Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
David Schinazi <dschinazi.ietf@gmail.com> Thu, 15 August 2019 16:01 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D7F1200D8; Thu, 15 Aug 2019 09:01:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNloHHp4sXJX; Thu, 15 Aug 2019 09:01:49 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477381200B7; Thu, 15 Aug 2019 09:01:49 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id b29so2004919lfq.1; Thu, 15 Aug 2019 09:01:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tpxb5DH3CsGCZacyMXf/0lNCQ+n8/C7JPBTwNLOvWJA=; b=HogQL1PTfd+5wg/UGsg2I5h379T1McBmmgnH0vkmaixAtwE/5/LcDVMPSco8mr/QBC /pa+ISfj0YCLEbKI0XvEqcbeUiA7hE76hMMU7yTyzt+g7O4CVfZ1gAmKE+ecPsoxNka1 kK7f1fDL1ZjeX3bdYStNjUEQfGDcu+cq/t92NninEoPUoQd3kra7fAxcPMRBBQDdv5pd c5pNvqXDgUs10Y6CP4eLAXbc4WoebdwmpnY+4biwpf8ddwkvqxDRWDMgqgxU2YXuZVLR 6cIsgB33Nj7ZB+nQXF6Di/p2I+yD6mq4+Zc0Zu4eDnLFL5pDHH0CetD3+S/7//U3OyKO I8Og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tpxb5DH3CsGCZacyMXf/0lNCQ+n8/C7JPBTwNLOvWJA=; b=czFBe8AcK6C5QvO62vL7EhlDVKswMFkR2A1UPhL3VlG4apsedywUz+xKvGLi0Kt34Q tER3VteOcgCwTPUpOlNsMfyMYhbLST5aRYrOadPhTbVmvct3p96r7f8vPBWAkXEE2W3+ mwF1CltmiQ/H+6573Qoi24GmaiB8jY1NS0V0i0PcXA93OU9fMhOyDvhlLv6fn8s6ZX3s CNOrPxPoV2x2dxI2ZQTeSMSlmDtA07g2wZxOC11xrV+kLompSOb8mRLrac77ZlAU7ngM xCkN2kJKCktFVD+gE5axvJsuSdReiAcVKF3KJlixCZOkOTb6jUDSQuT5H7ULMu0GE0WL mcbA==
X-Gm-Message-State: APjAAAVXqvCwl1ZzElpUEK6Gtn0BSNDjNCa3YwJggbqsjR9D1AWjdhM3 HUhwBFKnk2oLD5bB5oBGcrkPDhFJWVJBR481j0c=
X-Google-Smtp-Source: APXvYqxGjt0Yn9OSSM4UC7ySUctC1qJPF3K88q+I2N3ltl+6UY1Mx/ePUWrHAe8SEfhsRIi7/bTlDS4VpKpc26MoUHg=
X-Received: by 2002:a19:ec0c:: with SMTP id b12mr2801636lfa.107.1565884907375; Thu, 15 Aug 2019 09:01:47 -0700 (PDT)
MIME-Version: 1.0
References: <156105440578.3118.4917846383408119793.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCFC76069@DGGEMM528-MBX.china.huawei.com> <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com> <87y305alt8.wl-jch@irif.fr> <CAGnRvupg9VK11h1Kk29u1EndAGj8xHa6BRuezk25_hUDkDNbgw@mail.gmail.com> <CAPDSy+7MoCdH8Yo59DyNV45rBxa8NgP-Wxt=2jFYkyJTJ0CkJQ@mail.gmail.com> <CAPDSy+4yWf_=r9eD5ZcZzHkVhJwtAS1NV09rW2-NZjS8eSibtA@mail.gmail.com> <CAGnRvuq7qMzT9JiuXa0eS9GaQcvQc+0isb8RVVuMQ-HtuCDV1g@mail.gmail.com>
In-Reply-To: <CAGnRvuq7qMzT9JiuXa0eS9GaQcvQc+0isb8RVVuMQ-HtuCDV1g@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 15 Aug 2019 09:01:36 -0700
Message-ID: <CAPDSy+6HzTRCCLnirxs+hKLqD+Twtr-RM4o5q9KeNdTBf5Nr6w@mail.gmail.com>
To: Henning Rogge <hrogge@gmail.com>
Cc: The IESG <iesg@ietf.org>, Juliusz Chroboczek <jch@irif.fr>, "Yemin (Amy)" <amy.yemin@huawei.com>, Antonin Décimo <antonin.decimo@gmail.com>, Martin Vigoureux <martin.vigoureux@nokia.com>, LucAndré Burdet <laburdet.ietf@gmail.com>, Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a9d26d059029fd8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/eBTZl6GxPSk1kB4S9OFr2GO7ELM>
Subject: Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 16:01:54 -0000
