Re: [secdir] Re: Secdir early review of draft-ietf-bfd-optimizing-authentication-16
Christian Huitema <huitema@huitema.net> Mon, 01 July 2024 19:38 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59171C1522B9; Mon, 1 Jul 2024 12:38:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0YrC-BPIZlX; Mon, 1 Jul 2024 12:38:43 -0700 (PDT)
Received: from se03.mfg.siteprotect.com (se03.mfg.siteprotect.com [64.26.60.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D709C1519A8; Mon, 1 Jul 2024 12:38:43 -0700 (PDT)
Received: from smtpauth01.mfg.siteprotect.com ([64.26.60.150]) by se03.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1sOMrH-002MP4-Oc; Mon, 01 Jul 2024 15:38:41 -0400
Received: from [192.168.1.106] (unknown [172.56.201.241]) (Authenticated sender: huitema@huitema.net) by smtpauth01.mfg.siteprotect.com (Postfix) with ESMTPSA id 4WCbtw4T76z162GYl; Mon, 1 Jul 2024 15:38:32 -0400 (EDT)
Message-ID: <995db625-af61-4839-abd2-49b217b865cc@huitema.net>
Date: Mon, 01 Jul 2024 12:38:32 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [secdir] Re: Secdir early review of draft-ietf-bfd-optimizing-authentication-16
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jeffrey Haas <jhaas@pfrc.org>
References: <171863246380.36317.13945608266304472653@ietfa.amsl.com> <F52920D3-7C84-4754-9625-0656EB6EE442@pfrc.org> <5d78a447-4214-4c00-b192-bbb532784256@cs.tcd.ie>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <5d78a447-4214-4c00-b192-bbb532784256@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.150
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.12)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT/7Qv+gl0bOV8YARJOnqi+jPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zMbTHx2H1+/wZ37ZdO9gwdCC+w7/E0hjPug35Jj2t+Odg4 TxUnxtTHxSKanq3aVeQ/wmCbxPNE89L3PiiGDzEh0fa/1Ne7jnHNV/dOTNuizr9UrWPl21JnD8OJ nO2GsC7dSICPk5wka4ktGTVZkI53cQkv3rfK9nOh84B6FNp+WuvJSQlohHvEKvwcmPWDimIajHLK lihQnu63RHrgRrCWe9PhepEN/FG28uOPI8VtYJZkC8ZPK7epTJZcYwJrPvFVnoeABINivVZH1PQG SRiwavERpop5LF7RavHozgbn9fbQTl/SJIDeIbJV6Zcf432+ATOZO1AMDdoguEVR6NxSihoIQ1sw sc5U9pk6DhhUsuf8TbbHTsDvuj1eU0cWl029PC4iDs6Lz1uLtpDfhV2HoYkB5T1m7tdZn51cRU1n 0AYWsZaEK8GNzYi0lfMSgHztQnhBLBIPC4fGsVHJVv1utQWD98ihy6Z/LueUeyFzZKCYjDgaUExQ nm2ZpxW41wIBKJwIml0xUJcOWfwulq3GDcozi5QoCdpRFmwG8mMgmPDZ/9ky5X8+4m4gZ4/Q/B32 LUC2EKcFH+ykn7aJaQbLGboDjBSlHBjdSH++CoyWisQzN6sl9Br1QBgqyARXyn6rpf1k6G2VgBpF t3e8uqC91p1c3xCgmQIZRP7+erraVDXhOI0dkE712SOSlukUbzDonV+E7OMXRvgtdyMlnmWi4V/1 LdBixDxr1bxGUcUiBCrEe4j47kty1QrEAx2POrhlWth7egpwwWP5VJqA0Bm5MgyW4tSDwV8Nh/ug J4E2hkd1O6qqQOg++9t4OVDhZ/DmwVzzI/27jh/UaLdUmC99x7IKyH90F6qYsMKn/41Myh0/2K3Z cEGmho22wCFOkb4ZZ+ILuRyg+QVsPXpZ+f1WxtJTWahJ9nxbINNPCeOHiMDBl3Fzb18Xr6oP1JmC ZO9c9aUV1oY4fX3W5eOCNA39kpWGDfFDr9PcAm6+BWl37qYXE3y6+dyiDSPynyjwzHKeXlWH0Ykn o+PMzbEP7HrbnldaLrLYRspcVXVPkdGY29ls15DZlht21M7aFFhWF+MDazSrlNpCUB1W8YFXoreg BPo3Q6PrBN3toe0fG0bCdOVwq56zTTJDUlwzypIZE5KcIhjoyq2GNVADMDZJqH62hnSfexoVSVHP Gd1TZEBn9g==
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Message-ID-Hash: O6Z2HNQOCSCE2BXQFVFMCOWSZPVNZWLF
X-Message-ID-Hash: O6Z2HNQOCSCE2BXQFVFMCOWSZPVNZWLF
X-MailFrom: huitema@huitema.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rtg-bfd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-bfd-optimizing-authentication.all@ietf.org, rtg-bfd@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection" <rtg-bfd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/6rLZpdFKy-jF-ABSNbdzzGh2ZO8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Owner: <mailto:rtg-bfd-owner@ietf.org>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Subscribe: <mailto:rtg-bfd-join@ietf.org>
List-Unsubscribe: <mailto:rtg-bfd-leave@ietf.org>
The issue of selective authentication is interesting. After reviewing draft-ietf-bfd-stability-13, we had some discussion of attacks made possible by spoofing BFD packets, and specifically spoofing their sequence numbers. I was under the impression that for a given association, all packets will have the same authentication -- MD5, SHA1, or NULL. There maybe ways to improve robustness of "NULL" sessions if a fraction of the packets are authenticated, but that would require some explicit study. -- Christian Huitema On 6/19/2024 1:40 PM, Stephen Farrell wrote: > > Hi Jeff, > > On 19/06/2024 18:39, Jeffrey Haas wrote: >> >> [External Email] This email originated outside of Trinity College >> Dublin. Do not click links or open attachments unless you recognise >> the sender and know the content is safe. >> >> Stephen, >> >> Thanks for your review. >> >> On Jun 17, 2024, at 9:54 AM, Stephen Farrell via Datatracker >> <noreply@ietf.org <mailto:noreply@ietf.org>> wrote: >>> >>> Generally the idea seems to be to avoid spending CPU on hashing >>> except for cases where the >>> state changes, and with periodic checks that BFD auth is still >>> working. That seems like an >>> ok idea to me, given the kinds of authentication that are defined for >>> BFD. >>> >>> - For security reviewers, it'd be great if there were a reference to >>> something that sets out >>> the performance requirements for BFD, and justifies the claims that >>> hashing is such a >>> burden. That's counterintuitive for people (like me) who consider >>> hashing as fast. (And >>> md5 as broken, but that's a different matter:-) That text probably >>> shouldn't be here but >>> it'd be good if there were a reference to it in most BFD security >>> consdiderations sections. >> >> The analysis you're looking for is somewhat covered under RFC 7492, >> which was done as part of the KARP Working Group tasks. Due to that >> specific focus, while still a valuable document, we've generally not >> cited it as a primary reference. > > Yeah, it's useful but not the kind of thing I meant. > >> The property you're bothered by is that these "cheap" hashes, when >> done for a modest to large number of BFD sessions on a linecard that >> is otherwise wanting that CPU for other useful work related to >> forwarding is an attack against the linecard doing its actual job. >> So, there's a need to balance the costs of strong enough >> authentication for a BFD scaled scenario vs. the utility that the >> authentication brings. > > Right, I think your/the draft's case would be much improved if > some such measurements were added or referenced that demonstrated > the problem in a convincing manner. > >> It's worth noting that section 6 of RFC 7492 notes "hallway >> conversation" that this optimization draft is addressing. :-) > > Well, it's not quite been a decade since that RFC was published;-) > >>> - I wondered if the "optimized" terminology is best - say if someone >>> figures out some new >>> way to optimise things using a different mechanism (e.g. some new way >>> of amortising the cost >>> of hashing over more packets, or multiple links or something), >>> wouldn't this terminology >>> then be a bit of a pain? Maybe it'd be better to name this as as a >>> periodic or selective >>> authentication mechanism or something? >> >> While I agree with and am sympathetic to this point, it'd take strong >> Working Group consensus to change the name. > > That's fine. > >> I like "selective authentication". >> >> The issue you note is the usual caveat at naming a thing that may have >> a followup. How many "next generation" technologies got the next-next? >> >> Note that the following comments are contained in an upcoming pull >> request in the github repo for this document: >> https://github.com/bfd-wg/optimized-auth/tree/jhaas/17-comments >> <https://github.com/bfd-wg/optimized-auth/tree/jhaas/17-comments> >> >> >>> >>> - The description in the yang text of the retry-interval seemed odd >>> to me. It says "interval >>> of time after which a strong authentication should be enabled..." but >>> should that be more >>> like "re-tried" rather than "enabled"? >> >> >> How about: >> + "Interval of time after which strong authentication >> + should be utilized to prevent an on-path-attacker attack. >> ? > > That still seems to have sorta the same issue, how about: > > Interval of time after which strong authentication must be > re-enabled for a number of packets as defined above. > >>> >>> - The security considerations says "If this interval is set very low, >>> or very high, then it >>> will make optimization worthless." It might be worth stating that a >>> very high interval value >>> would allow an attacker that much time to muck about (with whatever >>> attack they're trying), >>> but I don't have a concrete attack in mind, so feel free to ignore this. >> >> How about: >> >> If this interval is >> + set very low, the utility of these optimization procedures are >> + lessened. If this interval is set very high, attacks detected >> + by the strong authentication mechanisms may happen overly >> + late. > > WFM > > Cheers, > S. > >> >>> >>> - looks like a typo in section 4: " there is problems" maybe "there >>> are problems"? >> >> Fixed, thanks. >> >> -- Jeff >> > > _______________________________________________ > secdir mailing list -- secdir@ietf.org > To unsubscribe send an email to secdir-leave@ietf.org > wiki: https://wiki.ietf.org/group/secdir/SecDirReview
- Secdir early review of draft-ietf-bfd-optimizing-… Stephen Farrell via Datatracker
- Re: Secdir early review of draft-ietf-bfd-optimiz… Jeffrey Haas
- Re: Secdir early review of draft-ietf-bfd-optimiz… Stephen Farrell
- Re: [secdir] Re: Secdir early review of draft-iet… Christian Huitema
- Re: [secdir] Secdir early review of draft-ietf-bf… Jeffrey Haas