IETF Logo Mail Archive

Re: Questions regarding the security mechanisms//RE: CRH and RH0

"Joel M. Halpern" <jmh@joelhalpern.com> Sat, 16 May 2020 15:40 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30A873A0885 for <ipv6@ietfa.amsl.com>; Sat, 16 May 2020 08:40:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0lZqe5mFemN for <ipv6@ietfa.amsl.com>; Sat, 16 May 2020 08:40:44 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1B3F3A087F for <6man@ietf.org>; Sat, 16 May 2020 08:40:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 49PTy35NGDz1p4d9; Sat, 16 May 2020 08:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1589643643; bh=9+bBMTek1WBADC0yIXQDJAOjkQ3MYdK3n4x6fLyTW1g=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=np105lvn+IHF2UrydXKaR+TsI9+Mm9E0Bj9m5NhybDa7R8jOylVi8OeDGPeeI9njI NupOk4cvtqeTC2F3cMrkvIaya47TuLJ8Otc6r89uBD365JSFgLiWKwWD3s6Dh1DlO2 7XSyjn2/+LqORHMUyZBCiYbyIFlwwfyAqErHQO7c=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 49PTy16mpKz1p4d8; Sat, 16 May 2020 08:40:41 -0700 (PDT)
Subject: Re: Questions regarding the security mechanisms//RE: CRH and RH0
To: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>, Tom Herbert <tom@herbertland.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Cc: 6man <6man@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <23488ea0d4eb474c9d7155086f940dae@huawei.com> <006c01d62aa1$8c195520$a44bff60$@com> <DM6PR05MB634863122645FD4981B97F71AEBD0@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35thGuTgTmCFozU=3MULW8V95OwA5GdqQ7OGrA-agR7Hw@mail.gmail.com> <891ccad03b484c7386ab527d89143f8c@huawei.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <f4316f15-496b-718f-2ea6-f2630eec2a8d@joelhalpern.com>
Date: Sat, 16 May 2020 11:40:37 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <891ccad03b484c7386ab527d89143f8c@huawei.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SVx3E5jWeOhdNloiEI-6ls4M8As>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2020 15:40:45 -0000

Maybe I am confused, but theCRH security requirements are almost the 
same security criteria we accepted (and the Security ADs accepted) for 
SRH.  These objections would apply equally to SRH.

Yours,
Joel

On 5/16/2020 2:36 AM, Xiejingrong (Jingrong) wrote:
> <...snip the redundant text, see the in-line reply marked with [XJR]>
> Hi!
> 
> That raises an interesting question. Can a protocol specification have a normative MUST requirement for correctness or security that is dependent on completely external properties? If this is saying that the ACLs are implemented as part of the CRH datapath then tht might be reasonable, but if this is saying that ACLs must be deployed at every possible edge node outside of the CRH processing that doesn't seem like it could be a MUST in a protocol specification (and this might be coming close to the general but effectively useless requirement that the underlying network MUST be secure and correct for the protocol to be secure and correct).
> 
> [XJR] Good catch that "ACLs must be deployed at every possible edge node outside of the CRH processing" makes it difficult to deployable.
> [XJR] But If this "MUST" is weaken to any extent, I am afraid the said RFC5095 attack could be from Internet.
> 
> Also, I think you might want to mention that AH should be used to protect the routing header when security is a concern. AH is part of the protocol suite and doesn't depend on external factors other than what's happening at the end points. Normative requirements are appropriate for security via AH.
> 
> [XJR] Agreed that AH could help to ensure the Source is from a legitimate source as RFC8754 HMAC does. But there is no mandatory AH/HMAC in this draft.
> [XJR] Once an attack packet pass through the border router, there is no additional protection like the "complemented per-node protection" in RFC8754 section 5.1.
> 
> Thanks
> Jingrong
> 
> Tom
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email