[Rift] Some more text on host considerations sefcurity section ...
Tony Przygienda <tonysietf@gmail.com> Wed, 25 March 2020 05:58 UTC
Return-Path: <tonysietf@gmail.com>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 521913A0995 for <rift@ietfa.amsl.com>; Tue, 24 Mar 2020 22:58:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAoQlJXDA1TZ for <rift@ietfa.amsl.com>; Tue, 24 Mar 2020 22:58:38 -0700 (PDT)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBE073A0993 for <rift@ietf.org>; Tue, 24 Mar 2020 22:58:36 -0700 (PDT)
Received: by mail-il1-x12d.google.com with SMTP id g15so775068ilj.10 for <rift@ietf.org>; Tue, 24 Mar 2020 22:58:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=QcZfIn4KCumLW+6CvWsWM2UFaMfTVrN4Y1Od5A3lHR0=; b=Qs1Sm0IxK4hL+ly5XZW+m6xxaelLpFij7C4wY8k0JVdJ5s1TQE/LhJl/3uLyuGvwS/ QuUY8SpTRSudA9YN9z3d6StMwAyu4qYl2USsSnK2DrpVDeFjsR9bzbVSmlvBW4du6F2S 7UnLLQ90KV4iq5fT+j5itQ2+lO+aJwOO7pWYfTn+MBYFJMwbdXDrARiFmQHD3X7wTen1 JdCy3nudqus/EmylL554peIoRosK7Up4fLVtH7x9Waww5sMQ5X24VKO8FvR33fqJLyDo EM5gVp6EeGEwRw1i+FcM7DkuJiOOIQXXNmvP1ZD/fYQGfrjQt+LXfoY0XdRSwBxkA+IY Xd/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=QcZfIn4KCumLW+6CvWsWM2UFaMfTVrN4Y1Od5A3lHR0=; b=qeT8L+L9WD8LOGXOSsJoj6qkww8HSViJGU0Voqlx0ajg0WcoR2l8DDDThgbZzXRsgd fUoXjLz0v+nRpogN+AecE8fUMTiGMaJE5JNvLlaMjLxI3+TkjBp3NK3A0BVzsmDa6LKk RgBIWiY9OuITOq5mjbigDzIV6O7yi1E9VacQbTIGx8bJIdwHwhKdE7G/GtguKG8e2wfa yoZq/NztvVfNjdgsRmll4owUSE5f/5eu1BP8C8J4rtzsYOP9pbMRLLtpRUFxyt6/OOCO UqtUYXwy3xfECqOxgsnrce/x0dVNjvU+QNiSdJ4/pySqrV17zERFQLQ8Ib8UGjgmNbvz Rr7w==
X-Gm-Message-State: ANhLgQ14l492mu85ZYHncvas0Wgxgx5op893ril8WS8HGwLpx+vUarwG v5ro9jtH+aRMPfUw+A3cvIbMBvd7OCjzrL/qej852uUCOOc=
X-Google-Smtp-Source: ADFU+vuVTdhT+9wR/9JPAkqHcNJsf58Ye+oI+j/SlI0EbdZ34tV5h5O3uE3nNE8alXb3xCvYvyvBXvUjF2hxe5TTcug=
X-Received: by 2002:a92:7f01:: with SMTP id a1mr2066849ild.132.1585115915451; Tue, 24 Mar 2020 22:58:35 -0700 (PDT)
MIME-Version: 1.0
From: Tony Przygienda <tonysietf@gmail.com>
Date: Tue, 24 Mar 2020 22:56:44 -0700
Message-ID: <CA+wi2hMjXJ=4E2yZKrRSm0PXxdiC=jMBXKaRcUy+7N9pPoaiWg@mail.gmail.com>
To: rift@ietf.org
Content-Type: multipart/alternative; boundary="00000000000011807405a1a78f0e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/NsnFORfamngcHhJMj3TfKKJD-8s>
Subject: [Rift] Some more text on host considerations sefcurity section ...
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2020 05:58:41 -0000
I'm correcting nits that people send me towards -12 but today I ended up on tangential discussion with Jeff Haas regarding leaf security consideration, especially if leaf is a server/host that merited some more text in the document. Below for review by the group. Interesting enough this is beside rift specific pretty applicable if any kind of reachability/liveliness exchange is used on hosts/servers/leaves. 7.7. Host Implementations It can be reasonably expected that with the proliferation of RotH servers, rather than dedicated networking devices, will represent a significant amount of RIFT devices. Given their normally far wider software envelope and access granted to them, such servers are also far more likely to be compromised and present an attack vector on the protocol. Hijacking of prefixes to attract traffic is a trust problem and cannot be easily addressed within the protocol if the trust model is breached, i.e. the server presents valid credentials to form an adjacency and issue TIEs. In an even more devious way, the servers can present DoS (or even DDos) vectors of issuing too many LIE packets, flood large amounts of North TIEs and attempt similar resource overrun attacks. A prudent implementation forming adjacencies to leaves should implement according thresholds mechanisms and raise warnings when e.g. a leaf is advertising an excess number of TIEs or prefixes. Additionally, such implementation could refuse any topology information except the node's own TIEs and authenticated, reflected South Node TIEs at own level. To isolate possible attack vectors on the leaf to the largest possible extent a dedicated leaf-only implementation could run without any configuration by hard-coding a well-known adjacency key (which can be always rolled-over by the means of e.g. well-known key- value distributed from top of the fabric), leaf level value and always setting overload bit. All other values can be derived by automatic means as described earlier in the protocol specification. --- tony
- [Rift] Some more text on host considerations sefc… Tony Przygienda
- Re: [Rift] Some more text on host considerations … Robert Raszuk