Re: [P2PSIP] Re: Comments on draft-jennings-p2psip-security-00
"David A. Bryan" <dbryan@sipeerior.com> Sun, 18 March 2007 18:57 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HT0Z6-0007UJ-Q6; Sun, 18 Mar 2007 14:57:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HT0Z6-0007TD-8c for p2psip@ietf.org; Sun, 18 Mar 2007 14:57:12 -0400
Received: from nf-out-0910.google.com ([64.233.182.185]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HT0Z4-0003pH-Kq for p2psip@ietf.org; Sun, 18 Mar 2007 14:57:12 -0400
Received: by nf-out-0910.google.com with SMTP id l36so850637nfa for <p2psip@ietf.org>; Sun, 18 Mar 2007 11:57:09 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=fQdPS7Thm+exFN+6ZVGbh3kU2VkwEp9fgnhHgkWaSBDK7rMGqOC5T4gkcitgsBt6WsCwWe0/32LE9zgCewon9BmLjPNCHzvgKMgJ8rtCjNyIeM2Eq/pxcH7OVC23qmGQ/XIU0aybqRAvlOMv6n7lZUQnE/ZQ4KiB/eSICD1Rt1I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=eLy6LYovS0/s15Kb6p1dikBQSg8qy2xi2PPw2Yn1hHuucupKnmUObMpUJZDz6FCSl8yyaBIDsjHfRUl1xonwadDaaszSBGchMXEThGnpiKPdG2x4qVheMwwy5E5XdrOZnZQR/UCFTc9UhOFB5If7HqI2MGXJOkXrhIa+Otk3S5A=
Received: by 10.82.163.13 with SMTP id l13mr8329982bue.1174244229507; Sun, 18 Mar 2007 11:57:09 -0700 (PDT)
Received: by 10.82.106.15 with HTTP; Sun, 18 Mar 2007 11:57:09 -0700 (PDT)
Message-ID: <4d4304a00703181157jc2cfde6m5ab5e1a1ac905f9d@mail.gmail.com>
Date: Sun, 18 Mar 2007 19:57:09 +0100
From: "David A. Bryan" <dbryan@sipeerior.com>
To: Cullen Jennings <fluffy@cisco.com>
Subject: Re: [P2PSIP] Re: Comments on draft-jennings-p2psip-security-00
In-Reply-To: <75E84FB8-70D2-4595-B1A5-E05D65386088@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <F4859B43-15B4-4F44-B2CA-63C88A06EBEE@magma.ca> <75E84FB8-70D2-4595-B1A5-E05D65386088@cisco.com>
X-Google-Sender-Auth: 86d0b564f0c57ecb
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a3f7094ccc62748c06b21fcf44c073ee
Cc: Philip Matthews <philip_matthews@magma.ca>, P2PSIP Mailing List <p2psip@ietf.org>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
Forgot to reply this...also possibly the wrong thread for this, should maybe have posted in the other thread about certificates. There may be cases where we need a seperate peerID in the sense that the device has no associated user. I'm thinking things like gateways, or even a bootstrap if you have a persistent box somewhere to help you bootstrap on. May only be corner cases, however. Maybe a user "bootstrap" or something... David On 3/9/07, Cullen Jennings <fluffy@cisco.com> wrote: > > On Mar 8, 2007, at 4:37 PM, Philip Matthews wrote: > > > Hi Cullen: > > > > I read your draft on security draft-jennings-p2psip-security-00. > > and thought it had some interesting ideas. > > Here are some comments and questions that I have. > > I have adopted Spencer's style of mixing paragraphs from the document > > with embedded comments prefixed by "Philip:" > > > > - Philip > > > > ------------ > > [snip] > > When a client wants to store some information in a record, they > > sent > > a request that has: their AOR, the record type name, the time, the > > data to store in the record, and MUST include a signature over all > > that information. When a peer goes to store the information, it > > MUST > > > > Philip: When you say "client" and "peer", are you using these terms as > > defined in the P2PSIP Concepts document? My guess is that you > > are using the word "client" in the SIP meaning, not in the P2PSIP > > meaning. > > I was trying to stay consistent with the Concepts document but I'm > sure I messed up in places. Any help fixing up my terminology would > be much appreciated. > > > > > check that the signature is correct. It SHOULD also check that the > > data looks appropriate for this type of record given by checking > > things like the size of the data is in an appropriate range. > > When a > > client retrieves data out of the DHT, it retrieves all the > > information that was signed and SHOULD verify the signature on the > > data. > > > > Philip: This seems similar to the proposal in draft-singh-p2p-sip-01. > > Can you comment on this? > Uh, no comment :-) seriously - I have not read latest version of > singh yet but I will read it before the meeting - I'm not at all > surprised that they would have same thing - we talked about this at > some of the prior meetings > > > > > Open Issue: how do we want to deal with checking time and also > > does > > the data have a Time To Live (TTL). > > > > Open Issue: do we pass the certificate with the signature or do we > > provide some alternative scheme to get the certificates. I am > > leaning towards pass the certificate along with the signature. A > > problem with this is the message size. A possible problem with not > > > > Philip: Are your worried about size in sending the message or in > > storing > > the data? That is, if we used for example TCP transport (i.e., not > > UDP), > > then would your concerns go away? > > Well there are many ways we could skin this cat - in the end I > suspect that the what works best for NAT traversal will be the > dominating factor for choosing the design. > > > > > doing it is that the signature are used to verify the constructions > > of the routing architecture and assuming that the routing > > architecture is in place before a signature can be checked may lead > > to problems. > > > > > > 4. Routing Protection Architecture > > > > The goal of protecting the routing is stopping attacker from > > performing a DOS attack on they system by misrouting requests in > > the > > DHT. The data is already protected by the data protection scheme > > above so an attacker can't tamper with the data in a way the user > > can't detect but an attacker can make it look like no data is > > available. There