Re: [Idr] WG Adoption call for draft-snijders-idr-shutdown (11/16 to 11/30)
Job Snijders <job@ntt.net> Mon, 21 November 2016 16:54 UTC
Return-Path: <job@ntt.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29335129590 for <idr@ietfa.amsl.com>; Mon, 21 Nov 2016 08:54:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.432
X-Spam-Level:
X-Spam-Status: No, score=-3.432 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SV7ZxvfEw46D for <idr@ietfa.amsl.com>; Mon, 21 Nov 2016 08:54:23 -0800 (PST)
Received: from mail3.dllstx09.us.to.gin.ntt.net (mail3.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3A78129570 for <idr@ietf.org>; Mon, 21 Nov 2016 08:54:23 -0800 (PST)
Received: by mail3.dllstx09.us.to.gin.ntt.net with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <job@ntt.net>) id 1c8rrJ-0005Y1-RY (job@us.ntt.net); Mon, 21 Nov 2016 16:54:23 +0000
Date: Mon, 21 Nov 2016 17:54:18 +0100
From: Job Snijders <job@ntt.net>
To: Martin Hannigan <Martin.Hannigan@microsoft.com>
Message-ID: <20161121165418.GI1236@Hanna.local>
References: <013f01d2404d$3dfff610$b9ffe230$@ndzh.com> <39991BB5-28C6-414F-A1BE-F5132DE2E012@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <39991BB5-28C6-414F-A1BE-F5132DE2E012@microsoft.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.7.1 (2016-10-04)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/2LKPFO6A0EU96bQf79QLPfJu2h4>
Cc: 'idr wg' <idr@ietf.org>
Subject: Re: [Idr] WG Adoption call for draft-snijders-idr-shutdown (11/16 to 11/30)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 16:54:25 -0000
On Sun, Nov 20, 2016 at 08:04:54PM +0000, Martin Hannigan wrote: > This is useful. On the security considerations, I’m having a little > bit of a fail grokking what visual spoofing means in this case? Is > there way to spoof a cease message from a third party and create a > message like “tear down, gone forever” in an unsecured (not MD5 or > other secured mechanism) or is the reference to UTR36 more perfunctory > and along the lines of “don’t send money to someone sending a request > in this message including example@sample.com as a target address? Visual spoofing exists in (at least) two forms, one is on the character level: where innocuous characters are replaced with variants for nefarious purposes, for example the following look alike but are different: Greek Ο, Latin O, and Cyrillic О. The other variant is where somehow a newline, newpage, feedpage or enough spaces to wrap the line are inserted, and the receiving side might incorrectly think there are more than 1 syslog messages where in reality its just 1 message, containing a communication + syslog-like content. To counter this the length of the string is limited to be very brief. If one is allowed to insert say 4000 bytes worth of Shutdown Communication, you could easily 'visually spoof' half a page worth of fake-syslog. The receiving side might think his/her router is in big trouble and perform an emergency reboot or upgrade based on false information. Further reading: (search bing.com for 'visual spoofing') https://en.wikipedia.org/wiki/IDN_homograph_attack http://unicode.org/reports/tr36/#visual_spoofing Another defense is to squash likely garbage and not print that. So one should replace the garbage with U+FFFD "replacement character" so that "drã©op table XXX;" becomes "dr�op table XXX;" and not "drop table XXX;". The next version of the draft will provide more guidance on that. This draft is breaking a lance for IDR in that it is the first draft (as far as I know) to carefully consider the security aspects of using UTF-8 at this level. I think UTF-8 is the right choice, it can be done (many industries have gone before us), there is more than Roman script in this world, but we'll need to make implementors aware. > Any real concern over buffer overflows? The clearly defined upperbound length of the BGP PDU, the Cease NOTIFICATION and the length marker for the Shutdown Communication itself can help mitigate these. I don't think there are any real new considerations here. Normal printf, strlcpy, strlcat recommendations apply. It was an explicit choice to not use a NUL-termination. I welcome feedback from others, I wouldn't dare to proclaim I'm anything close to an expert. Kind regards, Job
- [Idr] WG Adoption call for draft-snijders-idr-shu… Susan Hares
- Re: [Idr] WG Adoption call for draft-snijders-idr… Nick Hilliard
- Re: [Idr] WG Adoption call for draft-snijders-idr… Acee Lindem (acee)
- Re: [Idr] WG Adoption call for draft-snijders-idr… Harold Ritter (hritter)
- Re: [Idr] WG Adoption call for draft-snijders-idr… Sander Steffann
- Re: [Idr] WG Adoption call for draft-snijders-idr… Brian Dickson
- Re: [Idr] WG Adoption call for draft-snijders-idr… Per Nihlén
- Re: [Idr] WG Adoption call for draft-snijders-idr… Jeff Tantsura
- Re: [Idr] WG Adoption call for draft-snijders-idr… Robert Raszuk
- Re: [Idr] WG Adoption call for draft-snijders-idr… Job Snijders
- Re: [Idr] WG Adoption call for draft-snijders-idr… Jeffrey Haas
- Re: [Idr] WG Adoption call for draft-snijders-idr… stephane.litkowski
- Re: [Idr] WG Adoption call for draft-snijders-idr… Robert Raszuk
- Re: [Idr] WG Adoption call for draft-snijders-idr… stephane.litkowski
- Re: [Idr] WG Adoption call for draft-snijders-idr… Joe Provo
- Re: [Idr] WG Adoption call for draft-snijders-idr… Sander Steffann
- Re: [Idr] WG Adoption call for draft-snijders-idr… Warren Kumari
- Re: [Idr] WG Adoption call for draft-snijders-idr… Dickinson, Ian
- Re: [Idr] WG Adoption call for draft-snijders-idr… David Freedman
- Re: [Idr] WG Adoption call for draft-snijders-idr… Gaurab Raj Upadhaya
- Re: [Idr] WG Adoption call for draft-snijders-idr… Martin Hannigan
- Re: [Idr] WG Adoption call for draft-snijders-idr… Job Snijders
- Re: [Idr] WG Adoption call for draft-snijders-idr… jim deleskie
- Re: [Idr] WG Adoption call for draft-snijders-idr… Jeffrey Haas
- Re: [Idr] WG Adoption call for draft-snijders-idr… Susan Hares