Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)

Bob Briscoe <ietf@bobbriscoe.net> Mon, 05 October 2015 23:43 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62D451B346D; Mon, 5 Oct 2015 16:43:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPXv_rzVtiOd; Mon, 5 Oct 2015 16:43:14 -0700 (PDT)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C3C51B2DDC; Mon, 5 Oct 2015 16:43:13 -0700 (PDT)
Received: from 242.23.189.80.dyn.plus.net ([80.189.23.242]:41464 helo=[192.168.0.6]) by server.dnsblock1.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <ietf@bobbriscoe.net>) id 1ZjFPT-0001IZ-Ev; Tue, 06 Oct 2015 00:43:11 +0100
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Suresh Krishnan <suresh.krishnan@ericsson.com>
References: <20151001000655.11590.32411.idtracker@ietfa.amsl.com> <E87B771635882B4BA20096B589152EF63A97724C@eusaamb107.ericsson.se> <560CEF4E.5080409@cs.tcd.ie> <560DAE68.60401@bobbriscoe.net> <560E45E2.2040809@cs.tcd.ie>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <56130B0E.3000906@bobbriscoe.net>
Date: Tue, 6 Oct 2015 00:43:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <560E45E2.2040809@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
Archived-At: <http://mailarchive.ietf.org/arch/msg/conex/YKU-fC9ffFDxroiGIJbZ7Va0DPc>
Cc: "draft-ietf-conex-destopt.ad@ietf.org" <draft-ietf-conex-destopt.ad@ietf.org>, "conex-chairs@ietf.org" <conex-chairs@ietf.org>, The IESG <iesg@ietf.org>, "conex@ietf.org" <conex@ietf.org>, "draft-ietf-conex-destopt@ietf.org" <draft-ietf-conex-destopt@ietf.org>
Subject: Re: [conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 23:43:17 -0000

Stephen

On 02/10/15 09:52, Stephen Farrell wrote:
> Hi Bob,
>
> Those all sound like pretty good changes except perhaps for...
>
> On 01/10/15 23:06, Bob Briscoe wrote:
>>
>> [Proposed]
>> A network-based attacker could alter ConEx information to fool an audit
>> function in a downstream network into discarding packets. An attack on
>> one network from another by changing an immutable field can be traced,
>> so it would be unlikely given network operators care about their
>> reputation.
> If the attack is carried out by a compromised node then the goals
> of the rightful owner of that node aren't relevant.
Yes, I know. I was trying not to side-track too much into a whole 
treatise on all the more damaging and less traceable attacks that become 
possible if a network node is compromised (e.g. the TTL expiry attack I 
mentioned in the email, but not in proposed draft text).

Perhaps the solution is to say less rather than more, and not mention 
operator reputation, given other attacks are more fruitful whether the 
attacker is the operator or not. How about this:

[Proposal #2]
A network-based attacker could alter ConEx information to fool an audit
function in a downstream network into discarding packets. However,
otherexisting attacks from one network on another such a TTL expiry
attacks are more damaging (because ConEx audit discards silently) and
less traceable (because TTL is meant to change, whereas CDO is not).

Then the following para can still pick up on the traceability aspect.
>
>> Nonetheless, if ConEx information was being altered within a
>> network, IPsec AH or other more stealthy e2e integrity checks could be
>> useful tools to help pin-point the attack location.
> I'd omit "more stealthy" unless you want to add a reference. (I
> guess that'd be to your Phd thesis and why not include that.)
I'll leave the authors to decide - a ref to my S.12.1.4 of my thesis at 
this point would work.

Cheers



Bob
>
> Cheers,
> S.

-- 
________________________________________________________________
Bob Briscoe                               http://bobbriscoe.net/