Re: [babel] Paul Wouters' Discuss on draft-ietf-babel-rtt-extension-05: (with DISCUSS and COMMENT)
"Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com> Thu, 18 April 2024 07:39 UTC
Return-Path: <gunter.van_de_velde@nokia.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED235C151535; Thu, 18 Apr 2024 00:39:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.146
X-Spam-Level:
X-Spam-Status: No, score=-9.146 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3LhE7eUCkFT; Thu, 18 Apr 2024 00:39:15 -0700 (PDT)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2085.outbound.protection.outlook.com [40.107.241.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0D26C15107F; Thu, 18 Apr 2024 00:39:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AxkEHVVRJGv3Q9CNLu4mppb7p3KfAWmUJMOHLHj/HWfFjCK+EMkgyBAahkICt4uzpR8Jsa9OiyAVoR+7Mn5o8n64xQWpDT+ckG63hafTEZG3smkfg3EpPNWPRUdlgzb4U2saM2+28eGUrCViDgjiPVL3DmjizqZznH5fswpafLs2RWIfBkOsKxDJPsePefgDQkdAoaKwx8CO1/eAtC3uwEWDaYoT/4bRJJ9z+hLrHekB35lMBuXD92AETb+Tw9PmdU3NBnGLM6SyGz8725nXY8UDwXseOocK8HsNERb53E3KnAODf6c47W8hYqWwd9fH9mzgpHowlXqvjloVdYCmfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BTdVcNzvLcdN4UOUcHD2kRkcn2WWmNfYSymZAWXQwW4=; b=hFTwJUxxdRUf6UC7rQJRgUEuuzbr3BQx4lgcirQ7duX5TmHqZCa5G+781mDjZsOVQgmhI5k39IO9p8q3i9xjJlA3xuF+Y+uIWC/JsHG6Vwt6pCaSm+GnKtWyi9uK2e6l+bmV1/0/ua7qE7NrD4akQXgDtKlt5fapodzJK/U/qnAoVDyysdwwyRyiQSwEEaS6gfNH3uikcZ2TRmiFI6Sa+uFqbij+goWyfzpAuwnRrsbeg3gmBvccFMwBdJgOOTFKkmzH8QuXu0MoQ5Se9JKN5HPHadkBLNcIiEmfidYFGeJYZqBGZzgD0QnjacFcPYVe/lDp5ontbFyHT2Tn6yaH0w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BTdVcNzvLcdN4UOUcHD2kRkcn2WWmNfYSymZAWXQwW4=; b=E0j+hI8TrH+ZfcX7bzZ50W5YxUYUoT0AHUJ1fjD9vRwjrRPgB6o//YOHgADnGhpFwWoX9pnPVYOSMuALk7xWzdQaV6cSNG8zizuiH+SQOFBFPPJa8dgXLz7MpP9xwOFfmgxHReBsOvJA3cA9cuz2GUDoymKV0Ia5F93CQWVrsEvoBCoqSvHy/ljrrSuMKcXvVlg78Dh3OebBiwrk+inXOhvpD5JkYyhL4yE7/K4gXxjK8z2lsPpb/BHfkZAHERNOMumMJVC9M57DkR6zKWtuWCBkd/Ayon7DtTfq+WOraKdeaWd7i65VMMTN1ULHFZLKGg79oFoXzlbP1lMaH3bXMg==
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com (2603:10a6:20b:470::16) by AM8PR07MB8295.eurprd07.prod.outlook.com (2603:10a6:20b:32a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.39; Thu, 18 Apr 2024 07:39:11 +0000
Received: from AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::c316:8cd6:216e:d7a8]) by AS1PR07MB8589.eurprd07.prod.outlook.com ([fe80::c316:8cd6:216e:d7a8%6]) with mapi id 15.20.7472.037; Thu, 18 Apr 2024 07:39:11 +0000
From: "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, Juliusz Chroboczek <jch@irif.fr>
CC: The IESG <iesg@ietf.org>, "draft-ietf-babel-rtt-extension@ietf.org" <draft-ietf-babel-rtt-extension@ietf.org>, "babel-chairs@ietf.org" <babel-chairs@ietf.org>, "babel@ietf.org" <babel@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>
