: Henning Rogge <hrogge@gmail.com>
Cc: Juliusz Chroboczek <jch@irif.fr>, "Yemin (Amy)" <amy.yemin@huawei.com>, Antonin Décimo <antonin.decimo@gmail.com>, Martin Vigoureux <martin.vigoureux@nokia.com>, LucAndré Burdet <laburdet.ietf@gmail.com>, Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000065e129058f89ddd0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/2qTkii3rgcF2sZhw7jAjko-ihWE>
Subject: Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 16:59:36 -0000

I think this thread may have forked...

Henning's original email from July 5:
https://mailarchive.ietf.org/arch/msg/babel/_Jt5gfUMQbnPJFdfvR7HhqO6vSc

Juliusz and I replied shortly after:
https://mailarchive.ietf.org/arch/msg/babel/yNGgOauQHCp5EyMj8ivQxdTcdJI
https://mailarchive.ietf.org/arch/msg/babel/wZOOhPjOBK1xF6EsuxLTCdctcQE

And Juliusz sent a new reply yesterday to which Henning responded:
https://mailarchive.ietf.org/arch/msg/babel/vaJowPOfLBKblh5LYpwSstS7Ins
https://mailarchive.ietf.org/arch/msg/babel/cDvi0BzZoJXUo3TOpkq4YlfZvcY

To summarize the discussions in all these threads.

(1) Bidirectional reachability is protected by DTLS by requiring IHU to be
sent
protected, this reduces the security boundary of the protocol.

(2) We've added text documenting what to do when a node receives a new
connection, this prevents attackers from impacting the neighbor table

(3) We've added text discussing that different ciphers can have different
overheads and that needs to be taken into account when computing MTU

(4) An attacker can create state on a victim by creating many DTLS
connection attempts. We rely on DTLS's DoS prevention mechanisms
(such as cookies) to avoid these issues.

We've made changes to the draft from these comments, and they landed in
draft -07:
https://tools.ietf.org/html/draft-ietf-babel-dtls-07

Please let me know if I missed anything.

Thanks,
David



On Wed, Aug 7, 2019 at 3:57 AM Henning Rogge <hrogge@gmail.com> wrote:

> On Wed, Aug 7, 2019 at 1:58 AM Juliusz Chroboczek <jch@irif.fr> wrote:
> >
> > Hi Henning,
> >
> > Good to hear from you again.
> >
> > The two main authors of this draft appear to be on holiday, so I'll
> answer
> > your review to the best of my capacities.
> >
> > > Chapter 2.3:
> > > I wonder if using DTLS protected unicast Hellos should be mandatory...
> > > using unprotected multicast to determine bidirectional reachability
> > > looks like a good way to do a cheap denial ofa service attack.
> >
> > In Babel, bidirectional reachability is established by a Hello/IHU
> > exchange.  This document requires IHUs to be authenticated, therefore
> > bidirectional reachability will never be established with an attacker.
> >
> > However, this doesn't prevent DoS attacks:
> >
> >   - an attacker could send cleartext Hellos from spoofed addresses, thus
> >     causing the victim to create unbounded numbers of neighbour entries;
> >   - an attacker could send DTLS ClientHello packets from spoofed
> >     addresses, with a similar effect.
>
> As long as this "unverified" links are not used for global routing I
> would not be worried...
>
> you can never prevent a direct neighbor from doing a DoS.
>
> > Requiring an authenticated Hello is not workable, since an authenticated
> > Hello cannot be sent until after the DTLS handshake has completed.
>
> And there is also the point that DTLS and Multicast don't mix well...
>
> > This is somewhat mitigated by the fact that only packets from link-local
> > addresses are accepted (see Section 2.1 of this draft and Section 4 of
> > RFC 6126bis).  This is what the draft has to say on the subject (Section
> 5):
>
> >    A malicious client might attempt to perform a high number of DTLS
> >    handshakes with a server.  As the clients are not uniquely identified
> >    by the protocol and can be obfuscated with IPv6 temporary addresses,
> >    a server needs to mitigate the impact of such an attack.  Such
> >    mitigation might involve rate limiting handshakes from a given subnet
> >    or more advanced denial of service avoidance techniques beyond the
> >    scope of this document.
> >
> > I'm not happy with this either.
>
> I think some parts of this information could be useful for the
> Security Considerations section.
>
> Most people don't know BABEL that deep, so giving them some advise
> what has already been considered and what no is always good.
>
> > > Chapter 2.5:
>
> > > What happens when a node starts a new DTLS connection and there is
> > > already one in the neighbor table? This could both be an attempt to
> > > attack Babel, a reboot of a node or just a matter of misconfiguration
> > > of two nodes.
> >
> > Section 2.1:
> >
> >    If a node receives a new DTLS connection from a neighbour to whom it
> >    already has a connection, the node MUST NOT discard the older
> >    connection until it has completed the handshake of the new one and
> >    validated the identity of the peer.
>
> Sorry, missed that... good to see it has already dealt with.
>
> > > Chapter 3:
> > > Different pairs of nodes could select different ciphers, resulting in
> > > different MTUs. I assume this is no problem for Babel (could be
> > > mentioned in the chapter).
> >
> > I am not competent to answer this, we'll need to wait for David or
> > Antonin to resurface.
>
> Sure... I was away fore quite a while too after my post.
>
> Henning Rogge
>

v2.23.0 | Report a Bug | By Email