IETF Logo Mail Archive

Re: Secdir early review of draft-ietf-bfd-stability-13

Christian Huitema <huitema@huitema.net> Thu, 13 June 2024 16:41 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32836C14F736; Thu, 13 Jun 2024 09:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2Ii5XKNzfeh; Thu, 13 Jun 2024 09:41:23 -0700 (PDT)
Received: from semf08.mfg.siteprotect.com (semf08.mfg.siteprotect.com [64.26.60.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21EFDC14F6FF; Thu, 13 Jun 2024 09:41:22 -0700 (PDT)
Received: from smtpauth01.mfg.siteprotect.com ([64.26.60.150]) by se02.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1sHnVo-009tag-ON; Thu, 13 Jun 2024 12:41:21 -0400
Received: from [192.168.1.106] (unknown [172.56.169.249]) (Authenticated sender: huitema@huitema.net) by smtpauth01.mfg.siteprotect.com (Postfix) with ESMTPSA id 4W0Spf17RWz162NvN; Thu, 13 Jun 2024 12:41:14 -0400 (EDT)
Message-ID: <979a261d-a703-49d4-b701-a349a79fe52a@huitema.net>
Date: Thu, 13 Jun 2024 09:41:14 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Secdir early review of draft-ietf-bfd-stability-13
To: Reshad Rahman <reshad@yahoo.com>, Jeffrey Haas <jhaas@pfrc.org>
References: <171782249784.25815.7552423038264617535@ietfa.amsl.com> <20240610162206.GA1459@pfrc.org> <1813362471.3032669.1718293563050@mail.yahoo.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <1813362471.3032669.1718293563050@mail.yahoo.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.150
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+mr6hJQ2Rr/cHFb5t3Y3/1PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wHtTAPE4tIBfhpuDz1GyS8+ybjXWPenX5gX2dNPtf90waE qQxHA2Wf5d0nTfmf5He5Rda6Yd9Tm+9nG9CwcFIQjOTeWc1bxr+IyYQNjXZ6uvU3cnYrlMQFH4wf VuIZwIEYlbJA7gmdXdvqQoCB5CyrRTYstSgfBIeo7z3VeAfxlDw/y1Lg/lH366vQiKw1YIpaa40D xZPJuLUk3zkVKd8pl0F42+tnng15Z8hbaDC01UYBamQ6dg4NNdnxdQ8Li0ymxQjPqAC0rNxW7340 QpVxVK/G2AXM5FL4oPTMQMPRGJ8I4PJ017GaLq4UyagUAHp0sXAT0DV7v3l3he6L/JXfUe4CriTs +ob0zmJ3PuOhHu00wQFrAkLkiNACpB5yWu49kNIZsJb7pJd841Ik8wqbT528FNAMyQ3ysNl+RKKu Qz96svOxab/H9H+hFR8Ct3ZrOss7NUvZybW/6dRO2FcTVfzUxHF3Ul6CeJckbXFRej3TeAhJCDTY WhW7oxK7rfKf4TS7xDZvCPS61ekqpTLhZA+ilPQ7+yozlHD5jgRG3FscVjiK5Owr8gHkkT52Mko9 a5MTHwHNput7ddpnCiJ76GKCRahw/qBQUTZuBtuo8K0N48eKErFtlJYDEE4L0/nB8lSH8m3KIz7c 5vskwpLoaw5KtvmRtzbsmBVhC55qhDmNTDA5NMhorKvUL9MjBR3QfkHCfeKLZ4pKHaNfPfuKqoJW OJLr5a1cpnqAdaEobrOqDOXOb+pzuncYK5y4C9hi/2cX2PnkUg4+0k7+21YLY1W0wRctB5me4+eI +Z208NBdlQIrS8hbLS01RsHaKPoa9ykQ7oBtptEhpxv+RLyia7X/CX9/5OOSfZtD8DykThIokM06 vLItjRYeAdsUzjhO8QdF8RJkMmyYquA7ky0tzQkVeNrI4ZcZgZSBMHQTfSavUOHJr0v/9oOBNa9V pY4UzgozKmPUEyOXJWAc0FOxfqb5R4VemuUI6bcEARsm0KO5XyXUxi1Wo6SS+dA7lQDEMzerJfQa 9UAYKsgEV8p+AOojn2PlXbBWTMroRj4sFNQAr1VYK8F5PblQ/RFel+bvDSqeetyyxnm2odyJSuQK B+850oVFTtbvGboD7knaNM4gtFOC44mJNsf16ABIsnsxL7hrJSk60SF3F6RYOYr2
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Message-ID-Hash: 53MC2G7NISVBJFO7345FSF65RK45VWVV
X-Message-ID-Hash: 53MC2G7NISVBJFO7345FSF65RK45VWVV
X-MailFrom: huitema@huitema.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rtg-bfd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-bfd-stability.all@ietf.org" <draft-ietf-bfd-stability.all@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection" <rtg-bfd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/SzKGVXZ8xnVLdgB0Kfk6yhDV3so>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Owner: <mailto:rtg-bfd-owner@ietf.org>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Subscribe: <mailto:rtg-bfd-join@ietf.org>
List-Unsubscribe: <mailto:rtg-bfd-leave@ietf.org>


