IETF Logo Mail Archive

Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls

David Schinazi <dschinazi.ietf@gmail.com> Wed, 07 August 2019 17:46 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314D11204AE; Wed, 7 Aug 2019 10:46:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NGOlUoUm8eh; Wed, 7 Aug 2019 10:46:17 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A201200F8; Wed, 7 Aug 2019 10:46:16 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id 62so59796812lfa.8; Wed, 07 Aug 2019 10:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7s9QQVLEvI1ekJKL6ePi1lHnloOmKw/fe+3KTySZ4Yg=; b=NOmlUywoCI2Y61hp/AthE0SsTE7LDhroS3t5ybdyU32MwjNS1S/3zW2UmdCbbo/Y87 NDK+G+PobYWzX/1O7Q5B9n0AhWM6rKg3r2FD8Q10FN0ZDxjRV8j+Bg5GOozrzDGAsQ8z ybnou6jV+SxgTN1j9zgr+us243roGwVD6dP3X19vWE1VxNIBBda4nZM0Y0G+rAn4ITEx pDEeHod1nHpk/ZDLwyR37FZWqjU06VRMYhO5TFGu4EJqdWCRWtuy3NeqF5f5bnFHaCUJ YRz1NAq5XTfMjT6BrA3PF7Z2aoo6qG3J4w2L7NFR8M0Yo30woS7hK5PaJxfklPinxSF1 LH+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7s9QQVLEvI1ekJKL6ePi1lHnloOmKw/fe+3KTySZ4Yg=; b=WrVyjW0xNupQJ3KI0JQUZf41RzBOKezdv+cSBqnkeHzRizDJtEG6EIRGxbZM9hCKMK chMaDuoQnJOFHc3cTTKoFCSmzZTUaDDGGQMxBLEJClzNkmXjZ5T25o9/jHpk+e2ZG/wq ZQ4moBiujuZEPYUbZjajvgoWeqgiMQ5vzsjBpfClJsMUmT51DFj/WqdMWunLN0R3O2Xv OeT2xGtjCIvduvI+tLPvTO5Z2vQP/Gw9TC+S5TZsWH/yksHgAzTYZLDgIdgJ2Q+dHrC1 tcL4w2ydOAfDvyEyLNogtCQKGhz0kRqUh2f0l3bUlhCpd/pdwpOMZhN2ZdZS7UcOZXf7 dMlw==
X-Gm-Message-State: APjAAAX9M9tmefCLnGOu4/x4KDY3u8fagjdEwI85OJ1Nxzm/LckrsHAy GShgI2JOPiQVxppU0fZzBlKPiekQ/gPPT3HduTg=
X-Google-Smtp-Source: APXvYqxE6LeeNIAuwYYi70Tghw1SnKN2Nx1JtC2kLZF7gbz9WvYin/Sppnq+RA9wVsF23rDGgnCPyGby1WAjyNg7VI4=
X-Received: by 2002:a19:428c:: with SMTP id p134mr5996508lfa.166.1565199974604; Wed, 07 Aug 2019 10:46:14 -0700 (PDT)
MIME-Version: 1.0
References: <156105440578.3118.4917846383408119793.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCFC76069@DGGEMM528-MBX.china.huawei.com> <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com> <87y305alt8.wl-jch@irif.fr> <CAGnRvupg9VK11h1Kk29u1EndAGj8xHa6BRuezk25_hUDkDNbgw@mail.gmail.com> <CAPDSy+7MoCdH8Yo59DyNV45rBxa8NgP-Wxt=2jFYkyJTJ0CkJQ@mail.gmail.com>
In-Reply-To: <CAPDSy+7MoCdH8Yo59DyNV45rBxa8NgP-Wxt=2jFYkyJTJ0CkJQ@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 07 Aug 2019 10:46:03 -0700
Message-ID: <CAPDSy+4yWf_=r9eD5ZcZzHkVhJwtAS1NV09rW2-NZjS8eSibtA@mail.gmail.com>
To: Henning Rogge <hrogge@gmail.com>, iesg@ietf.org
Cc: Juliusz Chroboczek <jch@irif.fr>, "Yemin (Amy)" <amy.yemin@huawei.com>, Antonin Décimo <antonin.decimo@gmail.com>, Martin Vigoureux <martin.vigoureux@nokia.com>, LucAndré Burdet <laburdet.ietf@gmail.com>, Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007d23d9058f8a8449"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/ZjchCwHFXWMu1dc0s2iQfEOeuhc>
Subject: Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 17:46:20 -0000

[Adding the IESG to this thread since there might be overlap between
conversations]

On Wed, Aug 7, 2019 at 9:59 AM David Schinazi <dschinazi.ietf@gmail.com>
wrote:

