IETF Logo Mail Archive

Re: [Homenet-babel-sec] Security Design Team - July is coming!

Ted Lemon <mellon@fugue.com> Tue, 23 May 2017 19:04 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet-babel-sec@ietfa.amsl.com
Delivered-To: homenet-babel-sec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E5FB1274D2 for <homenet-babel-sec@ietfa.amsl.com>; Tue, 23 May 2017 12:04:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56bAIx3jN14f for <homenet-babel-sec@ietfa.amsl.com>; Tue, 23 May 2017 12:04:06 -0700 (PDT)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B572129411 for <homenet-babel-sec@ietf.org>; Tue, 23 May 2017 12:04:06 -0700 (PDT)
Received: by mail-qt0-x22a.google.com with SMTP id v27so136609773qtg.2 for <homenet-babel-sec@ietf.org>; Tue, 23 May 2017 12:04:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Edofs60oHDFV8/9s87D4j/p3iS3fS7re2MgBvApeTCg=; b=0xyhBupqW7jTsVFWF8QVKEy/F5MnS0Ch8sTlV618C8CR7sPkF4GM5/E/8qOCVCDg1F vok2IUgzo0hRu/4sC3Io1R32fcHK2lFFJ/zjU96doTBLO1PofWLJHRPLqJvyVLVO6O8D PRddn2jfb6iOMLBTX2J0gGYSvYMGVRHE+p4X2Gv1HLMOnPmXxeKcY7glHFV0Otl1T6Kv yT21EdimtegRLwe+9VNG0LS1CP4WufsUp9apxiT/g3GA106UYYDWDeVyqU3529N/A5IJ aoSFeczfW9il/MnTDi7vVcZhbyv/V5dGXFbv6MXN5J84by58tP5DUClHjrLE0tzQpOU8 89mQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Edofs60oHDFV8/9s87D4j/p3iS3fS7re2MgBvApeTCg=; b=Wyit6SB0mNvzN2TAPKmgI3BK7B+wdq/11fuOErTDtHRXcdJ2cQ2u3TX5wxd0XgnDPG N0lHMfTzre5xkdI9ueIkNscEuDhAIWPlojJ7arngi4iuTKjB1+rAm5muv0mOL82u7Cjr WsbELfUF46AXWT78Hep2xF1wsRvjVPiPYL7AR5ZtIuIZWioFftYyZBkVInyWAMn7DcdJ pmwgXjFLtrJIR5orQKPdTkIcp9a9JXH8r8oOWxdrSE/bHla8/d5qdchyxvtj/Ia4QYcn GtoiYHBmvWYW74WE1JD1V4bYmeH91l/Sloro5Zp5eWkr2rlSGLXJr3mtydOzwBZWLhVw gkdw==
X-Gm-Message-State: AODbwcBRUbRnMr93FazJHW5c8e3LSNLf1dZSldqJ8m4M05yfLECu7i7V BvA/6UDW5T68a+1/
X-Received: by 10.237.53.149 with SMTP id c21mr31213816qte.191.1495566245152; Tue, 23 May 2017 12:04:05 -0700 (PDT)
Received: from [10.0.30.228] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id u129sm1001558qkf.59.2017.05.23.12.04.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 May 2017 12:04:04 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <ACA7B53A-A580-4D87-9463-6B27F0409668@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8DB0740A-06F0-45ED-AE5C-670E21219834"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 23 May 2017 15:04:02 -0400
In-Reply-To: <CABG_PfQ77XKSHyYrxWcadqOnrbvnO6VgiL6SWbxB2fdjyZOyxg@mail.gmail.com>
Cc: Juliusz Chroboczek <jch@irif.fr>, David Schinazi <dschinazi@apple.com>, Mark Townsley <mark@townsley.net>, homenet-babel-sec@ietf.org, babel@ietf.org
To: Jehan Tremback <jehan.tremback@gmail.com>
References: <5255AA16-3DA8-418B-8533-B87F1CA78A72@townsley.net> <168E460A-29A7-4AA1-9232-6A777F8F93DE@fugue.com> <A1A2DC72-FAB0-4E9E-826A-7F15A4110D70@apple.com> <7i4lwb33gq.wl-jch@irif.fr> <CABG_PfQ77XKSHyYrxWcadqOnrbvnO6VgiL6SWbxB2fdjyZOyxg@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet-babel-sec/m9pZneuRRaAo1oPCFiVLZKT18X4>
Subject: Re: [Homenet-babel-sec] Security Design Team - July is coming!
X-BeenThere: homenet-babel-sec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Homenet Babel Security <homenet-babel-sec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet-babel-sec/>
List-Post: <mailto:homenet-babel-sec@ietf.org>
List-Help: <mailto:homenet-babel-sec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet-babel-sec>, <mailto:homenet-babel-sec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 19:04:08 -0000

On May 23, 2017, at 2:55 PM, Jehan Tremback <jehan.tremback@gmail.com> wrote:
> Hey, I just read through the minutes, wondering if someone has a concise definition of the threat model we are trying to guard against. I assume it's to prevent attackers from showing up and sending out bogus routing messages to bork or DOS the network?

I don't think it's necessarily going to be possible to _prevent_ attackers from showing up and sending out bogus routing messages.   However, what we probably _can_ do is to be able to know which router sent which update, so that we can see, if there is an attack, where it is coming from.

It would be good to game this out more, though.   We had a pretty good discussion in the meeting, and I think I sent out a summary message about it afterwards, but we haven't gone past that.

v2.23.0 | Report a Bug | By Email