Re: [Rift] RIFT fingerprint coverage

Antoni Przygienda <prz@juniper.net> Mon, 22 July 2019 03:30 UTC

Return-Path: <prz@juniper.net>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74EE81201DC for <rift@ietfa.amsl.com>; Sun, 21 Jul 2019 20:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UuiGsjHpm1X6 for <rift@ietfa.amsl.com>; Sun, 21 Jul 2019 20:30:13 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E31BD1201D5 for <rift@ietf.org>; Sun, 21 Jul 2019 20:30:12 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6M3TkcY024784; Sun, 21 Jul 2019 20:30:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=jItJZosCbeLlWyFrm4Hbw1xxkOC0Rm5QMOCEOFFoTmo=; b=oSqVFjaf7ZSco9aZaeEuXBRv0ngGJQ4LNCyfVSk1B1JrS5/14eSzoA5Z873s3pYV3hzn tQSWDJHf/ZnlL5mprHnLvg21sTTKcqzHajPBrk9tLtHJp5+jgbE1ZtOq0wYLyJ1y3LN2 WaVOxVqoJwmh8rpue29iUJIa7dYcwF5VgZiKI2S/bb01D6GKhuxRvxsctl5ulldRYsqZ UFCKZOrQKpChxmAgVyvnmueHMZ+j/MaS5DoyglhT/8jTAlK16jXbJX+ctu2oqKm2jNvg z8GviWYEgoFTP1Kvk5pXzuwWyl1PkOtTsNRPxm3iC7pPxkLz/Dlz+nCsXPGRkSptnqeA Ag==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp2052.outbound.protection.outlook.com [104.47.34.52]) by mx0a-00273201.pphosted.com with ESMTP id 2tvvb2gfn7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 21 Jul 2019 20:30:11 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CKKMRVOI+tzjgH9Lp8UnLAJbd0p7DL2RB3yLkpLJZXiOflSEs2537sbbjd66GhNiL7GG8NEISUiZZjpJ5EX3Lm/x7+be0ywsdeQYnhkcJFtDIuooWKSokEKvETk+WH7TjXZAtLI74nHMSycnEl71Tb/7ynA68rhNYcFOOI8og6IJRkZLj0TnObQmCGDABlS6+iSqgvS7wUoGFijnIbB5OxGCQPBo4/G+fvlZZlWNmtwHbI4Zvj46p4o8GAex4gDPRO09fctHhaBz+lkOQJBLVXSMBMiOBaQMoVuSVpGG6gX+5QtLwEcfbvw2Z2UPmNOSJdHIGSYVEeNnF0oq0E5LKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jItJZosCbeLlWyFrm4Hbw1xxkOC0Rm5QMOCEOFFoTmo=; b=QfUgCICOJZuEAvizw+bivPOZ243bVhORBCZPjoyim+KceAgz6c5xV0DAvpqr8JR/Z5oc9IVY0TWOzCSWtOKhvBpYsXPsXlsM+59KG7TjulzbEcUOqc8YjweuTyptkpcxjPbJ3mVgMq7JpIXEHLWwgaR/ul0UOuUmtnGb2DSe49gZUlZZuXXzEh3MaE4OBO2qtYwKH1G/T15iqqqyW9Ab1j3faTFUWZbS4y5YvnS6t9CcswR6DQY2BAkf/ED1DHQJWriPcQs74I+Gcn/a9tlkFjw7MyIWJkoTqppJ/ygXyKkKrR/e5LWNKqWZ4Nyhy6oW3Gq+22GR4rG045ardIyk3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=juniper.net;dmarc=pass action=none header.from=juniper.net;dkim=pass header.d=juniper.net;arc=none
Received: from SN6PR05MB5613.namprd05.prod.outlook.com (52.135.109.221) by SN6PR05MB4302.namprd05.prod.outlook.com (52.135.73.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Mon, 22 Jul 2019 03:30:10 +0000
Received: from SN6PR05MB5613.namprd05.prod.outlook.com ([fe80::b46a:d1e7:df44:c60a]) by SN6PR05MB5613.namprd05.prod.outlook.com ([fe80::b46a:d1e7:df44:c60a%7]) with mapi id 15.20.2115.005; Mon, 22 Jul 2019 03:30:10 +0000
From: Antoni Przygienda <prz@juniper.net>
To: Bruno Rijsman <brunorijsman@gmail.com>
CC: Tony Przygienda <tonysietf@gmail.com>, "rift@ietf.org" <rift@ietf.org>
Thread-Topic: RIFT fingerprint coverage
Thread-Index: AQHVP6eYezbRLceY0U6gavGzd3xvM6bU4fWAgAA7aKGAAB8jgIAAu+1s
Date: Mon, 22 Jul 2019 03:30:09 +0000
Message-ID: <SN6PR05MB5613CD53440AF7F6BD32D4D7ACC40@SN6PR05MB5613.namprd05.prod.outlook.com>
References: <CF366357-79EA-4395-9024-09A371795695@gmail.com> <F165CA6D-3537-4310-8453-77B069F69414@gmail.com> <MWHPR05MB32795B106572C9AD42A30DCFACC50@MWHPR05MB3279.namprd05.prod.outlook.com>, <55967EF3-3612-4173-80AB-44AB530FB338@gmail.com>
In-Reply-To: <55967EF3-3612-4173-80AB-44AB530FB338@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [193.110.49.11]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eaf2b2c2-f11f-4d8e-18e4-08d70e54e655
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:SN6PR05MB4302;
x-ms-traffictypediagnostic: SN6PR05MB4302:
x-microsoft-antispam-prvs: <SN6PR05MB43025E34871BCEEF0A51AB36ACC40@SN6PR05MB4302.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01068D0A20
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39850400004)(396003)(366004)(136003)(376002)(346002)(199004)(189003)(52314003)(33656002)(6916009)(99286004)(53546011)(6506007)(14444005)(256004)(76176011)(105004)(2906002)(53936002)(6246003)(316002)(486006)(54906003)(14454004)(19627405001)(26005)(229853002)(81156014)(81166006)(186003)(8936002)(8676002)(102836004)(7696005)(478600001)(25786009)(4326008)(236005)(6436002)(74316002)(86362001)(66476007)(66556008)(64756008)(66446008)(66574012)(66066001)(446003)(5660300002)(7116003)(52536014)(476003)(3480700005)(71190400001)(71200400001)(9686003)(6116002)(68736007)(54896002)(1411001)(55016002)(7736002)(3846002)(11346002)(76116006)(91956017)(66946007); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR05MB4302; H:SN6PR05MB5613.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 0k3C4MNXJ+y+0Sl9ieb8HyoOPqdohpJT/32UJa1FRFoc3//O6dL4x4XhdTkR3D3hQLXfMXs0wc8Bu/s5Vibfcdz2d6/cLVV5pHjYdkijsq1hiP+VKYvfLDdFj7zJHBsISh7uJN2fujI5PtxmF5dTh3c4tlLP21JSUlpuQaYPOIe6EPnMr0faT2v7nDUHUxGJsQ5SP4H2Oop+RHnnfv0n//M7Ql7Xdkn17R3vffnEK0GBgQmbIIuYkuT4BVlc9I/NSOSz3LXWSPexvJr2uhSCrP3jnVPzpDCZX8B7SQglBpkUlihSVKn5N02wg0BSGWw0VH4E+NkHZUt3YQVtU8rdN4j/v/U3acCfEb/LDxr/AwZA9zO7+LFUP9sERYhVqVRt5psO2IYeEZS59pA5gdmUlltG37JGm8ceazAy0Iveoew=
Content-Type: multipart/alternative; boundary="_000_SN6PR05MB5613CD53440AF7F6BD32D4D7ACC40SN6PR05MB5613namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: eaf2b2c2-f11f-4d8e-18e4-08d70e54e655
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 03:30:09.9103 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: prz@juniper.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR05MB4302
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-22_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907220040
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/5w1JeXCCtBG7K6e0oJYAw6B9dAU>
Subject: Re: [Rift] RIFT fingerprint coverage
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 03:30:16 -0000

