Re: [Idr] Adam Roach's No Objection on draft-ietf-idr-shutdown-08: (with COMMENT)
Job Snijders <job@ntt.net> Thu, 25 May 2017 09:08 UTC
Return-Path: <job@instituut.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A961412714F for <idr@ietfa.amsl.com>; Thu, 25 May 2017 02:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.408
X-Spam-Level:
X-Spam-Status: No, score=-1.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, T_HTML_ATTACH=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LNQOrcIMUMXP for <idr@ietfa.amsl.com>; Thu, 25 May 2017 02:08:29 -0700 (PDT)
Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19756129C49 for <idr@ietf.org>; Thu, 25 May 2017 02:08:26 -0700 (PDT)
Received: by mail-wm0-f44.google.com with SMTP id 7so83953997wmo.1 for <idr@ietf.org>; Thu, 25 May 2017 02:08:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=3vU+ya/2A2hl/qsa60dsFyBT6gOzjK/fD4y9vRNfRqQ=; b=NK/6DOZpIjvupCm+a62W8ISihVkOMtDKth/UqkDommjEAT6Gb4vqb5S+A5rO3g9NFM nb9LMJbwxLTwQ09sQnmLIJnVWAHiZuLuckH5NF+McdZqEZZ+lVoqojbKc1kYdmrnKO60 GpE/Y+un3HpZwiSzsEBb8vf790BEb1CXXdw/3MnG79Puurlihvv++ocAL0y826sQ2nYD LRcpFC6/QR7d1Seq0q2spSXlj11HzGGAtYV+Timg364e/baD+MgYenL2rbUzRxyrvppU cRzjMnxuTzbhF/TyWbF6r2zCmOIVCuMqwcxCs2JGOzmDd7ZSAuwHHbN4iGKuu9RuZVf4 WaAw==
X-Gm-Message-State: AODbwcDk4cujFgPUxjQBhC8Wnn1zaR083+v0VRqqzBuR3eI/xsbLc+IO XAKWsZu5NjTMopI9
X-Received: by 10.28.178.207 with SMTP id b198mr9406544wmf.0.1495703305282; Thu, 25 May 2017 02:08:25 -0700 (PDT)
Received: from localhost (union-hotels-13.gh-union.si. [91.208.88.13]) by smtp.gmail.com with ESMTPSA id g25sm10177856wra.1.2017.05.25.02.08.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 May 2017 02:08:23 -0700 (PDT)
Date: Thu, 25 May 2017 11:08:20 +0200
From: Job Snijders <job@ntt.net>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, aretana@cisco.com, draft-ietf-idr-shutdown@ietf.org, idr@ietf.org, idr-chairs@ietf.org, skh@ndzh.com
Message-ID: <20170525090820.ottlalmsdyorqrst@Vurt.local>
References: <149559358944.28506.18362121959782542849.idtracker@ietfa.amsl.com> <CA+b+ERmg33vdOywz=Krw_30vdwWpMYLS_EZRSE+bfrHcS12GUA@mail.gmail.com> <CA+b+ERmamUOaUjnNX2FM0Qh+S7Gz-7f7PVHXiVzczZg2rvMtwQ@mail.gmail.com> <CA+b+ERnyJAU4xe6EiwsER9gG3Np9L6F4aEQWt0ZT405mzYg5wg@mail.gmail.com> <53c58824-e5fa-88e1-b092-b2e285906514@nostrum.com> <CACWOCC86iDeFEceWG3P3W0UQEXTZXb2ogwuwrQ8OApFThWafcQ@mail.gmail.com> <0b729dc2-03cb-1ee0-18c2-aa40c454617f@nostrum.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="aqet6io5pz2xnazc"
Content-Disposition: inline
In-Reply-To: <0b729dc2-03cb-1ee0-18c2-aa40c454617f@nostrum.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170306 (1.8.0)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/wb2lbNGzGyi3DzXJUp63jgxkLs4>
Subject: Re: [Idr] Adam Roach's No Objection on draft-ietf-idr-shutdown-08: (with COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 09:08:32 -0000
Dear adam, On Wed, May 24, 2017 at 01:44:12PM -0500, Adam Roach wrote: > I understand your request for me to send text, but I'm still slightly > perplexed about the exact issue you are trying to highlight, so I'll > probably get it somewhat wrong. Here's an attempt: > > 1) Completely remove this text: > > However, the visual spoofing due to character confusion still > persists. This specification minimizes the effects of visual > spoofing by limiting the length of the Shutdown Communication. > > 2) Between the first and second paragraph, add the following: > > "As BGP Shutdown messages are likely to appear in syslog output, there is a > risk that carefully formed Shutdown Communication fields might be formatted > by receiving systems in a way to