IETF Logo Mail Archive

Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls

Henning Rogge <hrogge@gmail.com> Wed, 07 August 2019 10:57 UTC

Return-Path: <hrogge@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC65E1206A8 for <babel@ietfa.amsl.com>; Wed, 7 Aug 2019 03:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jf8KfbveYMSL for <babel@ietfa.amsl.com>; Wed, 7 Aug 2019 03:57:43 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82A761201E3 for <babel@ietf.org>; Wed, 7 Aug 2019 03:57:43 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id h28so63644106lfj.5 for <babel@ietf.org>; Wed, 07 Aug 2019 03:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5IpmvxEM0eBtGNW5Bu92nGuqGp4A74340U79zM8mrxo=; b=bgjI6MKAC0sx9qV4cGL+jfc+XkbDjcHw0cBaBM8hdTTKfPxE+35MLeeezRTFp1iu9i KN+eUVcy64dlYHe5h7UU4GseT4EYrfv5XwTbAVV44wFhBiape4nzj4XtP9iL7Pex+wcI toxzEqAfW96vNemnbnf5fdRgkvowJOQ/5Tsnlo3nnDngo/6q7r1vvOCJpdxJylg2HYZg G/axsTRcgsZFRrieJgwudJbneZ2NGaPrI0LrRvkMBLCvGXqmVSaUqtJ+VqfywK11wcdz 5pIFz9qrC3egk5GBAJ9hHV74mF7rBaRXwd4w76KeeScTCE3embF2MN617Nd/Foo9C41e nkxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5IpmvxEM0eBtGNW5Bu92nGuqGp4A74340U79zM8mrxo=; b=A0dAQPAYqXDvrOdnuIaG5/w5BUQEc85x3q+WwnmDRPb51s1snXE0/kuG1LScaAj7OW EJGrJxnrhMW3VH0+0l1GAtn2w3fG+pqAf/BLk0zroMeTYtwmBdVJmnJX/G+VgbfE2cVV 6endzKO5bRamKpmzPi1foKYdn4E/+FRSqSHGMd7UdoJJAzW33fLn3Vx/xeNFsgjfkokQ vjjyTdJmwuAAy49cseBvu12LVjNrqGUBko/KlvMTHjr6rislQwmFOQwai3QFtUQ2+qPA ALDCcY33w8GcvA+04zYicw1ibdQxsuYqNvt7UdFdBSjUm4Sou7bC+dRY3FHSRGah0wu2 XnKw==
X-Gm-Message-State: APjAAAWWFK5+7SCFbPjohziAmnF9OBqZBMenHn9xrtN/m1ZdiBbFbe4e fd40zeuLxGPWlPqbItuBwnv2X8lLfgiBwAlde68=
X-Google-Smtp-Source: APXvYqxzi4xUBC0pXAKlTadznk7e7o4a72fjFBVX05PeCyQ84QLRNS1mr9XExN/Zm2qbXQH8uSKAa2FbO45wwwRafmc=
X-Received: by 2002:ac2:5442:: with SMTP id d2mr5816557lfn.70.1565175461459; Wed, 07 Aug 2019 03:57:41 -0700 (PDT)
MIME-Version: 1.0
References: <156105440578.3118.4917846383408119793.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCFC76069@DGGEMM528-MBX.china.huawei.com> <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com> <87y305alt8.wl-jch@irif.fr>
In-Reply-To: <87y305alt8.wl-jch@irif.fr>
From: Henning Rogge <hrogge@gmail.com>
Date: Wed, 07 Aug 2019 12:57:14 +0200
Message-ID: <CAGnRvupg9VK11h1Kk29u1EndAGj8xHa6BRuezk25_hUDkDNbgw@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: "Yemin (Amy)" <amy.yemin@huawei.com>, antonin.decimo@gmail.com, dschinazi.ietf@gmail.com, Martin Vigoureux <martin.vigoureux@nokia.com>, LucAndré Burdet <laburdet.ietf@gmail.com>, babel@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/cDvi0BzZoJXUo3TOpkq4YlfZvcY>
Subject: Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 10:57:46 -0000

On Wed, Aug 7, 2019 at 1:58 AM Juliusz Chroboczek <jch@irif.fr> wrote:
>
> Hi Henning,
>
> Good to hear from you again.
>
> The two main authors of this draft appear to be on holiday, so I'll answer
> your review to the best of my capacities.
>
> > Chapter 2.3:
> > I wonder if using DTLS protected unicast Hellos should be mandatory...
> > using unprotected multicast to determine bidirectional reachability
> > looks like a good way to do a cheap denial ofa service attack.
>
> In Babel, bidirectional reachability is established by a Hello/IHU
> exchange.  This document requires IHUs to be authenticated, therefore
> bidirectional reachability will never be established with an attacker.
>
> However, this doesn't prevent DoS attacks:
>
>   - an attacker could send cleartext Hellos from spoofed addresses, thus
>     causing the victim to create unbounded numbers of neighbour entries;
>   - an attacker could send DTLS ClientHello packets from spoofed
>     addresses, with a similar effect.

As long as this "unverified" links are not used for global routing I
would not be worried...

you can never prevent a direct neighbor from doing a DoS.

> Requiring an authenticated Hello is not workable, since an authenticated
> Hello cannot be sent until after the DTLS handshake has completed.

And there is also the point that DTLS and Multicast don't mix well...

> This is somewhat mitigated by the fact that only packets from link-local
> addresses are accepted (see Section 2.1 of this draft and Section 4 of
> RFC 6126bis).  This is what the draft has to say on the subject (Section 5):

>    A malicious client might attempt to perform a high number of DTLS
>    handshakes with a server.  As the clients are not uniquely identified
>    by the protocol and can be obfuscated with IPv6 temporary addresses,
>    a server needs to mitigate the impact of such an attack.  Such
>    mitigation might involve rate limiting handshakes from a given subnet
>    or more advanced denial of service avoidance techniques beyond the
>    scope of this document.
>
> I'm not happy with this either.

I think some parts of this information could be useful for the
Security Considerations section.

Most people don't know BABEL that deep, so giving them some advise
what has already been considered and what no is always good.

> > Chapter 2.5:

> > What happens when a node starts a new DTLS connection and there is
> > already one in the neighbor table? This could both be an attempt to
> > attack Babel, a reboot of a node or just a matter of misconfiguration
> > of two nodes.
>
> Section 2.1:
>
>    If a node receives a new DTLS connection from a neighbour to whom it
>    already has a connection, the node MUST NOT discard the older
>    connection until it has completed the handshake of the new one and
>    validated the identity of the peer.

Sorry, missed that... good to see it has already dealt with.

> > Chapter 3:
> > Different pairs of nodes could select different ciphers, resulting in
> > different MTUs. I assume this is no problem for Babel (could be
> > mentioned in the chapter).
>
> I am not competent to answer this, we'll need to wait for David or
> Antonin to resurface.

Sure... I was away fore quite a while too after my post.

Henning Rogge

v2.23.0 | Report a Bug | By Email