Thread-Topic: Paul Wouters' Discuss on draft-ietf-babel-rtt-extension-05: (with DISCUSS and COMMENT)
Thread-Index: AQHaXp4vxHYB5QbnfUyjHQSabXGrNrEIoJcAgAAzgwCAZTWLUA==
Date: Thu, 18 Apr 2024 07:39:11 +0000
Message-ID: <AS1PR07MB85891DEA4F74D9D7AC690924E00E2@AS1PR07MB8589.eurprd07.prod.outlook.com>
References: <87frxwdwa9.wl-jch@irif.fr> <45C3A0C1-1AC6-4F9A-8D3E-E0CF8A0A11F0@aiven.io>
In-Reply-To: <45C3A0C1-1AC6-4F9A-8D3E-E0CF8A0A11F0@aiven.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8589:EE_|AM8PR07MB8295:EE_
x-ms-office365-filtering-correlation-id: 0afc50bd-2ded-43e0-3de3-08dc5f7aa39d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Pw7AFwyzUBr6IYo0BXsoID/Q/WuhaN6QKWOEwyoesUD61iUPYmjCU+ca88Wr6TDiNVOdqRtQEAwtSpUEiNyP59Ib/eaTCEoqqZoOFxFJhPxOa9t+7sZeAw6QLghUPmMqIR1Qleec33tVeOB3pmyHHtgp+gyYx4lCwLNAzHazhWFoIPwzJ+Em0HtnvCcUIUUAtm4oMFG0UzODyiYhmybve411cqJDoriVYuRVO+nTbYx30sLsBl1cX84fMcONIjCHqVe6I7dvl8F6tVkiWPDVue1PPUEGkJVsQ+OPM8z75TUpA6lomxJvGKfU3Qfzb3YotX1n1CsaoDg5jCtJkRbHT4QcOFYu2xFXU1GgFx0BeGVvUOZi5oTMZd51geB61ybS4H+t/XvSc6jXIO/qsZ+ytvUxN6NMIrZ+r/d0QxUKZz4jTdZ48YGLefdc8J+OCnqJ/RguzQYq3RKsgnZHb291+QvTJl35EOz+In20pZN/GqI+P8wE/ZGOlTUsmk3khtXyxI8vR7PC3so4bEZTgawpm2q09UtpkZYOQo3lxbLKNL+gjTtReLHCey6EAIhqgDr+x7lzcUbyqQEjTlgsV/s0LZd+dAZ9xS/qypD+38A39JAbfEy0Sr6qxd973j31kd29xvetnL80BiAuN2jTON+h+Jno+HMB3g1RWojFrWW8CNTSXlgfHA0Awss3xJWdMUKfid1AVsTgtRCtAK2WlyyxUxn/r8MyOkoaV0UbzxNym8O/e4a876KsQl9KXMbWItqxqj4xoBRI6eNixClTOqhPKqAtVbcqGmeewZNHpHm2ZatF+4cOnhIJEt2TUdR9cmn113wkIPkYP2K/JrFLtvJMD4x1S4ku9QFLB1s55N/1NMjyfxsKo5l3yasFF5nuYAuSpIGLAPswgQ8bN17dWPElHQJ31Wo/C0SOosGYQm7Gm/FxtOgu48jLJPxrgyl+E2Tbw/XkLNRzy+s1ZBR3UWUbEYst93ipc3Ub2Vil7S8fZTSw1tp2Ed+y/2vL2z1D7Nd6rg0tDP4YSEVghg9U+RJZNWgov/nx8cJzuYC4kUqzBALMMIq+muJ+nruOm6wc0H3701Uf4enrXfkEpdHhR+z2AjB6MfFHceUMlA/7aN9uox8bFm7cNHz+OgL9IA1pHtsxu8PBzNUlH4H1uKMLfmCo4lqXfiEdLHAPXaQ1AmXsCdcEV60rPElk8pIjz2vHUnl39KHrC6tsv8Rwbku4QPLwqmNn9kHcEM12gLMgxFqsszjpUGLHbYbvXOjkIFCOKLyEmHN+0+Psy3uf434w4UOWC4cBYUvdhvO6B/dICH6nqEs=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS1PR07MB8589.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MA6wbPXPNPCKd5d7EQLnkeIwV6HDS0tGKp+yPfazul+eB9H/OQmyaz76/sOyl73d9CGXgT0w5ZxS3PGznb/Pl4SLv7mVYNSawih+LE6ozCbhtT7xxfkvkVR02heRi9uRM/AUtw4+2FKNrhbauJyCNOB/1uE5t4EKlLqFyeST8wVLtn380pQnv0VRPnzLQpYl/4gCc7aAPBr/0Y23003eZWklUmWaU6ZteXo36iYgghnA4Z4qMtbi8+tYpDDlpTOZN55dG2gQ5NCiD3IyMvW0AUvb1Fw0oQMNgrKYP9+nniNBQWkrHRj4c/oDP1Ih58kqiQGxKyUFupKHMmJ6VWtBfmJ1ZZacJly/eorSWzTPBAAswbS5FOeUTaXZ3WrTIrTQGJZnmunCZxdXwUBRzve/RZWbllxBVFrn73evra7Y7nmLdjfHyF/Nqxdk3hKOaMkB2TFLS1f1EbEaF1SBpzk/oVApq4TCLnNYdVwjBRcKIGQSj2zr69kfXFfTWUUCYa+rOs+6/lYp7z2BJN2Oe7MgIaxjejcrTalDMaJbn2z2jJsQfazxuNt4A2Gri4ZsoTH0IaRbFUjiI6fCQQhBmDlNhPB366pOBv2ttXjXb4NkPgbQUeizC99smo6IUqQx6s7vFY5i/uN/4C+fL8eRZZudQ7YWg13+UcKpTwfkmpglxdvU2GrsaGOOwctSig9FdMkfKD/w3wGrrzH7/BtS06wlcDMSRerKlIHc9HA2ER9c8W2bf9R2xRuNHYf4Bl9UYDujNT0ZVEYhGLBuxD+Ld+S/xSWU0/fpX5UPyF1c9HVDu3ZWMJhBfIsilFnI4ARBwEowJIQ6H9PILy6ifYxjc77OVn4WGtyodOWoV7bmUSKn/6rig1lhH3nuULVHdKZoXz+cPiGEEZX8SLSfs817eFWRq/mGvangYCNDN7nFHI3NPFtHHQcUiIN8dBq8n37YWYoRF/BpKn8x/v7dgdBqRBWHRpqZNGwE5mUklgLhIbgr5dkQHomz3Zd1cq0F4JAyfhjQdw6qbsGRB9x3kyR7CrSqZ9KkpyKYkGeso4igjnO8ZRAXehy0yI1mmFc6UbuFBkG9UEv6fV1LXm99JBNUQ55YPElGONb32m7zoRogtQ+xltyMGyXpbWWD95vRh8+6yIdABcIDmw01dD9XpSSbNus2pG/422+zKVvohmKiIR/pZEh+2NgKzgwBRqHXozLkoMKTMTtzyj+SPFOcyAOZZDhG8kgTbFtmVbDT3rjUyzoikn1//Q54pX92934DFDoWYY0xlZK2fujz9JPNwtvP/V4T/s4uPUPv04KVjujNfeoztWGDez4dX/vv24JIL8ZDoDQ6x4fyI+/MOIfqz2B3LUmwoI+B6jbCFVLru/+FKidUan2yyu/zb5UntkatyCSrlAJMbaL5gN8uCfVvLCf6URospJSHNPuWd23BhQx4IknVWWoVNL5S7wChazRNJ8YVDgNR+NlrVSrELlNTia+XltS4+LW8w8RK/uZBdAFeOBfQbYkUjD7kDYKLben6UbwXeMgoUZfLABEtCH/Jq1b/Zetja6QEkc/bO0+2lmy6QMlA7lj9uCzAEry+fxHmyvQIqlo+fqikqgLrrSqyDSZHJncAGxFSyh/BXYVVrTzA5TN8HFn2sZdVjNWVE6T29AG0zxHewo1H2Bvnz9AQh/T5RzEz6g==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8589.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0afc50bd-2ded-43e0-3de3-08dc5f7aa39d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2024 07:39:11.5081 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rTQooxV2HfaCRx/6tqPWEN7leZmAEujeMj6OJxpKUHRRhm8q42bcg9Y6DSf62tGyD/DW07fLQ+plI6NRuQV+XyFbE5nJf9R/EfK3fzmUB2k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8295
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/r2-1i_CeOux5PmyKSG544TqlblQ>
Subject: Re: [babel] Paul Wouters' Discuss on draft-ietf-babel-rtt-extension-05: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 07:39:20 -0000
Hi Paul, Please find the diff: https://author-tools.ietf.org/diff?doc_1=draft-ietf-babel-rtt-extension-05&doc_2=draft-ietf-babel-rtt-extension-06 Based upon your feedback the document has been enhanced/updated. Are there any remaining showstoppers from your side? G/ -----Original Message----- From: iesg <iesg-bounces@ietf.org> On Behalf Of Paul Wouters Sent: Tuesday, February 13, 2024 11:05 PM To: Juliusz Chroboczek <jch@irif.fr> Cc: The IESG <iesg@ietf.org>; draft-ietf-babel-rtt-extension@ietf.org; babel-chairs@ietf.org; babel@ietf.org; Donald Eastlake <d3e3e3@gmail.com> Subject: Re: Paul Wouters' Discuss on draft-ietf-babel-rtt-extension-05: (with DISCUSS and COMMENT) [You don't often get email from paul.wouters=40aiven.io@dmarc.ietf.