> I think this thread may have forked...
>
> Henning's original email from July 5:
> https://mailarchive.ietf.org/arch/msg/babel/_Jt5gfUMQbnPJFdfvR7HhqO6vSc
>
> Juliusz and I replied shortly after:
> https://mailarchive.ietf.org/arch/msg/babel/yNGgOauQHCp5EyMj8ivQxdTcdJI
> https://mailarchive.ietf.org/arch/msg/babel/wZOOhPjOBK1xF6EsuxLTCdctcQE
>
> And Juliusz sent a new reply yesterday to which Henning responded:
> https://mailarchive.ietf.org/arch/msg/babel/vaJowPOfLBKblh5LYpwSstS7Ins
> https://mailarchive.ietf.org/arch/msg/babel/cDvi0BzZoJXUo3TOpkq4YlfZvcY
>
> To summarize the discussions in all these threads.
>
> (1) Bidirectional reachability is protected by DTLS by requiring IHU to be
> sent
> protected, this reduces the security boundary of the protocol.
>
> (2) We've added text documenting what to do when a node receives a new
> connection, this prevents attackers from impacting the neighbor table
>
> (3) We've added text discussing that different ciphers can have different
> overheads and that needs to be taken into account when computing MTU
>
> (4) An attacker can create state on a victim by creating many DTLS
> connection attempts. We rely on DTLS's DoS prevention mechanisms
> (such as cookies) to avoid these issues.
>
> We've made changes to the draft from these comments, and they landed in
> draft -07:
> https://tools.ietf.org/html/draft-ietf-babel-dtls-07
>
> Please let me know if I missed anything.
>
> Thanks,
> David
>
>
>
> On Wed, Aug 7, 2019 at 3:57 AM Henning Rogge <hrogge@gmail.com> wrote:
>
>> On Wed, Aug 7, 2019 at 1:58 AM Juliusz Chroboczek <jch@irif.fr> wrote:
>> >
>> > Hi Henning,
>> >
>> > Good to hear from you again.
>> >
>> > The two main authors of this draft appear to be on holiday, so I'll
>> answer
>> > your review to the best of my capacities.
>> >
>> > > Chapter 2.3:
>> > > I wonder if using DTLS protected unicast Hellos should be mandatory...
>> > > using unprotected multicast to determine bidirectional reachability
>> > > looks like a good way to do a cheap denial ofa service attack.
>> >
>> > In Babel, bidirectional reachability is established by a Hello/IHU
>> > exchange.  This document requires IHUs to be authenticated, therefore
>> > bidirectional reachability will never be established with an attacker.
>> >
>> > However, this doesn't prevent DoS attacks:
>> >
>> >   - an attacker could send cleartext Hellos from spoofed addresses, thus
>> >     causing the victim to create unbounded numbers of neighbour entries;
>> >   - an attacker could send DTLS ClientHello packets from spoofed
>> >     addresses, with a similar effect.
>>
>> As long as this "unverified" links are not used for global routing I
>> would not be worried...
>>
>> you can never prevent a direct neighbor from doing a DoS.
>>
>> > Requiring an authenticated Hello is not workable, since an authenticated
>> > Hello cannot be sent until after the DTLS handshake has completed.
>>
>> And there is also the point that DTLS and Multicast don't mix well...
>>
>> > This is somewhat mitigated by the fact that only packets from link-local
>> > addresses are accepted (see Section 2.1 of this draft and Section 4 of
>> > RFC 6126bis).  This is what the draft has to say on the subject
>> (Section 5):
>>
>> >    A malicious client might attempt to perform a high number of DTLS
>> >    handshakes with a server.  As the clients are not uniquely identified
>> >    by the protocol and can be obfuscated with IPv6 temporary addresses,
>> >    a server needs to mitigate the impact of such an attack.  Such
>> >    mitigation might involve rate limiting handshakes from a given subnet
>> >    or more advanced denial of service avoidance techniques beyond the
>> >    scope of this document.
>> >
>> > I'm not happy with this either.
>>
>> I think some parts of this information could be useful for the
>> Security Considerations section.
>>
>> Most people don't know BABEL that deep, so giving them some advise
>> what has already been considered and what no is always good.
>>
>> > > Chapter 2.5:
>>
>> > > What happens when a node starts a new DTLS connection and there is
>> > > already one in the neighbor table? This could both be an attempt to
>> > > attack Babel, a reboot of a node or just a matter of misconfiguration
>> > > of two nodes.
>> >
>> > Section 2.1:
>> >
>> >    If a node receives a new DTLS connection from a neighbour to whom it
>> >    already has a connection, the node MUST NOT discard the older
>> >    connection until it has completed the handshake of the new one and
>> >    validated the identity of the peer.
>>
>> Sorry, missed that... good to see it has already dealt with.
>>
>> > > Chapter 3:
>> > > Different pairs of nodes could select different ciphers, resulting in
>> > > different MTUs. I assume this is no problem for Babel (could be
>> > > mentioned in the chapter).
>> >
>> > I am not competent to answer this, we'll need to wait for David or
>> > Antonin to resurface.
>>
>> Sure... I was away fore quite a while too after my post.
>>
>> Henning Rogge
>>
>

v2.23.0 | Report a Bug | By Email