Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 01 September 2015 16:17 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCD8A1B3186; Tue, 1 Sep 2015 09:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2vT-dYOniME3; Tue, 1 Sep 2015 09:17:34 -0700 (PDT)
Received: from mail-wi0-x244.google.com (mail-wi0-x244.google.com [IPv6:2a00:1450:400c:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24AAC1B3060; Tue, 1 Sep 2015 09:17:34 -0700 (PDT)
Received: by wicjd9 with SMTP id jd9so4324860wic.0; Tue, 01 Sep 2015 09:17:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=AnXD/UmYodzmCTvJFzGKgumWNUAJ83kNc/mJbDncC9g=; b=sXpbHuogwGwmQgQI/J+b/itX3alPg7tBkJ67vYBaQvt+Nz2eEfQ8M3ebxZcizOJCr3 sijIjIunYuP5MdVkZu5u5N2aQW5A5YxXGqT0lTT4LD+qrLTuButAKP1xemo9SBgzjgAI g5ALVF1vzm/6WOc3EyBUnehIiPCAnokN/e8djiusyJx0SZAb18vCHCxuq+Qw3kZwKiFe CPBHwJtmait1omboT93B75t95Qgg4OGx0IXJR2xn/yF/tvZZ++qML9bnRGpNmaAtcM1s 0YqHaepNiAqsJ+JBA6seqeMjxX/d0gXFeEOVZt286AtBqrEKSA0XXB6wVqo/TgqBKZbS yceA==
MIME-Version: 1.0
X-Received: by 10.195.18.5 with SMTP id gi5mr37098552wjd.0.1441124251809; Tue, 01 Sep 2015 09:17:31 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Tue, 1 Sep 2015 09:17:31 -0700 (PDT)
In-Reply-To: <55E5CE19.9050107@bogus.com>
References: <20150820130502.24837.95129.idtracker@ietfa.amsl.com> <6E1C79F9-2805-43BF-BBD1-47319054A7FA@imdea.org> <CAHbuEH4Gucr+2MBU96Vt7v5u_GUeheOC8FHTDvY0kosw6H+1TQ@mail.gmail.com> <D20B88FF.42A92%pifranco@cisco.com> <BLU436-SMTP231745F11AFC42C537F7EB2DF6A0@phx.gbl> <55E5CE19.9050107@bogus.com>
Date: Tue, 01 Sep 2015 12:17:31 -0400
Message-ID: <CAHbuEH5TVAZiaAkhH_QNSG0CbW1XcskgpgR7M-hpPcZwUMOLEQ@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: joel jaeggli <joelja@bogus.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/Kav5HomVOJ1aLjrQOKolW8pVmls>
Cc: "<grow-chairs@ietf.org>" <grow-chairs@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "draft-ietf-grow-filtering-threats@ietf.org" <draft-ietf-grow-filtering-threats@ietf.org>, "draft-ietf-grow-filtering-threats.shepherd@ietf.org" <draft-ietf-grow-filtering-threats.shepherd@ietf.org>, The IESG <iesg@ietf.org>, "Pierre Francois (pifranco)" <pifranco@cisco.com>, "draft-ietf-grow-filtering-threats.ad@ietf.org" <draft-ietf-grow-filtering-threats.ad@ietf.org>
Subject: Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 16:17:36 -0000
On Tue, Sep 1, 2015 at 12:11 PM, joel jaeggli <joelja@bogus.com> wrote: > On 9/1/15 8:16 AM, Peter Schoenmaker wrote: >> >>> >>>> >>>>> >>>>> Now if the unexpected path through A is under-provisioned, >>>>> traffic will be lost. But that would be a bit strange for the >>>>> owner of P to do the documented trick to trigger a DoS of its >>>>> own prefix P, wouldn¹t it? >>>>> >>>>> So can I really talk about a DoS vector here? If someone else >>>>> than the owner of P plays games with P to trigger the >>>>> unexpected path for P through A, then it definitely becomes >>>>> one, but there we fall in the classic cases of prefix >>>>> hi-jacking. >>>> >>>> I don't see a pointer in the security considerations to other >>>> work describing this threat as a consideration, should this be >>>> included? It sounds as if it should be. >>> >>> >>> Well, I have the feeling that it is quite out of the scope of this >>> document, which is about playing with more specific prefixes >>> injection bound with restricted propagation. I am not sure I should >>> mention prefix hi-jacking here, as it¹s quite a different, >>> well-document approach; I inject a more specific prefix that >>> belongs to someone else and I drop the traffic. >>> >>> I don¹t know what others think about this. >> >> I would agree this is out of scope for the document. The traffic >> makes it to the intended and correct destination. There are no rogue >> players involved (at least more than normal which is covered >> extensively in other documents as pierre points out.) The main point >> is how traffic is routed through different networks. > > We worked pretty hard to keep both the attack terminology out of the > document and to keep the focus on the non-malicious action of ordinary > actors. I think it's better that we don't lump that in with malicious > action of varying varieties. My comments were just comments and not a discuss, so I appreciate the discussion and you can decide what to do or not do with it. It basically was a set of questions I wound up with in reading the draft to make sure security considerations were included. Thanks, Kathleen > >> peter >> >> >>> >>> Cheers, >>> >>> Pierre. >>> >>> >>>> >>>> Thanks, Kathleen >>>> >>>>> >>>>> Cheers, >>>>> >>>>> Pierre. >>>>> >>>>> >>>>> The importance of mentioning this int he security >>>>> considerations section is to more explicitly call this out as >>>>> a potential DoS attack method. The time for BGP to repropagate >>>>> might be short(ish), but that could be a critical amount of >>>>> time during an event and maybe the more specific AS is a web >>>>> server farm or some other critical resource. >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Best regards, Kathleen >>> >> >> > > -- Best regards, Kathleen
- [GROW] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Peter Schoenmaker
- Re: [GROW] Kathleen Moriarty's No Objection on dr… joel jaeggli
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois (pifranco)