make them appear as additional syslog > messages. To limit the ability to mount such an attack, the mechanism > described in this document limits the length of BGP Shutdown Communication > fields to 128 octets in length." > > To be clear, I don't believe the mitigation proposed is a particularly > good solution to the problem. I'm just proposing this text as my > interpretation of what you seem to be claiming the existing text is > supposed to say. If you can verify that the text I propose above is an > accurate representation of the concern, then we can open a discussion > around whether the mitigation is appropriate. I accepted your suggestion & slightly rewrote the sentences for readability flow within the context of this document. Thanks! As to your belief on whether the mitigation proposed helps, the shutdown communication concept could've been defined in such a way to allow the communication to fill up to the maximum BGP message size (4000 octets, so with marker, type, etc a bgp shutdown communication perhaps could've been ~ 3979 octets). I believe that putting a limit in is useful: with 3979 octets someone can fill up a terminal screen, with 128 you can't. 128 could've been 127, or 129 - it is an arbitrary small value. The 128 number comes from earlier implementations where there was no Length field, in later versions of the document on the length field was added, but the effective shutdown communication message size was not changed. To keep things byte-aligned a 8 bit length field was used. "hysterical raisins" :) BTW, if you want to open an discussion, I don't understand why you cast your ballot as "no objection". And what outcome are you targetting? It seems unlikely at this point for the on-the-wire format to change. Attached is a rfcdiff HTML file to show the differences. NEW: -------- 6. Security Considerations This document uses UTF-8 encoding for the Shutdown Communication. There are a number of security issues with UNICODE. Implementers and operator are advised to review UNICODE TR36 [UTR36] to learn about these issues. UTF-8 "Shortest Form" encoding is REQUIRED to guard against the technical issues outlined in UTR36. As BGP Shutdown Communications are likely to appear in syslog output, there is a risk that carefully constructed Shutdown Communication might be formatted by receiving systems in a way to make them appear as additional syslog messages. To limit the ability to mount such an attack, the BGP Shutdown Communication is limited to 128 octets in length. Users of this mechanism should be aware that unless a transport that provides integrity is used for the BGP session in question, a Shutdown Communication message could be forged. Unless a transport that provides confidentiality is used, a Shutdown Communication message could be snooped by an attacker. These issues are common to any BGP message but may be of greater interest in the context of this proposal since the information carried in the message is generally expected to be used for human-to-human communication. Refer to the related considerations in [RFC4271] and [RFC4272]. Users of this mechanism should consider applying data minimization practises as outlined in Section 6.1 [RFC6973] as a received Shutdown Communication may be used at the receiver's discretion. ------- Kind regards, Job
- [Idr] Adam Roach's No Objection on draft-ietf-idr… Adam Roach
- Re: [Idr] Adam Roach's No Objection on draft-ietf… Adam Roach
- Re: [Idr] Adam Roach's No Objection on draft-ietf… Job Snijders
- Re: [Idr] Adam Roach's No Objection on draft-ietf… Adam Roach
- Re: [Idr] Adam Roach's No Objection on draft-ietf… Job Snijders