Re: Request for WG adoption of draft-mahesh-bfd-authentication
Jeffrey Haas <jhaas@pfrc.org> Fri, 04 December 2015 16:55 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2C681A8A25; Fri, 4 Dec 2015 08:55:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94rtdYFbUSmW; Fri, 4 Dec 2015 08:55:07 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id AE1E31A8A39; Fri, 4 Dec 2015 08:55:07 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 0B70E1E4AE; Fri, 4 Dec 2015 11:56:11 -0500 (EST)
Date: Fri, 04 Dec 2015 11:56:10 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Rajeev G Nair (rajeenai)" <rajeenai@cisco.com>
Subject: Re: Request for WG adoption of draft-mahesh-bfd-authentication
Message-ID: <20151204165610.GG16473@pfrc.org>
References: <D2747638.109021%rrahman@cisco.com> <D27A74CD.10520C%rajeenai@cisco.com> <ED7433C2-8198-4D82-87BF-4F4FEA94080A@gmail.com> <D27BD707.106066%rajeenai@cisco.com> <20151201205502.GD22376@pfrc.org> <D285FC8A.109323%rajeenai@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <D285FC8A.109323%rajeenai@cisco.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/FmgX0auKam_1xqLdxFtGui_SNs4>
Cc: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "draft-mahesh-bfd-authentication@ietf.org" <draft-mahesh-bfd-authentication@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 16:55:09 -0000
Rajeev, On Thu, Dec 03, 2015 at 10:16:27PM +0000, Rajeev G Nair (rajeenai) wrote: > >No particular offense to you or others on this point, but I must state > >something: I've always found the idea of the attack of keeping BFD *up* to > >be silly. :-) > > > >In general, BFD is used for fast-failover, but not on a stand-alone basis. > > Rajeev> If authentication is compromised, fast-fail over won¹t happen, > right?. Any delay in fast-faill over will question BFD. BFD fail-overs are > as secure as the auth scheme used. I agree with your analysis. I repeat my comment. If your attack is keeping up a given resource until either the resource's built-in (if any) keepalive mechanism takes effect or until an expected BFD authenticated packet is expected (not in current spec, but we've mentioned it on-list a few times), then I think it's a pretty weak case. The attack would effectively to break a link to man-in-the-middle and then keep the link up from a BFD perspective. This might lead to loss of service/blackholing. But unless a similar MitM is done for each covered service as well, it's just as likely that the covered services will note failures. If you're able to MitM all of the services, why would you attack BFD? Arguably, if you care about this scenario, the answer is to use a BFD authentication mode that authenticates each BFD packet, as per the existing meticulous authentication. [Authors take note] What this potentially argues is that we need the described behavior to be "semi-meticulous" (or pick better words of choice). This way the behavior can be explicitly chosen. This simply means new authentication code points. Although if we're getting to the point of meticulous, non-meticulous and semi-meticulous, perhaps the gen-auth spec should be updated to simply allow a mode and then a cipher suite as the contents. -- Jeff
- Request for WG adoption of draft-mahesh-bfd-authe… Reshad Rahman (rrahman)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Marc Binderberger
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- RE: Request for WG adoption of draft-mahesh-bfd-a… Gregory Mirsky
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- RE: Request for WG adoption of draft-mahesh-bfd-a… Gregory Mirsky
- RE: Request for WG adoption of draft-mahesh-bfd-a… Mach Chen
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- Re: Request for WG adoption of draft-mahesh-bfd-a… Loa Andersson
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- RE: Request for WG adoption of draft-mahesh-bfd-a… Santosh P K
- Re: Request for WG adoption of draft-mahesh-bfd-a… Mahesh Jethanandani
- Re: Request for WG adoption of draft-mahesh-bfd-a… Mahesh Jethanandani
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas