Re: [Idr] [BULK] Benjamin Kaduk's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)

Christoph Loibl <c@tix.at> Wed, 04 November 2020 20:34 UTC

Return-Path: <c@tix.at>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFD4C3A0E3E; Wed, 4 Nov 2020 12:34:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tix.at
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id URItCRuAV5KA; Wed, 4 Nov 2020 12:34:20 -0800 (PST)
Received: from mail.fbsd.host (mail.fbsd.host [IPv6:2001:858:58::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 832583A0FCA; Wed, 4 Nov 2020 12:34:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tix.at; s=rev1; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type:Sender:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=ZKx/vZ9EuHV8t2mAOLvDe0ixkylSYnGwtJGfZvjK5jM=; b=i7kSYWrCyg4erCsmS9mC7HxAtt NwHCc34nDIG2qc8y15GEB9rFcIOH6IeFdBQG9pzHwI/k61nnFq7m+Y7yZby9/aR1yChgHs8yxLN6D Noau8/1aBLgmoBpqCEyglwD7tvqw+bWsP3/J9nqeF7Lnr8Ee9BKAlLReSDJKtDtl3SYXV6dMMap61 mdK1itHZrR5F8y9pglt4zS63TBL5QZmvbT2hUOr12AuxteuD8YzenrJ6mTpArLeOu8yQSNCmPcYSe BE1aIu/x7B9QyTH6aRH+tLfqsg0xthgzW7QhBoFXnjulWTQ+/JcpuU5ic/XAkYjfNsYRTZieeNGXM FSeoRVLA==;
Received: from 80-110-113-91.cgn.dynamic.surfer.at ([80.110.113.91] helo=[192.168.66.207]) by mail.fbsd.host with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from <c@tix.at>) id 1kaPTl-000DHr-OZ; Wed, 04 Nov 2020 21:34:02 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Christoph Loibl <c@tix.at>
In-Reply-To: <20201104163619.GR39170@kduck.mit.edu>
Date: Wed, 4 Nov 2020 21:33:56 +0100
Cc: The IESG <iesg@ietf.org>, idr-chairs@ietf.org, draft-ietf-idr-flow-spec-v6@ietf.org, idr@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D408BA4-52EE-45CE-8884-91CDEE8995CF@tix.at>
References: <160442801878.21168.17412260809706411361@ietfa.amsl.com> <3C5BB93B-5E8C-42AD-B1C1-F96C359EC110@tix.at> <20201104163619.GR39170@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Scanned-By: primary on mail.fbsd.host (78.142.178.22); Wed, 04 Nov 2020 21:34:01 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/tEGjNeEdBMZaX42QOQ-CCV0rXJg>
Subject: Re: [Idr] [BULK] Benjamin Kaduk's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2020 20:34:23 -0000

Hi Benjamin,

See my comments below (I stripped down the message, it only contains the remaining issues). 

@ Alvaro: Please also read my last question.


> On 04.11.2020, at 17:36, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>> ## DISCUSS:
>>> A fairly minor point, but I think that allowing Type 13 (flow label)
>>> component values to be encoded as 2-byte quantities encourages the
>>> selection of non-random flow label values, and thus violates the
>>> guidance from RFC 6437 that these values "should be chosen such that
>>> their bits exhibit a high degree of variability" and that "third parties
>>> should be unlikely to be able to guess the next value that a source of
>>> flow labels will choose." While having the short 1-byte encoding for a
>>> flow label of 0 might be reasonable, a 2-byte label can represent at
>>> most 16 bits of the 20-bit identifier space, discouraging the use of the
>>> high 4 bits, when such bits of unpredictability are scarce already.
>>> Let's discuss how big an issue this is and what might be done to
>>> mitigate it.
>> 
>> The Type-13 component is not the flow label itself. It is only the filter that allows to match on that particular field in the IPv6 header of the packets. If the flow-label encoded in the packet (unlikely, but possible) can be encoded in 8,16-bits one could encode the match filter in a shorter form. However, this may be very unlikely. This specification does not choose those flow labels, but allows to match on flow labels in packets (usually generated by other systems).   
> 
> I understand that this specification is describing patterns to match flow
> labels and not the flow labels themselves, yes.  However, this document is
> saying that, *if* the flow labels themselves have a certain structure, then
> the flow specification (from this document) to match the flow labels has a
> more compact encoding.  This, in turn, sets up an incentive for the party
> assigning flow labels to conform to the specific structure of flow label
> values, in order to take advantage of the more compact encoding.  I believe
> that using any kind of substructure when assigning flow label values is
> contrary to the guidance of RFC 6437 (and, relately, harms the overall
> security of the internet), and thus am supplying resistance to a mechanism
> that incentivizes using such internal structure in flow label values.
> The discussion that I would like to have here relates to the magnitude of
> incentive in question (to use specific substructure when generating flow
> label values), which in turn is related to how much benefit there is from
> shaving two bytes off the flow specification encoding.  I do not believe
> that your comment above is trying to make such an assessment on the
> magnitude of the incentive in question or the value of having the slightly
> more compact encoding available.

I do not think that is an incentive for anyone. The main application for FS is DDoS mitigation. Those who mitigate an attack with FS do not even have control over the flow-labels used by an attack. One could argue that for an attacker it could be even an advantage to make use of the entire 20-bit flow-label space to make mitigation via FS less efficient (but this might be a bit exaggerated). 

>>> 
>>> Section 7
>>> 
>>> It was a little surprising to me that the inability to match (e.g.) TCP
>>> flags or Port values on non-initial IP fragments was not reiterated in
>>> the security considerations of 5575bis. I don't think it would make
>>> sense to mention that just in this document's security considerations,
>>> though -- if we are to change anything it should be in 5575bis. But I
>>> guess we had that conversation already, at
>>> https://mailarchive.ietf.org/arch/msg/idr/zvpLPjllvKWFuyraZUVz8lB8Wz0/
>>> and thus no change is expected.
>> 
>> While IPv4 and IPv6 fragmentation serves the same pupose the encoding is different so we needed to redefine thi section. FS is working stateless on the packets and can only match on what is in the packet.
> 
> Exactly.  I am proposing that this restriction (working stateless and
> cannot match [application-layer headers] things not in the packet) is
> mentioned again in the security considerations section.  I believe that
> this limitation can be described in a way that is agnostic to IPv4 vs IPv6,
> and thus would be better placed in 5575bis than in this document.

I agree that this should rather go into 5575bis than in this document. 

I suggest to add the following to the Security Considerations section: 

ADD: 
Implementations may not be able to locate all header values
required to identify a packet. This can be especially problematic 
in the case of fragmented packets that are not the first fragment 
and thus lack upper-layer protocol headers or Encapsulating Security 
Payload (ESP) NULL [RFC4303] encryption.

@ Alvaro do you think we should roll that paragraph into rfc5575bis?

Cheers Christoph
	
-- 
Christoph Loibl
c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at