Re: [P2PSIP] Re: Comments on draft-jennings-p2psip-security-00
"Bruce Lowekamp" <lowekamp@sipeerior.com> Mon, 19 March 2007 06:51 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HTBi4-00069K-R2; Mon, 19 Mar 2007 02:51:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HTBi3-000698-Mv for p2psip@ietf.org; Mon, 19 Mar 2007 02:51:11 -0400
Received: from py-out-1112.google.com ([64.233.166.176]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HTBi2-0002I3-2s for p2psip@ietf.org; Mon, 19 Mar 2007 02:51:11 -0400
Received: by py-out-1112.google.com with SMTP id f47so272389pye for <p2psip@ietf.org>; Sun, 18 Mar 2007 23:51:09 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=qPQmk8G0MzaCtO9ntvtIv6kd82u/RaUqLfRxhLTIxeIfAEAaETBZlcnBWtJkNTD+2LaUYRWecz4vE7HAgQ7+0hJXq1iuwbdwLgjzRESVL3rghFAClxzWRQ6i6ZloaUntd8lHk7ufX9adiC7cU3rjCuQoALrCwz2zO5VrcnOWRr4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Zs2WiwHJAoCfLp/izEOXAaPf5qSq5AWuX80UXRXIdFMiN838irz7d2/xQh8v1kEFxCr86hNDbTZsYH/Ifa8gZ5VjyuI20fHX4harnOn09h50t/dOVqbGbEYuXmFp088OTQFvt2iBsvrUb8xj56h1fH/AkjWzOlO4rTuqy83KE4k=
Received: by 10.35.61.17 with SMTP id o17mr10090757pyk.1174287069775; Sun, 18 Mar 2007 23:51:09 -0700 (PDT)
Received: by 10.35.107.10 with HTTP; Sun, 18 Mar 2007 23:51:09 -0700 (PDT)
Message-ID: <20d2bdfb0703182351r2ba88fbr877882951e19d8ba@mail.gmail.com>
Date: Mon, 19 Mar 2007 02:51:09 -0400
From: Bruce Lowekamp <lowekamp@sipeerior.com>
To: "Turner, Jim (NBC Universal)" <Jim.Turner@nbcuni.com>
Subject: Re: [P2PSIP] Re: Comments on draft-jennings-p2psip-security-00
In-Reply-To: <EA31FF15B76BC74282C72ACCD4199F30015A8298@UCTMLVEM05.e2k.ad.ge.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <F4859B43-15B4-4F44-B2CA-63C88A06EBEE@magma.ca> <75E84FB8-70D2-4595-B1A5-E05D65386088@cisco.com> <4d4304a00703181157jc2cfde6m5ab5e1a1ac905f9d@mail.gmail.com> <DE412EAE-5DB5-46C5-A30C-1396900BD727@cisco.com> <EA31FF15B76BC74282C72ACCD4199F30015A8298@UCTMLVEM05.e2k.ad.ge.com>
X-Google-Sender-Auth: bdb0c03fead60df4
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2c12be3f3a8d57895fb9c003e1517c01
Cc: Philip Matthews <philip_matthews@magma.ca>, P2PSIP Mailing List <p2psip@ietf.org>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
I definitely agree that you always want to be able to associate a "real" identity with a peer, but there are still times when you don't want to base the peerids on that one identity. For example, if a service provider is providing 5 peers to provision a network with, those should probably be evenly distributed around the ID space, whereas the multiple devices of a single regular user should be in one spot in ID space to protect against certain attacks. You can obviously accomplish the same thing with names like admin+peer5@example.com so whether the problem is solved with separate peer certificates or through synthentic email addresses isn't that important, but peer id certificates (that still have to reference admin@example.com) strike me as a bit less of a hack. Bruce On 3/18/07, Turner, Jim (NBC Universal) <Jim.Turner@nbcuni.com> wrote: > > I would be interested to know a scenario where a device isn't operating as a "proxy" > for a real user? In my experience, even set-top boxes are associated with "customers". > > It's easy to think of a device as being "detached", but in practice, if the device is > attempting to access a "service", it is usually associated with some user "entity". > > Jim > > > > -----Original Message----- > From: Cullen Jennings [mailto:fluffy@cisco.com] > Sent: Sun 3/18/2007 6:56 PM > To: David Bryan > Cc: Philip Matthews; P2PSIP Mailing List > Subject: Re: [P2PSIP] Re: Comments on draft-jennings-p2psip-security-00 > > > I think one of the key consideration here has to do with what you are > using the peer certificate for. In the end it has to do with > assigning some trust and traceability about the operator of the > device. A device ID is sort of lousy for this - what you actually > want to know is something more about the user that is operating the > device. Think about, what do you think might end up being more > useful, "the MAC address of the machine that is hijacking your calls > is 123456" or "the operator of the machine that is hijacking your > calls is fluffy@example.com". What I am suggesting here is that all > peer software is operated and run by some users. And that user has to > has to be enrolled on the DHT and the uses that users credentials for > describing what user that devices is operating the device. I > understand that you could have a device with no users, but why? It > greatly complicates making assertion about the device if you have to > be able to do that independent of any user. Even a bootstrap node is > run by some user. > > Let me flip the questions around, what security feature can you > provide by having two types of certificates? > > Cullen <with my individual hat on> > > > > On Mar 18, 2007, at 7:57 PM, David A. Bryan wrote: > > > Forgot to reply this...also possibly the wrong thread for this, should > > maybe have posted in the other thread about certificates. > > > > There may be cases where we need a separate peerID in the sense that > > the device has no associated user. I'm thinking things like gateways, > > or even a bootstrap if you have a persistent box somewhere to help you > > bootstrap on. > > > > May only be corner cases, however. Maybe a user "bootstrap" or > > something... > > > > David > > > > On 3/9/07, Cullen Jennings <fluffy@cisco.com> wrote: > > > > > > On Mar 8, 2007, at 4:37 PM, Philip Matthews wrote: > > > > > > > Hi Cullen: > > > > > > > > I read your draft on security draft-jennings-p2psip-security-00. > > > > and thought it had some interesting ideas. > > > > Here are some comments and questions that I have. > > > > I have adopted Spencer's style of mixing paragraphs from the > > document > > > > with embedded comments prefixed by "Philip:" > > > > > > > > - Philip > > > > > > > > ------------ > > > > [snip] > > > > When a client wants to store some information in a record, they > > > > sent > > > > a request that has: their AOR, the record type name, the > > time, the > > > > data to store in the record, and MUST include a signature > > over all > > > > that information. When a peer goes to store the > > information, it > > > > MUST > > > > > > > > Philip: When you say "client" and "peer", are you using these > > terms as > > > > defined in the P2PSIP Concepts document? My guess is that you > > > > are using the word "client" in the SIP meaning, not in the P2PSIP > > > > meaning. > > > > > > I was trying to stay consistent with the Concepts document but I'm > > > sure I messed up in places. Any help fixing up my terminology would > > > be much appreciated. > > > > > > > > > > > check that the signature is correct. It SHOULD also check > > that the > > > > data looks appropriate for this type of record given by > > checking > > > > things like the size of the data is in an appropriate range. > > > > When a > > > > client retrieves data out of the DHT, it retrieves all the > > > > information that was signed and SHOULD verify the signature > > on the > > > > data. > > > > > > > > Philip: This seems similar to the proposal in draft-singh-p2p- > > sip-01. > > > > Can you comment on this? > > > Uh, no comment :-) seriously - I have not read latest version of > > > singh yet but I will read it before the meeting - I'm not at all > > > surprised that they would have same thing - we talked about this at > > > some of the prior meetings > > > > > > > > > > > Open Issue: how do we want to deal with checking time and also > > > > does > > > > the data have a Time To Live (TTL). > > > > > > > > Open Issue: do we pass the certificate with the signature > > or do we > > > > provide some alternative scheme to get the certificates. I am > > > > leaning towards pass the certificate along with the > > signature. A > > > > problem with this is the message size. A possible problem > > with not > > > > > > > > Philip: Are your worried about size in sending the message or in > > > > storing > > > > the data? That is, if we used for example TCP transport (i.e., > > not > > > > UDP), > > > > then would your concerns go away? > > > > > > Well there are many ways we could skin this cat - in the end I > > > suspect that the what works best for NAT traversal will be the > > > dominating factor for choosing the design. > > > > > > > > > > > doing it is that the signature are used to verify the > > constructions > > > > of the routing architecture and assuming that the routing > > > > architecture is in place before a signature can be checked > > may lead > > > > to problems. > > > > > > > > > > > > 4. Routing Protection Architecture > > > > > > > > The goal of protecting the routing is stopping attacker from > > > > performing a DOS attack on they system by misrouting > > requests in > > > > the > > > > DHT. The data is already protected by the data protection > > scheme > > > > above so an attacker can't tamper with the data in a way the > > user > > > > can't detect but an attacker can make it look like no data is > > > > available. There are a few obvious observation to make > > about this. > > > > First, it is easy to ensure that attacker at least has to > > have an > > > > valid enrollment with this particular DHT. Second, this is > > a DOS > > > > attack and the value of successfully executing it is fairly > > low. > > > > Third, if a larger percentage of the peers on the DHT are > > > > controlled > > > > by the attacker, it is probably impossible to perfectly secure > > > > this. > > > > > > > > When a peer sends a request that modifies the routing in the > > > > DHT, it > > > > MUST sign the request on behalf of a user that is currently > > > > responsible for the peer using that users certificate. A > > peer that > > > > is changing the routing state based on this request to check > > the > > > > signature before performing the request. > > > > > > > > Philip: There are a number of things I don't understand here. > > > yah - it is poorly written > > > > > > > Can you give some examples of what you mean by > > > > "a request that modified the routing"? For example, do you mean > > > > "setting up a new Peer Protocol connection"? > > > I mean a peer protocol messages that changes the finger table (or > > > whatever that's DHTs equivalent is for the things the DHT uses to > > > decide how to route requests and DHT update messages) > > > > > > > And how does signing such requests help prevent DOS attacks? > > > > I can see how it might help us catch the peer that did the attack, > > > > but this is very much after the fact. > > > I think the after the fact sill has significant value - particularly > > > if you have a way of slowly revoking the account. You can also do > > > things where nodes can detect one user trying to