IETF Logo Mail Archive

[P2PSIP] 答复: An overlay resource leak scenario

邓灵莉/Lingli Deng <denglingli@chinamobile.com> Thu, 04 July 2013 22:58 UTC

Return-Path: <denglingli@chinamobile.com>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0E6B11E81E9 for <p2psip@ietfa.amsl.com>; Thu, 4 Jul 2013 15:58:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.005
X-Spam-Level: *
X-Spam-Status: No, score=1.005 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RELAY_IS_221=2.222, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PANiRqap9s24 for <p2psip@ietfa.amsl.com>; Thu, 4 Jul 2013 15:58:00 -0700 (PDT)
Received: from cmccmta.chinamobile.com (cmccmta.chinamobile.com [221.176.64.232]) by ietfa.amsl.com (Postfix) with SMTP id 0EDE711E80E2 for <p2psip@ietf.org>; Thu, 4 Jul 2013 15:57:58 -0700 (PDT)
Received: from spf.mail.chinamobile.com (unknown[172.16.20.11]) by rmmx-oa_allagent02-12002 (RichMail) with SMTP id 2ee251d5fdc0b90-ebb90; Fri, 05 Jul 2013 06:57:05 +0800 (CST)
X-RM-TRANSID: 2ee251d5fdc0b90-ebb90
Received: from cmccPC (unknown[110.96.36.100]) by rmsmtp-oa_rmapp01-12001 (RichMail) with SMTP id 2ee151d5fdc0a14-c8efc; Fri, 05 Jul 2013 06:57:05 +0800 (CST)
X-RM-TRANSID: 2ee151d5fdc0a14-c8efc
From: 邓灵莉/Lingli Deng <denglingli@chinamobile.com>
To: 'Michael Chen' <michaelc@idssoftware.com>, p2psip@ietf.org
References: <20130704105617.59ca11a9ba9389561a029f06442e67fa.27bdf1c864.mailapi@email03.secureserver.net>
In-Reply-To: <20130704105617.59ca11a9ba9389561a029f06442e67fa.27bdf1c864.mailapi@email03.secureserver.net>
Date: Fri, 05 Jul 2013 06:57:57 +0800
Message-ID: <022901ce7909$ee903da0$cbb0b8e0$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_022A_01CE794C.FCB37DA0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac544XllHtGmtekAQYOEmqyNQUpByAAJ+z7A
Content-Language: zh-cn
Subject: [P2PSIP] 答复: An overlay resource leak scenario
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2013 22:58:05 -0000

Hi Michael,

 

I don’t quite follow the case you described.

 

Shouldn’t a well-behaved rejoining peer be using the still valid certificate in the first place?

Otherwise, it is easy to exploit this to launch a DoS attack against ES, which must be protected.

 

BR

Lingli

 

发件人: p2psip-bounces@ietf.org [mailto:p2psip-bounces@ietf.org] 代表 Michael Chen
发送时间: 2013年7月5日 1:56
收件人: p2psip@ietf.org
主题: [P2PSIP] An overlay resource leak scenario

 

Hi,

 

Background

==========

In a SIP usage of RELOAD, a peer can store its AoR and certificate in a single RELOAD Store Request with a SIP Registration kind and a Certificate By User kind. The data model for the SIP Registration is dictionary with its Node-ID as key, and Certificate By User is array.

 

P2PSIP Draft

===========

In pspsip-base-26, section 11.3, bullet #5 says:

   o  One or more Node-IDs ...
      ...  The enrollment server
      SHOULD maintain a mapping of users to Node-IDs and if the same
      user returns (e.g., to have their certificate re-issued) return
      the same Node-IDs, thus avoiding the need for implementations to
      re-store all their data when their certificates expire.

 

Implementation

=============

The enrollment server always returns a new Node-ID or keeps the above mapping for a short period compared to the expiration time of the certificate.

 

Usage Scenario

=============

A device goes in and out of the range of WiFi as it moves or sleeps then awakes. Each time it loses the WiFi, RELOAD does not get the chance to properly Leave the overlay. Each time it gets the WiFi back, it rejoins the overlay and receives a new Node-ID and thus a new certificate.

 

Resource Leak

=============

Due to the data model (dictionary key off Node-ID) and array (Store by appending), the overlay holds on to more and more useless SIP Registration and Certificate By User at the Resource-ID (hash of the device's AoR).

 

Possible Remedy 1

================

(p2psip-base) The enrollment server MUST maintain the same AoR to Node-ID mapping as long as the corresponding certificate is still valid. Con: expensive enrollment server storage.

 

Possible Remedy 2

================

(p2psip-sip and p2psip-base?) The joining peer MUST fetch and remove existing SIP Registration and Certificate By User at the Resource-ID before storing its current one. Con: peer-join complexity.

 

Do I have a case?

 

Thanks

 

--Michael

v2.23.0 | Report a Bug | By Email