Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Mon, 20 July 2015 16:03 UTC
Return-Path: <ginsberg@cisco.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F8E1A9092 for <isis-wg@ietfa.amsl.com>; Mon, 20 Jul 2015 09:03:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEXWm17Xue_1 for <isis-wg@ietfa.amsl.com>; Mon, 20 Jul 2015 09:03:36 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CBF1A8F41 for <isis-wg@ietf.org>; Mon, 20 Jul 2015 09:03:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6328; q=dns/txt; s=iport; t=1437408216; x=1438617816; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=oJgF2/JYO2nU8S/BJFM4RvpTIgf+lvEqrzdM9wxgdIY=; b=bA//k5W7VwRb2rXFLF0wguTNHw+Zt5bSVhbB8yNClUhpF/bG8lFSMLB6 pmFGrQIdy4QaZh0Z214WyoE6QmKrKv4+Kg2jzEBTQlKteze6u3jgeMu4U eU9BO7hCz8wekt5PV8UalruCLkBL/W2ibnjdAeWCSTEi8rVpBVbmk+mh9 g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AeAwCOG61V/4sNJK1cgxNUaQa7ZwmBawqFdwKBLDgUAQEBAQEBAYEKhCMBAQEEAQEBNzQXBAIBCBEEAQELFAkHJwsUCQgBAQQBEggTiBMNyAQBAQEBAQEBAQEBAQEBAQEBAQEBAQETBItMhCMRASA4BoMRgRQFjDiIGgGEboh1hBqTKiaCDRyBU28BgQw6gQQBAQE
X-IronPort-AV: E=Sophos;i="5.15,508,1432598400"; d="scan'208";a="11403448"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-9.cisco.com with ESMTP; 20 Jul 2015 16:03:35 +0000
Received: from xhc-rcd-x08.cisco.com (xhc-rcd-x08.cisco.com [173.37.183.82]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t6KG3ZCl001724 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 20 Jul 2015 16:03:35 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.220]) by xhc-rcd-x08.cisco.com ([173.37.183.82]) with mapi id 14.03.0195.001; Mon, 20 Jul 2015 11:03:34 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "isis-wg@ietf.org list" <isis-wg@ietf.org>
Thread-Topic: draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
Thread-Index: AdC4Ipx32lu/9PxwSImAiodC6BhewAK2E9egAAKIimA=
Date: Mon, 20 Jul 2015 16:03:34 +0000
Message-ID: <F3ADE4747C9E124B89F0ED2180CC814F5949BA31@xmb-aln-x02.cisco.com>
References: <770_1436211470_559AD90E_770_16843_1_36185c15-983d-4b98-8b77-109c5a808142@OPEXCLILMA2.corporate.adroot.infra.ftgroup> <30835_1437404233_55AD0C49_30835_3864_1_53C29892C857584299CBF5D05346208A0F5F8FCD@OPEXCLILM21.corporate.adroot.infra.ftgroup>
In-Reply-To: <30835_1437404233_55AD0C49_30835_3864_1_53C29892C857584299CBF5D05346208A0F5F8FCD@OPEXCLILM21.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.24.52.132]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/yBwVxxKQb4ZPEg8xj-A9MK8MOTY>
Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 16:03:38 -0000
To add to what Bruno has said: In https://tools.ietf.org/id/draft-ietf-karp-isis-analysis-07.txt Section 2.3.2 there is the following paragraph: A rogue system having access to the common key used to protect the LSP, can send an LSP, setting the Remaining Lifetime field to zero, and flooding it thereby initiating a purge. Subsequently, this also can cause the sequence number of all the LSPs to increase quickly to max out the sequence number space, which can cause an IS to shut down for MaxAge + ZeroAgeLifetime period to allow the old LSPs to age out in other ISes of the same flooding domain. But this is NOT the issue discussed in Bruno's draft. In particular the problem Bruno discusses does not require the attacker to have the key and the attacker does NOT set RemainingLifetime to 0- it sets it to a small non-zero value. These distinctions are important because in Bruno's scenario it is not necessary for the attacker to have the authentication key - yet they can still cause LSPs to be purged prematurely. Les > -----Original Message----- > From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of > bruno.decraene@orange.com > Sent: Monday, July 20, 2015 7:57 AM > To: isis-wg@ietf.org list > Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement- > 00.txt > > Follow up on a comment expressed during the presentation: > draft-ietf-karp-isis-analysis do _not_ talk about this problem statement. > > > -----Original Message----- > > From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of > > bruno.decraene@orange.com > > Sent: Monday, July 06, 2015 9:38 PM > > To: isis-wg@ietf.org list > > Cc: SCHMITZ Christof IMT/OLN > > Subject: [Isis-wg] > > draft-decraene-isis-lsp-lifetime-problem-statement-00.txt > > > > Hi all, > > > > Please find below a draft describing the problem statement with > > regards to the possible corruption of the LSP lifetime. > > https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-problem- > > statement-00 > > > > Comments welcomed. > > > > Thanks, > > Regards, > > Bruno, Christof > > > > -----Original Message----- > > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > > Sent: Monday, July 06, 2015 9:29 PM > > > > > > > > A new version of I-D, > > draft-decraene-isis-lsp-lifetime-problem-statement- > > 00.txt > > has been successfully submitted by Bruno Decraene and posted to the > > IETF repository. > > > > Name: draft-decraene-isis-lsp-lifetime-problem-statement > > Revision: 00 > > Title: IS-IS LSP lifetime corruption - Problem Statement > > Document date: 2015-07-06 > > Group: Individual Submission > > Pages: 6 > > URL: https://www.ietf.org/internet-drafts/draft-decraene-isis-lsp- > > lifetime-problem-statement-00.txt > > Status: https://datatracker.ietf.org/doc/draft-decraene-isis-lsp- > > lifetime-problem-statement/ > > Htmlized: https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime- > > problem-statement-00 > > > > > > Abstract: > > The IS-IS protocol exchanges Link State Packet (LSP) to exchange > > routing information. The lifetime of this LSP is located in the LSP > > header and is neither protected from corruption by the Fletcher > > checksum nor by cryptographic authentication. So the LSP lifetime > > may be altered, either accidentally or maliciously any time. > > > > The lifetime field of the LSP is an important field for the correct > > operation of IS-IS. Corruption of this LSP lifetime may cause > > flooding storm with severe impact in the network. > > > > This draft documents the problem statement and calls for a solution. > > > > > > > > > > > __________________________________________________________ > ____ > > > __________________________________________________________ > _ > > > > Ce message et ses pieces jointes peuvent contenir des informations > > confidentielles ou privilegiees et ne doivent donc pas etre diffuses, > > exploites ou copies sans autorisation. Si vous avez recu ce message > > par erreur, veuillez le signaler a l'expediteur et le detruire ainsi > > que les pieces jointes. Les messages electroniques etant susceptibles > > d'alteration, Orange decline toute responsabilite si ce message a ete > > altere, deforme ou falsifie. Merci. > > > > This message and its attachments may contain confidential or > > privileged information that may be protected by law; they should not > > be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and > > delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have > > been modified, changed or falsified. > > Thank you. > > > > _______________________________________________ > > Isis-wg mailing list > > Isis-wg@ietf.org > > https://www.ietf.org/mailman/listinfo/isis-wg > > __________________________________________________________ > __________________________________________________________ > _____ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites > ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez > le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les > messages electroniques etant susceptibles d'alteration, Orange decline toute > responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; they should not be distributed, > used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > Isis-wg mailing list > Isis-wg@ietf.org > https://www.ietf.org/mailman/listinfo/isis-wg
- [Isis-wg] draft-decraene-isis-lsp-lifetime-proble… bruno.decraene
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… prz
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… Les Ginsberg (ginsberg)
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… prz
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… bruno.decraene
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… Les Ginsberg (ginsberg)
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… Tony Przygienda
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… Uma Chunduri
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… David Lamparter
- Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-pr… Tony Przygienda