On 6/13/2024 8:46 AM, Reshad Rahman wrote:
>   Chiming in late. Inline.
>      On Monday, June 10, 2024, 12:22:13 PM EDT, Jeffrey Haas <jhaas@pfrc.org> wrote:
>   
>   Christian,
> 
> Thanks for your review.  Some of my comments will overlap those from Alan.
> 
> On Fri, Jun 07, 2024 at 09:54:57PM -0700, Christian Huitema via Datatracker wrote:
>> The authentication sequence number is a 32 bit field. Such numbers can roll
>> over, either after a long duration session or due to a packet injection attack.
> 
> As Alan points out, normal rollover is something we're usually unbothered by
> in the existing authentication algorithms.
> 
> The point you have here is far more about the underlying issue for the null
> authentication procedures:
> 
>> There is some text about that in the description of the NULL authentication. It
>> says:
>>
>>      If bfd.AuthSeqKnown is 1, and the received Sequence Number field is
>>      not equal to bfd.RcvAuthSeq + 1 (in a circular number space), then
>>      the loss count is incremented by one and bfd.RcvAuthSeq is set to the
>>      received Sequence Number.
>>
>> That does not look quite right. Suppose that due to out of order delivery, the
>> packets are received in order 1-3-2-4. Upon reception of packet 3, the
>> algorithm counts one loss and set the next expected value to 4. After packet 2,
>> another loss and expected value to 3. After packet 4, another loss and expected
>> value to 5. So, three losses when none actually occurred.
> 
> Agreed.  We do mention this here:
> 
> : Implementations MAY provide mechanisms wherein all expected packets received
> : across an expected interval but delivered out of order are not considered
> : lost packets.
> 
> We indeed discussed the option about how to avoid some of these out of order
> issues as part of active attacks vs. BFD sessions with NULL authentication.
> The conclusion from that thread is we simply CANNOT leverage the sequence
> numbers for purposes of "do we pass the authentication checks".  As you note
> here:
> 
> <RR> Was there any consideration to change the procedure to increment the loss count so that if we get 1-3-2-4, we increment loss count when we receive 3 (2 is deemed lost) but not when we receive 2 (2 < 3 so that means out of order). Also when we receive 2, since 2 < 3 (OOO) if we don't update bfd.RcvAuthSeq, then when we receive 4 we won't increment loss count. So it'd be counted as 1 loss.

Or, you could use the same "windowed" process as used with the 
authenticated modes. But the security issue is obvious.

The current specification for loss detection with NULL auth is almost 
stateless. A spoofed packet does increase the loss counter, but the next 
packet restores the state to what it needed to be. Adopting your 
proposed rule or the windowed rule will make it stateful. A spoofed 
packet would increment bfd.RcvAuthSeq, and could cause lots of "good" 
packets to be ignored.

This brings back my argument against using NULL authentication. I would 
prefer to not see it used at all, but barring that you could at a 
minimum have a warning in the security section. RFC 5880 says that "BFD 
can provide failure detection on any kind of path between systems, 
including direct physical links, virtual circuits, tunnels, MPLS Label 
Switched Paths (LSPs), multihop routed paths, and unidirectional links 
(so long as there is some return path, of course)." I understand that 
the risk of using NULL auth appears limited if the endpoints are 
connected by direct physical links, and maybe also if tunnels are 
protected by IPSEC. But the risks are obvious for multihop routed paths, 
tunnels without authentication, and probably virtual circuits or MPLS 
Label Switched Paths as well. So, if you cannot swallow a blanket ban on 
NULL auth, at a minimum you should have some MUST NOT specifications for 
any path in which packets can be injected by third parties.

With a precaution like that in place, you could use the same windowed 
procedure for all authentication types, including NULL. That would 
probably simplify implementations.

-- Christian Huitema

v2.46.0 | Report a Bug | By Email | System Status