[P2PSIP] Comments on draft-jennings-p2psip-security-00
Philip Matthews <philip_matthews@magma.ca> Fri, 09 March 2007 09:21 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HPbI7-0000Jk-5S; Fri, 09 Mar 2007 04:21:35 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HPT76-0006Mn-IQ for p2psip@ietf.org; Thu, 08 Mar 2007 19:37:40 -0500
Received: from mx3-6.spamtrap.magma.ca ([209.217.78.173]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HPT71-0004Cr-25 for p2psip@ietf.org; Thu, 08 Mar 2007 19:37:40 -0500
Received: from mail1.magma.ca (mail1.internal.magma.ca [10.0.10.11]) by mx3-6.spamtrap.magma.ca (8.13.0/8.13.1) with ESMTP id l290bXaZ017563; Thu, 8 Mar 2007 19:37:33 -0500
Received: from [10.0.1.2] ([24.139.16.154]) (authenticated bits=0) by mail1.magma.ca (Magma's Mail Server) with ESMTP id l290bQd5006653 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 8 Mar 2007 19:37:33 -0500
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <F4859B43-15B4-4F44-B2CA-63C88A06EBEE@magma.ca>
Content-Transfer-Encoding: 7bit
From: Philip Matthews <philip_matthews@magma.ca>
Date: Thu, 08 Mar 2007 19:37:27 -0500
To: Cullen Jennings <fluffy@cisco.com>
X-Mailer: Apple Mail (2.752.2)
X-magma-MailScanner-Information: Magma Mailscanner Service
X-magma-MailScanner: Clean
X-Spam-Status:
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 36fb765c89ed47dab364ab702a78e8fd
Cc: P2PSIP Mailing List <p2psip@ietf.org>
Subject: [P2PSIP] Comments on draft-jennings-p2psip-security-00
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
Hi Cullen: I read your draft on security draft-jennings-p2psip-security-00. and thought it had some interesting ideas. Here are some comments and questions that I have. I have adopted Spencer's style of mixing paragraphs from the document with embedded comments prefixed by "Philip:" - Philip ------------ [snip] When a client wants to store some information in a record, they sent a request that has: their AOR, the record type name, the time, the data to store in the record, and MUST include a signature over all that information. When a peer goes to store the information, it MUST Philip: When you say "client" and "peer", are you using these terms as defined in the P2PSIP Concepts document? My guess is that you are using the word "client" in the SIP meaning, not in the P2PSIP meaning. check that the signature is correct. It SHOULD also check that the data looks appropriate for this type of record given by checking things like the size of the data is in an appropriate range. When a client retrieves data out of the DHT, it retrieves all the information that was signed and SHOULD verify the signature on the data. Philip: This seems similar to the proposal in draft-singh-p2p-sip-01. Can you comment on this? Open Issue: how do we want to deal with checking time and also does the data have a Time To Live (TTL). Open Issue: do we pass the certificate with the signature or do we provide some alternative scheme to get the certificates. I am leaning towards pass the certificate along with the signature. A problem with this is the message size. A possible problem with not Philip: Are your worried about size in sending the message or in storing the data? That is, if we used for example TCP transport (i.e., not UDP), then would your concerns go away? doing it is that the signature are used to verify the constructions of the routing architecture and assuming that the routing architecture is in place before a signature can be checked may lead to problems. 4. Routing Protection Architecture The goal of protecting the routing is stopping attacker from performing a DOS attack on they system by misrouting requests in the DHT. The data is already protected by the data protection scheme above so an attacker can't tamper with the data in a way the user can't detect but an attacker can make it look like no data is available. There are a few obvious observation to make about this. First, it is easy to ensure that attacker at least has to have an valid enrollment with this particular DHT. Second, this is a DOS attack and the value of successfully executing it is fairly low. Third, if a larger percentage of the peers on the DHT are controlled by the attacker, it is probably impossible to perfectly secure this. When a peer sends a request that modifies the routing in the DHT, it MUST sign the request on behalf of a user that is currently responsible for the peer using that users certificate. A peer that is changing the routing state based on this request to check the signature before performing the request. Philip: There are a number of things I don't understand here. Can you give some examples of what you mean by "a request that modified the routing"? For example, do you mean "setting up a new Peer Protocol connection"? And how does signing such requests help prevent DOS attacks? I can see how it might help us catch the peer that did the attack, but this is very much after the fact. Finally, why sign this with a user's certificate? Why not sign this with the certificate of the peer? (As documented in Concepts-04, we have already agreed that peers must have certificates to join the overlay.) To reduce attacks on routing, the design tries to limit the ability of an attacker to place peers at arbitrary locations in the DHT. Some possible ways to do this are: L1: Limiting IP addresses: Other systems have done this by forcing the peer id to be a hash of a combination of the peers IP and port however this approach does not work with IPv6 where the users have an arbitrary number of IP addresses and the scheme is also difficult to make work with IPv4 and NATs. L2: Limiting by AOR: The first step to doing this is limiting the number of AORs an attacker can enroll in the system. How to do this is out of scope. The next step would be forcing a peer ID to have the high order bits formed from an hash of the AOR and some low order bits chosen randomly or hashed from the IP address and port. Peers would check the Peer ID was appropriate for the given users that signed the request. Philip: What do you see as the AOR of a peer? Are you thinking of the scheme you, Bruce, and David are using in the dSIP draft? If so, I don't quite see how this would work. It seems that your peer-id would depend on itself. [For other readers of this message, those URIs look like: peer@<hostport>; peer-id=<peerid> where <hostport> is an IP address and port and <peerid> is a peer-id]. Moreover, the other unique part is the <hostport>, so this falls back to option L1. L3: Limited by assignment at enrollment: When enrolling, the user would be given a small set of peer IDs for their use. This is effectively equivalent to Limited by AOR but has the addition complexity of the certificates become more complex as a peer would need to sign with the appropriate peer id as well as the AOR. 5. Mapping to SIP There are several ways this could be mapped to SIP. Philip: Is this section making the assumption that the Peer Protocol is SIP? Otherwise, I don't understand what this has to do with SIP. Jennings Expires August 28, 2007 [Page 6] Internet-Draft P2PSIP Security February 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Jennings Expires August 28, 2007 [Page 7] _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] Comments on draft-jennings-p2psip-securi… Philip Matthews
- [P2PSIP] Re: Comments on draft-jennings-p2psip-se… Cullen Jennings
- [P2PSIP] Do we need peer certificates? (was Re: C… Philip Matthews
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… EdPimentl
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Dean Willis
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… marcin.matuszewski
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim