IETF Logo Mail Archive

Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls

Juliusz Chroboczek <jch@irif.fr> Tue, 06 August 2019 23:58 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88D3712009C for <babel@ietfa.amsl.com>; Tue, 6 Aug 2019 16:58:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1OyEnrwXlHq for <babel@ietfa.amsl.com>; Tue, 6 Aug 2019 16:58:24 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C30C112008B for <babel@ietf.org>; Tue, 6 Aug 2019 16:58:23 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x76NwCnb013566 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 7 Aug 2019 01:58:12 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x76NwCE4012680; Wed, 7 Aug 2019 01:58:12 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 77FDB4C589; Wed, 7 Aug 2019 01:58:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 3IWm0Tg_72DD; Wed, 7 Aug 2019 01:58:14 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id AA0054C586; Wed, 7 Aug 2019 01:58:11 +0200 (CEST)
Date: Wed, 07 Aug 2019 01:58:11 +0200
Message-ID: <87y305alt8.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Henning Rogge <hrogge@gmail.com>
Cc: "Yemin (Amy)" <amy.yemin@huawei.com>, antonin.decimo@gmail.com, dschinazi.ietf@gmail.com, Martin Vigoureux <martin.vigoureux@nokia.com>, LucAndré Burdet <laburdet.ietf@gmail.com>, babel@ietf.org
In-Reply-To: <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com>
References: <156105440578.3118.4917846383408119793.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FCFC76069@DGGEMM528-MBX.china.huawei.com> <CAGnRvup1FvMU85N4psgG52tZBZwA-qhwCKuBdA7RxvcNLMpNmA@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Wed, 07 Aug 2019 01:58:13 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Wed, 07 Aug 2019 01:58:13 +0200 (CEST)
X-Miltered: at korolev with ID 5D4A1414.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5D4A1414.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D4A1414.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5D4A1414.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D4A1414.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5D4A1414.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/vaJowPOfLBKblh5LYpwSstS7Ins>
Subject: Re: [babel] rtgdir Last Call Review requested: draft-ietf-babel-dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 23:58:27 -0000

Hi Henning,

Good to hear from you again.

The two main authors of this draft appear to be on holiday, so I'll answer
your review to the best of my capacities.

> Chapter 2.3:
> I wonder if using DTLS protected unicast Hellos should be mandatory...
> using unprotected multicast to determine bidirectional reachability
> looks like a good way to do a cheap denial ofa service attack.

In Babel, bidirectional reachability is established by a Hello/IHU
exchange.  This document requires IHUs to be authenticated, therefore
bidirectional reachability will never be established with an attacker.

However, this doesn't prevent DoS attacks:

  - an attacker could send cleartext Hellos from spoofed addresses, thus
    causing the victim to create unbounded numbers of neighbour entries;
  - an attacker could send DTLS ClientHello packets from spoofed
    addresses, with a similar effect.

Requiring an authenticated Hello is not workable, since an authenticated
Hello cannot be sent until after the DTLS handshake has completed.

This is somewhat mitigated by the fact that only packets from link-local
addresses are accepted (see Section 2.1 of this draft and Section 4 of
RFC 6126bis).  This is what the draft has to say on the subject (Section 5):

   A malicious client might attempt to perform a high number of DTLS
   handshakes with a server.  As the clients are not uniquely identified
   by the protocol and can be obfuscated with IPv6 temporary addresses,
   a server needs to mitigate the impact of such an attack.  Such
   mitigation might involve rate limiting handshakes from a given subnet
   or more advanced denial of service avoidance techniques beyond the
   scope of this document.

I'm not happy with this either.

> Chapter 2.5:
> What happens when a node starts a new DTLS connection and there is
> already one in the neighbor table? This could both be an attempt to
> attack Babel, a reboot of a node or just a matter of misconfiguration
> of two nodes.

Section 2.1:

   If a node receives a new DTLS connection from a neighbour to whom it
   already has a connection, the node MUST NOT discard the older
   connection until it has completed the handshake of the new one and
   validated the identity of the peer.

> Chapter 3:
> Different pairs of nodes could select different ciphers, resulting in
> different MTUs. I assume this is no problem for Babel (could be
> mentioned in the chapter).

I am not competent to answer this, we'll need to wait for David or
Antonin to resurface.

> Some of the design decisions of regarding the three questions could be
> mentioned in chapter 5 (Security Implications).

David?  Antonin?

-- Juliusz

v2.23.0 | Report a Bug | By Email