IETF Logo Mail Archive

Re: [babel] Work to do (IHU TLV AE 0)

Denis Ovsienko <denis@ovsienko.info> Mon, 26 March 2018 19:53 UTC

Return-Path: <denis@ovsienko.info>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12F512D948 for <babel@ietfa.amsl.com>; Mon, 26 Mar 2018 12:53:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ovsienko.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CA2DL3-IfTYW for <babel@ietfa.amsl.com>; Mon, 26 Mar 2018 12:53:26 -0700 (PDT)
Received: from sender-of-o51.zoho.com (sender-of-o51.zoho.com [135.84.80.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DB9812D877 for <babel@ietf.org>; Mon, 26 Mar 2018 12:53:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1522094001; s=zohomail; d=ovsienko.info; i=denis@ovsienko.info; h=Date:From:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; l=2312; bh=EFdb8J5UvAMGimCQvtfW9fFZExAjRFEnwazpO6HYYIs=; b=ApIziwsUNN7Su+ZfSD1rQmTi2pJZPrWOnnOQHQWUef4Zwc5h9A8Kzi7dSzEFeMMQ pZsKURIT4/iAhGQdSdR4270hqr1F2xYJnklU3ClHcfpGehXN/Ew4U86I+VcDf0bH283 d8hgKMDQ9opJGUMNjbjiX3iH3/Kj6/+ZJp57uF4g=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1522094001462140.5522371074868; Mon, 26 Mar 2018 12:53:21 -0700 (PDT)
Date: Mon, 26 Mar 2018 20:53:21 +0100
From: Denis Ovsienko <denis@ovsienko.info>
To: Babel at IETF <babel@ietf.org>
Message-ID: <16263df4d35.c134482a130573.7360272675488949721@ovsienko.info>
In-Reply-To: <87k1u1uekt.wl-jch@irif.fr>
References: <87k1u1uekt.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/hFr2GNJj5OzFUiFOGEexbhGnBbs>
Subject: Re: [babel] Work to do (IHU TLV AE 0)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 19:53:30 -0000

---- On Sun, 25 Mar 2018 02:30:26 +0100 Juliusz Chroboczek  wrote ---- 
>Hello to all, 
> 
>We've had a productive IETF, and therefore we've got a lot of work to do. 
>My understanding of the current situation. 
> 
> 
>1. draft-ietf-babel-rfc6126bis 
> 
>This has been in last call, like, forever. We're still waiting for IESG 
>review, let's please make it happen. Donald, Russ, could you please poke 
>the responsible AD? 
> 
>(I'm still not happy about Unicast Hellos, but I understand I'm in the 
>minority, so I'll shut up. Er, no, I'll keep complaining loudly, but 
>I won't block the process.) 

There is one more important thing to check before setting 6126bis in stone. The current revision of 6126bis says an IHU TLV may omit Address (AE = 0). The current revision of 7298bis needs Address meaningfully set so that the receiving node can pick the TS/PC sub-TLV from the IHU TLV and translate that to the age threshold in units of seconds. If there is no Address field but there is a TS/PC sub-TLV and 7298bis tries to use that and somebody swaps the packets between two point-to-point links, I wonder if that makes another attack possible.

So far the implied destination address doesn't seem to be an obviously safe design. I currently see a few ways of getting rid of this edge case:
1. 6126bis and 7298bis coordinate to have IHU AE 1 or 3 when 7298bis is enabled
2. 6126bis simply mandates Address in IHU (AE = 1 or 3)
3. 7298bis does destination address protection too for all packets (7298 did only source, as 6126 is multicast-only).

I am still considering those options, feedback is welcome. One thing I wanted to confirm is whether point-to-point links in Babel are always meant to have addresses or they can be address-less.

>3. draft-ovsienko-babel-rfc7298bis 
> 
>Denis has produced a -00. I believe that Toke is interested both in 
>reviewing the draft and implementing it, and so am I. The subject of 
>adoption was raised at the meeting, and nobody objected. So: 
> 
> 3.1 is anyone opposed to adopting this draft? 
> 3.2 Denis, do you want to produce a new revision before adoption, or are 
> we welcome to adopt? 

OK to go into further work as it is, I have a rough plan of remaining changes, but cannot make everything in one quick go right now.

-- 

    Denis Ovsienko

v2.23.0 | Report a Bug | By Email