IETF Logo Mail Archive

Re: [babel] Mirja Kühlewind's Discuss on draft-ietf-babel-dtls-07: (with DISCUSS and COMMENT)

Mirja Kuehlewind <ietf@kuehlewind.net> Wed, 14 August 2019 14:52 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA58E120922; Wed, 14 Aug 2019 07:52:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDmL9rXgccTv; Wed, 14 Aug 2019 07:52:32 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6406012091D; Wed, 14 Aug 2019 07:52:32 -0700 (PDT)
Received: from [129.192.10.3] (helo=[10.149.1.218]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hxudW-0001cK-S3; Wed, 14 Aug 2019 16:52:26 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <87mugjo9wa.wl-jch@irif.fr>
Date: Wed, 14 Aug 2019 16:52:25 +0200
Cc: babel-chairs <babel-chairs@ietf.org>, Babel at IETF <babel@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>, The IESG <iesg@ietf.org>, David Schinazi <dschinazi.ietf@gmail.com>, draft-ietf-babel-dtls@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <13919FCC-9655-4B31-BC87-D33C963C82C4@kuehlewind.net>
References: <156518163926.8337.14198016212015161206.idtracker@ietfa.amsl.com> <CAPDSy+5mjQOj7qvvW+L-tYiP=Oet-QKf=FqjxzgxFw7YgabgtA@mail.gmail.com> <A9C9E93D-BBE1-4307-A47D-0E90006B3EC9@kuehlewind.net> <87a7cjq53f.wl-jch@irif.fr> <110AD4FB-186C-4C87-8BAF-7D8F4A04BC6F@kuehlewind.net> <87mugjo9wa.wl-jch@irif.fr>
To: Juliusz Chroboczek <jch@irif.fr>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1565794352;becd471c;
X-HE-SMSGID: 1hxudW-0001cK-S3
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/GgugMcFjh_9TSf7JMzIyEc5CIRk>
Subject: Re: [babel] Mirja Kühlewind's Discuss on draft-ietf-babel-dtls-07: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2019 14:52:35 -0000

Hi Juliusz, hi David,

(Only replying to this mail because it, I think, also covers a reply to David’s last mail.)

Thanks for the detailed explanation. I believe the underlying problem is that in this approach the Hello is not authenticated. However, I understand that changing this part, even though it could be desirable, is much more complex and using a fixed port might indeed be the simplest solution right now.

I will clear my discuss now, however, I would after all appreciate to have more  documentation in the draft why this solution was select and, more important, what limitations other approach have.

Mirja


> On 8. Aug 2019, at 19:16, Juliusz Chroboczek <jch@irif.fr> wrote:
> 
>>> Could you please explain what happens if an attacker sends out 65535
>>> spoofed multicast Hellos indicating 65535 distinct ports?
> 
>> You maybe rate limit DTLS connection attempts…?
> 
> That's not the issue I had in mind.  What I'm concerned about is that
> you're suggesting to use an unauthentifed TLV to negotiate DTLS connection
> parameters.  That cannot go well.
> 
> Let A and B be honest nodes, and C an attacker.  In the current protocol:
> 
>    A -> multicast: Hello
>    C spoofing A -> multicast: Hello
>    B -> A(well-known port): DTLS ClientHello
> 
> The DTLS connection succeeds even though C spoofed a Hello from A --
> a Hello is a Hello, even if it was spoofed.  In your suggested protocol:
> 
>    A -> multicast: Hello, port=1234
>    C spoofing A -> multicast: Hello, port = 1235
>    C spoofing A -> multicast: Hello, port = 1236
>    C spoofing A -> multicast: Hello, port = 1237
>    ...
>    B -> A(which port?)
> 
> Since B has received a bunch of Hellos ostensiby from A announcing
> different ports, it cannot reliably locate the one that's correct.  An
> on-link attacker can trivially DoS any node of its choosing.
> 
> What is more:
> 
>  - You can no longer identify Babel traffic -- it's just encrypted DTLS
>    with random ports.  What does that mean from a management point of view?
> 
>  - An attacker can cause any Babel node to send a DTLS ClientHello to an
>    arbitrary IP and port.  What consequences does that have for the
>    security and DoS-resistance of unrelated protocols?
> 
> Mirja, in the light of the above, you'll doubtless understand that we feel
> little motivation to spend time implementing your suggested protocol and
> experimenting with it.  (And this working group has been following the
> policy of implementing everythig and listening to implementation experience,
> a policy that we like and do not wish to change.)
> 
> -- Juliusz
>

v2.23.0 | Report a Bug | By Email