are a few obvious observation to make about this. > > First, it is easy to ensure that attacker at least has to have an > > valid enrollment with this particular DHT. Second, this is a DOS > > attack and the value of successfully executing it is fairly low. > > Third, if a larger percentage of the peers on the DHT are > > controlled > > by the attacker, it is probably impossible to perfectly secure > > this. > > > > When a peer sends a request that modifies the routing in the > > DHT, it > > MUST sign the request on behalf of a user that is currently > > responsible for the peer using that users certificate. A peer that > > is changing the routing state based on this request to check the > > signature before performing the request. > > > > Philip: There are a number of things I don't understand here. > yah - it is poorly written > > > Can you give some examples of what you mean by > > "a request that modified the routing"? For example, do you mean > > "setting up a new Peer Protocol connection"? > I mean a peer protocol messages that changes the finger table (or > whatever that's DHTs equivalent is for the things the DHT uses to > decide how to route requests and DHT update messages) > > > And how does signing such requests help prevent DOS attacks? > > I can see how it might help us catch the peer that did the attack, > > but this is very much after the fact. > I think the after the fact sill has significant value - particularly > if you have a way of slowly revoking the account. You can also do > things where nodes can detect one user trying to be many things at > once when it actually should only be one things and this makes it > harder to hijack large portions of the DHT search space. > > > Finally, why sign this with a user's certificate? Why not sign this > > with the certificate of the peer? (As documented in Concepts-04, > > we have already agreed that peers must have certificates to > > join the overlay.) > > Uh agree and disagree here. I have not heard anyone explain why we > need both peer and users certificates so I am assuming that where you > need a peer certificate, you just use the user certificate for some > users that is authorizing the peer to use it. The problem with peer > certificates has to do do with what their names are. If we don't > need to introduce a whole new security namespace for peers, it is > easier to just have users certificates. > > > > > > > To reduce attacks on routing, the design tries to limit the ability > > of an attacker to place peers at arbitrary locations in the DHT. > > Some possible ways to do this are: > > > > L1: Limiting IP addresses: Other systems have done this by > > forcing > > the peer id to be a hash of a combination of the peers IP and > > port however this approach does not work with IPv6 where the > > users have an arbitrary number of IP addresses and the > > scheme is > > also difficult to make work with IPv4 and NATs. > > L2: Limiting by AOR: The first step to doing this is limiting the > > number of AORs an attacker can enroll in the system. How > > to do > > this is out of scope. The next step would be forcing a > > peer ID > > to have the high order bits formed from an hash of the AOR and > > some low order bits chosen randomly or hashed from the IP > > address and port. Peers would check the Peer ID was > > appropriate > > for the given users that signed the request. > > > > Philip: What do you see as the AOR of a peer? > I have no idea which is exactly one of the reason I would rather not > have peer certificates if we don't need them. > > > Are you thinking of > > the scheme you, Bruce, and David are using in the dSIP draft? > no - I don't see that as consistent with this draft (it could easily > be changed to be consistent with this but I don't think it is yet). > > > If so, I don't quite see how this would work. > (uh, yah, I don't see how having the peers have AOR will work either :-) > > > It seems that your peer-id > > would depend on itself. > > [For other readers of this message, those URIs look like: > > peer@<hostport>; peer-id=<peerid> > > where <hostport> is an IP address and port and <peerid> is a peer-id]. > > Moreover, the other unique part is the <hostport>, so this falls > > back to > > option L1. > > > > L3: Limited by assignment at enrollment: When enrolling, the user > > would be given a small set of peer IDs for their use. This is > > effectively equivalent to Limited by AOR but has the addition > > complexity of the certificates become more complex as a peer > > would need to sign with the appropriate peer id as well as the > > AOR. > > > > > > > > 5. Mapping to SIP > > > > There are several ways this could be mapped to SIP. > > > > Philip: Is this section making the assumption that the Peer Protocol > > is SIP? Otherwise, I don't understand what this has to do with SIP. > > I should have made this clearer - the whole document before this > section apples to any peer protocol. This section only applies if the > peer protocol is SIP. > > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www1.ietf.org/mailman/listinfo/p2psip > -- David A. Bryan dbryan@SIPeerior.com +1.757.565.0101 x101 +1.757.565.0088 (fax) www.SIPeerior.com _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] Comments on draft-jennings-p2psip-securi… Philip Matthews
- [P2PSIP] Re: Comments on draft-jennings-p2psip-se… Cullen Jennings
- [P2PSIP] Do we need peer certificates? (was Re: C… Philip Matthews
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… EdPimentl
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Dean Willis
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… marcin.matuszewski
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim