RE: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
"Hosnieh Rafiee" <ietf@rozanak.com> Sun, 01 December 2013 22:19 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6921AE1A0 for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 14:19:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZEeNmnBNPCTL for <ipv6@ietfa.amsl.com>; Sun, 1 Dec 2013 14:19:21 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id C1D551ADF26 for <ipv6@ietf.org>; Sun, 1 Dec 2013 14:19:21 -0800 (PST)
Received: from kopoli (g226058092.adsl.alicedsl.de [92.226.58.92]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0LoVeM-1V6krP0aOw-00ggD4; Sun, 01 Dec 2013 17:19:14 -0500
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Ray Hunter' <v6ops@globis.net>
References: <005701ceec99$f54ae240$dfe0a6c0$@rozanak.com> <5299003A.7000704@globis.net> <002101ceed4c$0fdafbb0$2f90f310$@rozanak.com> <529AFD9D.30309@globis.net>
In-Reply-To: <529AFD9D.30309@globis.net>
Subject: RE: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
Date: Sun, 01 Dec 2013 23:19:04 +0100
Message-ID: <001301ceeee3$5d0c7f10$17257d30$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIHA3I6hcVt78STKY72lRqNwqmUygHQONcQAf3/PiMCHxxHepmgTruA
Content-Language: en-us
X-Provags-ID: V02:K0:EfRfaQH78h6D6788o8kOEQPabb+160bjHXCYNZdn3GK CtO74KErHuL1CFylksbuXrSBMA+zYZZFfLvZ3TbkxQGTJjbsDk BmQoosMfwepxsmoENHyZ8P9QMXSy+PeUF6A1wQNmQ4jzkiSLo/ hZbqjB57/0f/OAbA+FoaQTCBGETm8Vn+n6f85TX2YWGUp95kLy xeen6Ck9lPpoMZismZcTPLakAVVC6Pmx0Y+drFyNEVaXtAzYP4 57OpYjm5csNFWB3WSN8SmNjGGXXpcFViH9hbGv5L2FYJVhZAhI 8AzS++wCkKMTyQUKCUJJEpPBng09J2LVPHfBYVTA8Bt8QtxiuW ZXGY3BiR+iYgwv0Jz/Uo=
Cc: 'marcelo bagnulo braun' <marcelo@it.uc3m.es>, 'Derek Atkins' <DAtkins@mocana.com>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Dec 2013 22:19:24 -0000
> This portion of the thread started because you claimed in your mail of > 26/11 18:12 that the attack was novel. > I responded that it was not novel, together with the referenced RFC to show it > was not novel. > > We now seem to agree that the attack is possible but not novel. Good! First, nobody believed on this attack (you can yourself refer to previous posts of Christian and others) second, SeND cannot prevent it as well and only possible to prevent for routers but not nodes since you do not authorize the public key of nodes but the routers. My reason will be at the end of this message. > >> Because every node performing DAD defends its own local tentative > address. > >> If the Sec value is different on the attack packet. it will NOT match > >> the tentative address of the defending interface, and the node won't > >> even contemplate triggering DAD. > > > > Again we're in a loop... Please please ask you once read the NDP > > document. I do not know how to explain to you that target address is > > checked which is exactly the victim address but verification is on > > source address. You can consider it as a problem of NDP specification. > I am really unsure what your novel claim now is. > > That standard NDP RFC 4861 + CGA RFC3972 (without SEND or some other > certificate based validation) is partially vulnerable to on-link spoofing due to > existence of hash collisions with a different sec value? > Of course it is. I guess you answered yourself... > It even says so in Section 7.1 of RFC 3972 > > " For each valid CGA Parameters data structure, there are 4*(Sec+1) > different CGAs that match the value. This is because decrementing > the Sec value in the three leftmost bits of the interface identifier > does not invalidate the address, and the verifier ignores the values > of the "u" and "g" bits. In SEND, this does not have any security or > implementation implications." > Note the last sentence: CGA (when used in combination with SEND) does not > have any security or implementation implications. Not true! Otherwise you register all your public keys in a CA that you really do not do it in practice and it is only for routers. Even for routers, the node MUST trust the router during IP configuration so that it can configure its IP address and then try to connect to internet and check the validity of the router's certificate. So, the attacker can forge the routers identity for a short moment before this node can verify this router from a trusted authority. But again this never happens for nodes in the network. The reason is operational problems (costs and too much work to register all nodes in the CA) > > > > I guess you missed the point and now talking about two different things. > > This section is for routers and not the other nodes since it is not > > efficient and feasible to register all nodes of the network in a CA > > (unnecessary adding expenses