IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Fri, 13 July 2007 16:33 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9O5A-00030L-MR; Fri, 13 Jul 2007 12:33:28 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I9O59-000301-Fj for rpsec-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 12:33:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9O59-0002zr-3f for rpsec@ietf.org; Fri, 13 Jul 2007 12:33:27 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9O55-0005tG-MJ for rpsec@ietf.org; Fri, 13 Jul 2007 12:33:27 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6DGW1b3021820; Fri, 13 Jul 2007 12:32:01 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707131632.l6DGW1b3021820@harbor.brookfield.occnc.com>
To: Joe Touch <touch@ISI.EDU>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Thu, 12 Jul 2007 23:57:14 PDT." <4697224A.5050901@isi.edu>
Date: Fri, 13 Jul 2007 12:32:01 -0400
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: rpsec@ietf.org, Tony Tauber <ttauber@1-4-5.net>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <4697224A.5050901@isi.edu>
Joe Touch writes:
>  
> Curtis Villamizar wrote:
> =2E..
> > GTSM is very effective in protecting against certain high volume
> > attacks that would cripple infrastructure protected by cryptographic
> > means alone.  From a practical standpoint GTSM used alone may be
> > inadequate as a solution (though some ISPs might contest even that)
> > but it is a required part of any solution in an ISP environment.
> >=20
> > Curtis
>  
> I agree that DOS attacks benefit from protections that help reduce the
> impact of attack traffic; GTSM falls into that category - it's clearly a
> useful part of a DOS solution, but DOS protection isn't cryptographic
> protection. The bulk of the BGP security requirements document focuses
> on cryptographic issues - not DOS protection. It's worth noting the
> difference, but not lumping the solutions together.
>  
> Joe


Joe,

It would be most accurate most helpful to acknowledge the strengths
and weaknesses of both and then define the limit of scope of your
work.  Cryptographic solutions can provide for protection over an
insecure channel but cannot provide protection against very high
traffic volume DOS attacks.  GTSM protects against very high traffic
volume DOS attacks over a secure channel to a peer but provides no
protection over an insecure channel.  Which approach is appropriate,
or both, depends on the situation.  The scope of your work is
cryptographic solutions.  (Some ISPs have noted that this does not fit
*their* problem space, but it does fit other problem spaces).

So we seem to be in violent agreement about the difference between
crypto solutions and DOS solutions.  Its just a matter of the wording
in the draft not adequately acknowledging the part of the problem
space that is not addressed.

draft-behringer-bgp-session-sec-req-01.txt cites rfc4593 which defines
part of the real world problem.  ISPs might argue that rfc4593 is
silly in the context of a fiber strung across 20 feet of collocation
space that is regularly taken down by DOS attacks and they'd be right.
Its time these security requirements documents acknowledged that.

For the ISP, GTSM protects the BGP peerings.  Packet filtering
protects the IGP if its OSPF (not applicable for ISIS).  Crypto
protection of the session can protect against low traffic volume
internal attacks.  Other applications such as routing in a wireless
battlefield would have different requirements.  We don't need to go
into specifics but both types of attack need to be acknowledged.
Drafts/RFCs describing requirements need to be clear about this and
specify which problem space they are addressing without implicitly
denying that the other problem space exists.

The way the draft reads now is GTSM, TCP/MD5, etc are all "prior work"
and the reader might interpret this to mean that work meeting these
BGP requirements supercede that prior work.  It doesn't state
otherwise and it should.

Curtis


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email