Thanks for your helpful comments and for taking another look Henning! David On Wed, Aug 14, 2019 at 11:24 PM Henning Rogge <hrogge@gmail.com> wrote: > Hi, > > I have looked through the changes you made from draft-06 to draft 09 > and I think they help the draft a lot. It now spells out quite a few > common pit traps either explaining how to avoid them or explaining > what to expect. This is a good thing for a security document. > > Henning Rogge > > On Wed, Aug 7, 2019 at 7:46 PM David Schinazi <dschinazi.ietf@gmail.com> > wrote: > > > > [Adding the IESG to this thread since there might be overlap between > conversations] > > > > On Wed, Aug 7, 2019 at 9:59 AM David Schinazi <dschinazi.ietf@gmail.com> > wrote: > >> > >> I think this thread may have forked... > >> > >> Henning's original email from July 5: > >> https://mailarchive.ietf.org/arch/msg/babel/_Jt5gfUMQbnPJFdfvR7HhqO6vSc > >> > >> Juliusz and I replied shortly after: > >> https://mailarchive.ietf.org/arch/msg/babel/yNGgOauQHCp5EyMj8ivQxdTcdJI > >> https://mailarchive.ietf.org/arch/msg/babel/wZOOhPjOBK1xF6EsuxLTCdctcQE > >> > >> And Juliusz sent a new reply yesterday to which Henning responded: > >> https://mailarchive.ietf.org/arch/msg/babel/vaJowPOfLBKblh5LYpwSstS7Ins > >> https://mailarchive.ietf.org/arch/msg/babel/cDvi0BzZoJXUo3TOpkq4YlfZvcY > >> > >> To summarize the discussions in all these threads. > >> > >> (1) Bidirectional reachability is protected by DTLS by requiring IHU to > be sent > >> protected, this reduces the security boundary of the protocol. > >> > >> (2) We've added text documenting what to do when a node receives a new > >> connection, this prevents attackers from impacting the neighbor table > >> > >> (3) We've added text discussing that different ciphers can have > different > >> overheads and that needs to be taken into account when computing MTU > >> > >> (4) An attacker can create state on a victim by creating many DTLS > >> connection attempts. We rely on DTLS's DoS prevention mechanisms > >> (such as cookies) to avoid these issues. > >> > >> We've made changes to the draft from these comments, and they landed in > draft -07: > >> https://tools.ietf.org/html/draft-ietf-babel-dtls-07 > >> > >> Please let me know if I missed anything. > >> > >> Thanks, > >> David > >> > >> > >> > >> On Wed, Aug 7, 2019 at 3:57 AM Henning Rogge <hrogge@gmail.com> wrote: > >>> > >>> On Wed, Aug 7, 2019 at 1:58 AM Juliusz Chroboczek <jch@irif.fr> wrote: > >>> > > >>> > Hi Henning, > >>> > > >>> > Good to hear from you again. > >>> > > >>> > The two main authors of this draft appear to be on holiday, so I'll > answer > >>> > your review to the best of my capacities. > >>> > > >>> > > Chapter 2.3: > >>> > > I wonder if using DTLS protected unicast Hellos should be > mandatory... > >>> > > using unprotected multicast to determine bidirectional reachability > >>> > > looks like a good way to do a cheap denial ofa service attack. > >>> > > >>> > In Babel, bidirectional reachability is established by a Hello/IHU > >>> > exchange. This document requires IHUs to be authenticated, therefore > >>> > bidirectional reachability will never be established with an > attacker. > >>> > > >>> > However, this doesn't prevent DoS attacks: > >>> > > >>> > - an attacker could send cleartext Hellos from spoofed addresses, > thus > >>> > causing the victim to create unbounded numbers of neighbour > entries; > >>> > - an attacker could send DTLS ClientHello packets from spoofed > >>> > addresses, with a similar effect. > >>> > >>> As long as this "unverified" links are not used for global routing I > >>> would not be worried... > >>> > >>> you can never prevent a direct neighbor from doing a DoS. > >>> > >>> > Requiring an authenticated Hello is not workable, since an > authenticated > >>> > Hello cannot be sent until after the DTLS handshake has completed. > >>> > >>> And there is also the point that DTLS and Multicast don't mix well... > >>> > >>> > This is somewhat mitigated by the fact that only packets from > link-local > >>> > addresses are accepted (see Section 2.1 of this draft and Section 4 > of > >>> > RFC 6126bis). This is what the draft has to say on the subject > (Section 5): > >>> > >>> > A malicious client might attempt to perform a high number of DTLS > >>> > handshakes with a server. As the clients are not uniquely > identified > >>> > by the protocol and can be obfuscated with IPv6 temporary > addresses, > >>> > a server needs to mitigate the impact of such an attack. Such > >>> > mitigation might involve rate limiting handshakes from a given > subnet > >>> > or more advanced denial of service avoidance techniques beyond the > >>> > scope of this document. > >>> > > >>> > I'm not happy with this either. > >>> > >>> I think some parts of this information could be useful for the > >>> Security Considerations section. > >>> > >>> Most people don't know BABEL that deep, so giving them some advise > >>> what has already been considered and what no is always good. > >>> > >>> > > Chapter 2.5: > >>> > >>> > > What happens when a node starts a new DTLS connection and there is > >>> > > already one in the neighbor table? This could both be an attempt to > >>> > > attack Babel, a reboot of a node or just a matter of > misconfiguration > >>> > > of two nodes. > >>> > > >>> > Section 2.1: > >>> > > >>> > If a node receives a new DTLS connection from a neighbour to whom > it > >>> > already has a connection, the node MUST NOT discard the older > >>> > connection until it has completed the handshake of the new one and > >>> > validated the identity of the peer. > >>> > >>> Sorry, missed that... good to see it has already dealt with. > >>> > >>> > > Chapter 3: > >>> > > Different pairs of nodes could select different ciphers, resulting > in > >>> > > different MTUs. I assume this is no problem for Babel (could be > >>> > > mentioned in the chapter). > >>> > > >>> > I am not competent to answer this, we'll need to wait for David or > >>> > Antonin to resurface. > >>> > >>> Sure... I was away fore quite a while too after my post. > >>> > >>> Henning Rogge >
- Re: [babel] rtgdir Last Call Review requested: dr… Henning Rogge
- Re: [babel] rtgdir Last Call Review requested: dr… David Schinazi
- Re: [babel] rtgdir Last Call Review requested: dr… Juliusz Chroboczek
- Re: [babel] rtgdir Last Call Review requested: dr… Juliusz Chroboczek
- Re: [babel] rtgdir Last Call Review requested: dr… Henning Rogge
- Re: [babel] rtgdir Last Call Review requested: dr… David Schinazi
- Re: [babel] rtgdir Last Call Review requested: dr… David Schinazi
- Re: [babel] rtgdir Last Call Review requested: dr… Henning Rogge
- Re: [babel] rtgdir Last Call Review requested: dr… David Schinazi