Re: [OSPF] Kathleen Moriarty's Discuss on draft-ietf-ospf-prefix-link-attr-10: (with DISCUSS)
"Acee Lindem (acee)" <acee@cisco.com> Tue, 18 August 2015 17:20 UTC
Return-Path: <acee@cisco.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85BD21A8A91; Tue, 18 Aug 2015 10:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Lx_w01JL-wp; Tue, 18 Aug 2015 10:20:47 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AB701A8A87; Tue, 18 Aug 2015 10:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5670; q=dns/txt; s=iport; t=1439918447; x=1441128047; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=BL1Wk7obXBnzRczep/ru1Lz0OLl7Kdjw2KJRgf+9Uog=; b=Q6njGjaUVK2CPR6IFfHIgk7tboVL0eWtQYtyBHhVIU6kfn/272zySCmr 5HMTVVp39gxd0MRZDhagAQyzkStdnuFJ5qiGa0gkKa53sAgvx2YJ/6Yvi m6YyW0cIbRJqvwBAf/NNAAh6r9mPHLIM+vr/zU9Qvz2dJN86E7C/T/mfK w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CiAgDiaNNV/4oNJK1dgxtUaQaDHrpjAQmBd4V7AhyBGzgUAQEBAQEBAYEKhCQBAQQjEUUQAgEIGAICJgICAh8RFRACBA4FiBkDEg28IJBIDYVXAQEBAQEBAQEBAQEBAQEBAQEBARUEgSKKMYJPgVgRAR4zBwICgmWBQwWHIo1/AYUDhXuBbYFKhCyNA4NPg2cmgj+BPnEBgQ06gQQBAQE
X-IronPort-AV: E=Sophos;i="5.15,703,1432598400"; d="scan'208";a="179186399"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-2.cisco.com with ESMTP; 18 Aug 2015 17:20:46 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id t7IHKkDL018045 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Aug 2015 17:20:46 GMT
Received: from xch-aln-020.cisco.com (173.36.7.30) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 18 Aug 2015 12:20:45 -0500
Received: from xhc-aln-x03.cisco.com (173.36.12.77) by xch-aln-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Tue, 18 Aug 2015 12:20:45 -0500
Received: from xmb-aln-x06.cisco.com ([169.254.1.223]) by xhc-aln-x03.cisco.com ([173.36.12.77]) with mapi id 14.03.0248.002; Tue, 18 Aug 2015 12:20:45 -0500
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-ospf-prefix-link-attr-10: (with DISCUSS)
Thread-Index: AQHQ2T4vD1u2/uPu+k2Rr3P197oiCp4SLaKA///lEgA=
Date: Tue, 18 Aug 2015 17:20:44 +0000
Message-ID: <D1F8DE85.2BD4C%acee@cisco.com>
References: <20150817200640.5272.4712.idtracker@ietfa.amsl.com> <D1F7DABC.2BC37%acee@cisco.com> <CAHbuEH4Cwj4EmiqpBmb1g+SVezPNjJff9RiMuVi-B0EmtSTF2Q@mail.gmail.com>
In-Reply-To: <CAHbuEH4Cwj4EmiqpBmb1g+SVezPNjJff9RiMuVi-B0EmtSTF2Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.37.102.24]
Content-Type: text/plain; charset="utf-8"
Content-ID: <D318FE0FF73D64409818E4852B69864F@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ospf/mmfS9kNBB0E9a9kzjceAjv10_6c>
Cc: "ospf@ietf.org" <ospf@ietf.org>, "draft-ietf-ospf-prefix-link-attr@ietf.org" <draft-ietf-ospf-prefix-link-attr@ietf.org>, "draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org" <draft-ietf-ospf-prefix-link-attr.shepherd@ietf.org>, "draft-ietf-ospf-prefix-link-attr.ad@ietf.org" <draft-ietf-ospf-prefix-link-attr.ad@ietf.org>, The IESG <iesg@ietf.org>, "ospf-chairs@ietf.org" <ospf-chairs@ietf.org>
Subject: Re: [OSPF] Kathleen Moriarty's Discuss on draft-ietf-ospf-prefix-link-attr-10: (with DISCUSS)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 17:20:49 -0000