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. On Feb 13, 2024, at 14:00, Juliusz Chroboczek <jch@irif.fr> wrote: > > >> >> I agree with Shivan's concern about privacy here. Perhaps something >> more can be said in the document? Maybe a Privacy Considerations >> section? Should a client using a VPN add some random range delay for >> privacy? Should it just say/act with something very slow to "opt out" >> of this entirely > > A router can opt out of the mechanism entirely, simply by not sending > the timestamp sub-TLV in its Hello and IHU TLVs. This will cause > neighbouring routers will fall back to RFC 8966 operation for route selection. > A router may even switch at any time from sending timestamps to > omitting them, for example if a previously stationary router becomes > mobile and therefore wishes to conceal its location. > > The current implementations are not vulnerable to the attack, since > they use RTT information in order to penalise participating routers: > RTT information is used to identify far-away routers, in order to > avoid sending traffic through them. In ten years, we have not come > across a network topology where we would want to do the opposite. > > The Security Consideration currently says: > > However, having access to accurate timestamps could allow an attacker > to determine the physical location of a node, which might be > undesirable in some deployments. > > If you wand us to be more explicit, I can replace it with the following: > > However, having access to accurate timestamps could allow an attacker > to determine the physical location of a node, which might be > considered confidential in some deployments. Such nodes might avoid > disclosure of location information by not including timestamp sub-TLVs > in the TLVs that they send. > > Would that satisfy you? Yes, thanks. > >> I'm also worried about malicious clients sending pre-emptive IHUs and >> lying about the RTT, and thus making themselves the preferred gateway. > > There are easier ways to achieve that in the Babel protocol, please > see Section 6 of RFC 8966. Okay so this isn’t a great concern then. Thanks, Paul > >> This could be avoided by adding a random COOKIE in the RTT timer >> request. Is there a reason why not to take this extra security step? > > A malicious router has much easier ways to redirect traffic to itself. > That's why we recommend using RFC 8968, which uses random nonces and > cryptographic signatures, and that has been proved safe. (Full > disclosure: pen and paper proof, not automated verification.) > > -- Juliusz
- [babel] Paul Wouters' Discuss on draft-ietf-babel… Paul Wouters via Datatracker
- Re: [babel] Paul Wouters' Discuss on draft-ietf-b… Juliusz Chroboczek
- Re: [babel] Paul Wouters' Discuss on draft-ietf-b… Juliusz Chroboczek
- Re: [babel] Paul Wouters' Discuss on draft-ietf-b… Paul Wouters
- Re: [babel] Paul Wouters' Discuss on draft-ietf-b… Gunter van de Velde (Nokia)