So dropping the "burden of proof" logical fallacy @ the end ;-) the only effect right now is to increase the difficulty of the implementation without a known attack if you access those fields without checking fingerprint first anyway. I can only imagine a very far fetched attack where someone is recording another version, matching up nonces and then wait for a major protocol version change and change version on old recordings to attack. Again, most likely as likely as age of universe to happen ;-)

Looking for more opinions ...

--- tony


________________________________
From: Bruno Rijsman <brunorijsman@gmail.com>
Sent: Sunday, July 21, 2019 12:03 PM
To: Antoni Przygienda <prz@juniper.net>
Cc: Tony Przygienda <tonysietf@gmail.com>om>; rift@ietf.org <rift@ietf.org>
Subject: Re: RIFT fingerprint coverage



On Jul 21, 2019, at 4:22 PM, Antoni Przygienda <prz@juniper.net<mailto:prz@juniper.net>> wrote:


3. second, even if we do I don't think we improve the attack envelope or actually worsen it. Let's go through it

     *   major version is attacked, any change will drop the packet due to mismatch. if we protect it, we calculate the hash and it fails and outcome is the same modulo we can be computationally overrun
     *   outer key id is attacked/fingerprint length is attacked, all same outcome ...

now, you can argue that an attacker can modify stuff _behind_ the fingerprint and with that attack protocol computationally but there is no way around that, we won't detect modification otherwise wheeras modifying major version/key id/fingerprint lenght basically leads to drops on any change and protecting them only exposes us computationally for no benefit

The receiving RIFT router can drop packets with the wrong major version, with a wrong key-id (not in the accept key set), or a wrong fingerprint-length, without validating the fingerprint first.

This is for the same reason that a RIFT router can drop a packet with an out-of-range weak-nonce without validating the fingerprint first.

In general, it is safe to reject a packet when any field has some unacceptable value without validating the fingerprint first.

So, protecting these additional fields does not open up any new CPU denial of service attacks.

If a RIFT router is planning to accept a packet because all fields have an acceptable value, then it must validate the fingerprint first before doing so.

Or if a RIFT router is going to reject a packet but take some protocol action based on some field in that rejected packet anyway, then it would have to validate the fingerprint as well (happily, which currently don’t have this scenario in RIFT, as long as the packet-nr is truly only used for debugging and not for flow-control, for example).

So, the real question is: how sure are you that leaving the major-version, key-id, and fingerprint-lengths fields unprotected will not lead to some problems down the road?  (To quote Dirty Harry: “Do you feel lucky? Well, do ya, punk? :-)

— Bruno