Hi Kathleen, On 8/18/15, 10:57 AM, "Kathleen Moriarty" <kathleen.moriarty.ietf@gmail.com> wrote: >Thank you for your quick response, Acee. I just have one tweak inline >that is usually important from a security standpoint. > >On Mon, Aug 17, 2015 at 6:46 PM, Acee Lindem (acee) <acee@cisco.com> >wrote: >> Hi Kathleen, >> Here are the updated "Security Considerations” after addressing Alvaro’s >> comments. >> >> 6. Security Considerations >> >> In general, new LSAs defined in this document are subject to the same >> security concerns as those described in [OSPFV2] and [OPAQUE]. >> >> OSPFv2 applications utilizing these OSPFv2 extensions must define the >> security considerations relating to those applications in the >> the specifications corresponding to those applications. >> >> Additionally, implementations must assure that malformed TLV and Sub- >> TLV permutations are detected and do not provide a vulnerability for >> attackers to crash the OSPFv2 router or routing process. Malformed >> LSAs MUST NOT be stored in the Link State Database (LSDB), >> acknowledged, or reflooded. Reception of malformed LSAs SHOULD be >> counted or logged for further analysis. > >Can you add in a sentence that says something to the effect of: > >Only valid TLVs and Sub-TLVs may be processed according to >specifications in section 2. This depends on how you define “valid”. For extendability, an implementation considers any TLV or Sub-TLV that is properly formed as valid. Of course, it only uses the TLV and Sub-TLVs that it knows how to interpret. Hence, the LSA will be considered valid and be stored in the LSDB and reflooded. This is the reason for using a TLV based encoding. > >Something similar for LSAs as well. Opaque LSAs [RFC 5250] are valid even if the opaque type is not recognized. Thanks, Acee > >A variation of that is fine. The main point being that you usually >want to accept only what is valid in a programming sense because of >you look for the malformed, you could miss something and wind up with >an unexpected condition as opposed to only accepting what is valid. > >Thank you, >Kathleen > >> >> >> Thanks, >> Acee >> >> On 8/17/15, 4:06 PM, "Kathleen Moriarty" >> <Kathleen.Moriarty.ietf@gmail.com> wrote: >> >>>Kathleen Moriarty has entered the following ballot position for >>>draft-ietf-ospf-prefix-link-attr-10: Discuss >>> >>>When responding, please keep the subject line intact and reply to all >>>email addresses included in the To and CC lines. (Feel free to cut this >>>introductory paragraph, however.) >>> >>> >>>Please refer to >>>https://www.ietf.org/iesg/statement/discuss-criteria.html >>>for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>>The document, along with other ballot positions, can be found here: >>>https://datatracker.ietf.org/doc/draft-ietf-ospf-prefix-link-attr/ >>> >>> >>> >>>---------------------------------------------------------------------- >>>DISCUSS: >>>---------------------------------------------------------------------- >>> >>>Thanks for your work on this draft. >>> >>>I have questions along the lines that Alvaro raised on the last sentence >>>of the Security Considerations section, but in context of security, this >>>is something that should be discussed. >>> >>> "Additionally, >>> implementations must assure that malformed TLV and Sub-TLV >>> permutations do not result in errors that cause hard OSPF failures." >>> >>>It would be very helpful to expand upon this statement. Are there >>>exploits that could result as well? Should this instead be scoped in >>>terms of what is valid so that the appropriate actions occur >>>consistently >>>when an invalid or malformed TLV or sub-TLV are received? I would think >>>the answer to the last question would clarify this enough for this >>>security consideration and if that's not possible, can you explain what >>>I'm missing? >>> >>>Thank you. >>> >>> >>> >> > > > >-- > >Best regards, >Kathleen
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Alia Atlas
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)
- Re: [OSPF] Kathleen Moriarty's Discuss on draft-i… Acee Lindem (acee)