and complexity while the SSAS itself can > > do this job without this help). > > You guess wrong. > > If you want to certify two end nodes to each other on a LAN, you need a > common trust anchor. > > AFAICS One way of doing that is for them both to trust the router. > They can do that with SEND today + router certification and communicate all > on-link traffic via the router. Sorry, you again talking about routers. I keep telling you that the routers is out of the scope of SSAS otherwise you use other methods to certified the routers (you need a centralized node). What I claimed in SSAS and repeating here is that providng the proof of IP address ownership but not authorize the router. This is what also you cannot expect from CGA or any other approaches that they generate something themselves! > Another method (not defined in an RFC) is to leverage some other trust > anchor such as AD. > > SEND allows the deployer to specify the appropriate trust anchor. It may use > RPKI. (not specified in the SEND RFC) SEND allows end nodes to verify each > other using the RSA signature option (although the exact mechanism is not > specified in the RFC) Not all networks support Active directory and probably not all enterprise would prefer to use active directory. Please check rfc 6494 and rfc 6495. Actually my RPKI model is/was based on one of these RFC. > SSAS mandates use of RPKI. Wrong! Who said this. SSAS does its job but for router authorization, you need to use RPKI. > RPKI assumes off site connectivity to global servers on the public Internet. > > Off site connectivity may not be available. > > RPKI seems entirely appropriate for securing BGP on the global Internet > backbone: the main purpose of BGP being to enable off-site communication. You're wrong. The RPKI that I am talking is different than BGP and it is for SeND. So, I ask you please check the reference RFC. BTW, if you checked the SeND RFC in html format you could see the update on that RFC by two other RFCs for RPKI. So I recommend you to check it out. > But because you are now making your ability to conduct local communication > dependent on a global RPKI infrastructure, you might actually be introducing a > new off-site triggered attack on local communications. I know plenty of people > who want their local communications to survive even in an extended period > of external connectivity being down. Your assumption is wrong. SSAS does the same as CGA does with better performance, less packet size and better security. If you want router authorization use other approaches along with SSAS that my recommendation is RPKI model. > > RFC3971 "The deployment model for trust anchors can be either a globally > rooted public key infrastructure or a more local, decentralized > deployment model similar to that currently used for TLS in Web > servers." > > FYI Many enterprises already have deployed a machine certificate per end > node (Active Directory) (that could also be leveraged for use with SEND once > a connection to the domain controller has been established) but in any case I > don't agree with your point of this being an arduous burden. > > Please also read NDP document and check the CGA verification again. > Please provide references. I read the RFC's that I consider relevant, and still > do not understand how your attack scenario is novel or effective in practice. Not true. Many enterprise does not support AD. So, you cannot based your work on other services. Smile, Hosnieh
- FW: New Version Notification for draft-rafiee-6ma… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… Ray Hunter
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… Ray Hunter
- RE: FW: New Version Notification for draft-rafiee… Christian Huitema
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… George Michaelson
- RE: FW: New Version Notification for draft-rafiee… Christian Huitema
- RE: FW: New Version Notification for draft-rafiee… Christian Huitema
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… marcelo bagnulo braun
- Re: FW: New Version Notification for draft-rafiee… Dan Luedtke
- Re: FW: New Version Notification for draft-rafiee… Ray Hunter
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… Ray Hunter
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… marcelo bagnulo braun
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee
- Re: FW: New Version Notification for draft-rafiee… Tom Taylor
- RE: FW: New Version Notification for draft-rafiee… Greg Daley
- Re: FW: New Version Notification for draft-rafiee… Ray Hunter
- Re: FW: New Version Notification for draft-rafiee… Jean-Michel Combes
- RE: FW: New Version Notification for draft-rafiee… Hosnieh Rafiee