be many things at > > > once when it actually should only be one things and this makes it > > > harder to hijack large portions of the DHT search space. > > > > > > > Finally, why sign this with a user's certificate? Why not sign > > this > > > > with the certificate of the peer? (As documented in Concepts-04, > > > > we have already agreed that peers must have certificates to > > > > join the overlay.) > > > > > > Uh agree and disagree here. I have not heard anyone explain why we > > > need both peer and users certificates so I am assuming that where > > you > > > need a peer certificate, you just use the user certificate for some > > > users that is authorizing the peer to use it. The problem with peer > > > certificates has to do do with what their names are. If we don't > > > need to introduce a whole new security namespace for peers, it is > > > easier to just have users certificates. > > > > > > > > > > > > > > > To reduce attacks on routing, the design tries to limit the > > ability > > > > of an attacker to place peers at arbitrary locations in the > > DHT. > > > > Some possible ways to do this are: > > > > > > > > L1: Limiting IP addresses: Other systems have done this by > > > > forcing > > > > the peer id to be a hash of a combination of the peers > > IP and > > > > port however this approach does not work with IPv6 > > where the > > > > users have an arbitrary number of IP addresses and the > > > > scheme is > > > > also difficult to make work with IPv4 and NATs. > > > > L2: Limiting by AOR: The first step to doing this is > > limiting the > > > > number of AORs an attacker can enroll in the system. How > > > > to do > > > > this is out of scope. The next step would be forcing a > > > > peer ID > > > > to have the high order bits formed from an hash of the > > AOR and > > > > some low order bits chosen randomly or hashed from the IP > > > > address and port. Peers would check the Peer ID was > > > > appropriate > > > > for the given users that signed the request. > > > > > > > > Philip: What do you see as the AOR of a peer? > > > I have no idea which is exactly one of the reason I would rather not > > > have peer certificates if we don't need them. > > > > > > > Are you thinking of > > > > the scheme you, Bruce, and David are using in the dSIP draft? > > > no - I don't see that as consistent with this draft (it could easily > > > be changed to be consistent with this but I don't think it is yet). > > > > > > > If so, I don't quite see how this would work. > > > (uh, yah, I don't see how having the peers have AOR will work > > either :-) > > > > > > > It seems that your peer-id > > > > would depend on itself. > > > > [For other readers of this message, those URIs look like: > > > > peer@<hostport>; peer-id=<peerid> > > > > where <hostport> is an IP address and port and <peerid> is a > > peer-id]. > > > > Moreover, the other unique part is the <hostport>, so this falls > > > > back to > > > > option L1. > > > > > > > > L3: Limited by assignment at enrollment: When enrolling, > > the user > > > > would be given a small set of peer IDs for their use. > > This is > > > > effectively equivalent to Limited by AOR but has the > > addition > > > > complexity of the certificates become more complex as a > > peer > > > > would need to sign with the appropriate peer id as well > > as the > > > > AOR. > > > > > > > > > > > > > > > > 5. Mapping to SIP > > > > > > > > There are several ways this could be mapped to SIP. > > > > > > > > Philip: Is this section making the assumption that the Peer > > Protocol > > > > is SIP? Otherwise, I don't understand what this has to do with > > SIP. > > > > > > I should have made this clearer - the whole document before this > > > section apples to any peer protocol. This section only applies if > > the > > > peer protocol is SIP. > > > > > > _______________________________________________ > > > P2PSIP mailing list > > > P2PSIP@ietf.org > > > https://www1.ietf.org/mailman/listinfo/p2psip > > > > > > > > > -- > > David A. Bryan > > dbryan@SIPeerior.com > > +1.757.565.0101 x101 > > +1.757.565.0088 (fax) > > www.SIPeerior.com > > > > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www1.ietf.org/mailman/listinfo/p2psip > > > _______________________________________________ > P2PSIP mailing list > P2PSIP@ietf.org > https://www1.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] Comments on draft-jennings-p2psip-securi… Philip Matthews
- [P2PSIP] Re: Comments on draft-jennings-p2psip-se… Cullen Jennings
- [P2PSIP] Do we need peer certificates? (was Re: C… Philip Matthews
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… EdPimentl
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Do we need peer certificates? (was R… Dean Willis
- Re: [P2PSIP] Do we need peer certificates? (was R… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Dean Willis
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Philip Matthews
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Cullen Jennings
- RE: [P2PSIP] Re: Comments on draft-jennings-p2psi… marcin.matuszewski
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… David A. Bryan
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Turner, Jim (NBC Universal)
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Spencer Dawkins
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Bruce Lowekamp
- Re: [P2PSIP] Re: Comments on draft-jennings-p2psi… Eunsoo Shim