Re: SecDir review of draft-ietf-bfd-base-08.txt
David Ward <dward@cisco.com> Fri, 30 May 2008 13:20 UTC
Return-Path: <rtg-bfd-bounces@ietf.org>
X-Original-To: rtg-bfd-archive@megatron.ietf.org
Delivered-To: ietfarch-rtg-bfd-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0CB228C1C4; Fri, 30 May 2008 06:20:58 -0700 (PDT)
X-Original-To: rtg-bfd@core3.amsl.com
Delivered-To: rtg-bfd@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A216E3A68BF; Fri, 30 May 2008 06:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-hZkexsIR71; Fri, 30 May 2008 06:20:51 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 5DAE23A69B5; Fri, 30 May 2008 06:20:51 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,566,1204531200"; d="scan'208";a="106064305"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 30 May 2008 06:20:51 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m4UDKpTm024716; Fri, 30 May 2008 06:20:51 -0700
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m4UDKo5L000977; Fri, 30 May 2008 13:20:51 GMT
Received: from xmb-rtp-202.amer.cisco.com ([64.102.31.52]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 May 2008 09:20:50 -0400
Received: from [127.0.0.1] ([171.68.225.134]) by xmb-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 May 2008 09:20:50 -0400
In-Reply-To: <48347D72.5020700@isode.com>
References: <48347D72.5020700@isode.com>
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <93C7DA82-535B-4B42-9B40-024E6388F131@cisco.com>
Content-Transfer-Encoding: 7bit
From: David Ward <dward@cisco.com>
Subject: Re: SecDir review of draft-ietf-bfd-base-08.txt
Date: Fri, 30 May 2008 08:20:45 -0500
To: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: Apple Mail (2.753.1)
X-OriginalArrivalTime: 30 May 2008 13:20:50.0443 (UTC) FILETIME=[FAB8FDB0:01C8C257]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5330; t=1212153651; x=1213017651; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dward@cisco.com; z=From:=20David=20Ward=20<dward@cisco.com> |Subject:=20Re=3A=20SecDir=20review=20of=20draft-ietf-bfd-b ase-08.txt |Sender:=20; bh=Qy6IMQu4aNAdZgqhcbS0hR1VkaMkzDYxjtJRN2ynd/0=; b=RSAENGsyns/Fa8xUhS6AsdI4ta0kLsbK4Nm4/80OEYdSeW/ANDNrO3IsmY gsj2PUo+E67JOcwHyV3p6GLcOScho1WpuqUF+knnappyAx78Q9yNSLf9+HDL bxmN7Sw50B;
Authentication-Results: sj-dkim-2; header.From=dward@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: "iesg@ietf.org" <iesg@ietf.org>, rtg-bfd@ietf.org, "secdir@mit.edu" <secdir@mit.edu>, David Ward <dward@cisco.com>, Dave Katz <dkatz@juniper.net>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/rtg-bfd>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Sender: rtg-bfd-bounces@ietf.org
Errors-To: rtg-bfd-bounces@ietf.org
Alexey - Thanks for the review. Some of the comments are relevant for us to clarify in the document but, others are not. A few inline. On May 21, 2008, at 2:52 PM, Alexey Melnikov wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document describes a protocol intended to detect faults in the > bidirectional path between two forwarding engines. Separate documents > define how this protocol can be implemented in protocols connecting > the > forwarding engines. > > In general I found the document to be well written and easy to > understand. I found the Security Considerations section to be > adequate, however I have some comments/additional suggestions. > > In section 4.1: > >> Authentication Present (A) >> >> If set, the Authentication Section is present and the session is >> to be authenticated. > > It looks like it might be very easy for an attacker to disable > authentication by clearing this field and stripping the Authentication > Section of the BFD Control packet. > I think this should be mentioned in the Security considerations > section. > (Or please let me know if this is covered elsewhere in the document.) > DW: If stripped then the session will be invalid. Security is negotiated and thus both sides must agree. >> Length >> >> Length of the BFD Control packet, in bytes. > > Does this include all fields, including version, ... and the Length > itself? > >> Auth Type >> >> The authentication type in use, if the Authentication Present >> (A) >> bit is set. >> >> 0 - Reserved >> 1 - Simple Password >> 2 - Keyed MD5 >> 3 - Meticulous Keyed MD5 >> 4 - Keyed SHA1 >> 5 - Meticulous Keyed SHA1 > > It is good that the document allows for various authentication types. > However, I don't see a point in defining Keyed MD5 and Meticulous > Keyed > MD5, considering that SHA1 variants are mandatory to implement anyway. > If there is a reason for defining MD5 variants (such as existing > implementations, or speed, etc.), I suggest the document say so. In > the absence of such reason I don't see a point in standardizing MD5 > variants in a new protocol. > DW: The point is that BFD is bootstrapped by routing protocols and often implementations have protocol independent key-chains. Given some operators asked that we allow the ability to use either the same protocol independent key-chain info and md5 and meticulous keyed md5 is available to them today; we continued to allow operators to use what is available. Therefore, the decision was purely operationally pragmatic. >> 6-255 - Reserved for future use > > In Section 4.3: > >> Auth Key/Checksum >> >> This field carries the 16 byte MD5 checksum for the packet. >> When >> the checksum is calculated, the shared MD5 key is stored in this >> field. (See section 6.7.3 for details.) > > This might be obvious, but I think it is worth noting that the shared > key is exactly 16 bytes in length. If it is not the case, then some > text > about padding the key when calculating the hash is needed. > DW: I believe it is clear it is already 16 bytes. >> 6.3. Demultiplexing and the Discriminator Fields >> >> Since multiple BFD sessions may be running between two systems, >> there >> needs to be a mechanism for demultiplexing received BFD packets to >> the proper session. >> >> Each system MUST choose an opaque discriminator value that >> identifies >> each session, and which MUST be unique among all BFD sessions on >> the >> system. The local discriminator is sent in the My Discriminator >> field in the BFD Control packet, and is echoed back in the Your > > Are there any considerations on how random (guessable) this value > should be? DW: It doesn't matter. > >> 6.7.1. Enabling and Disabling Authentication > [...] > >> One possible approach is to build an implementation such that >> authentication is configured, but not considered "in use" until the >> first packet containing a matching authentication section is >> received >> (providing the necessary synchronization.) Likewise, >> authentication >> could be configured off, but still considered "in use" until the >> receipt of the first packet without the authentication section. >> >> In order to avoid security risks, implementations using this method >> should only allow the authentication state to be changed once >> without >> some form of intervention (so that authentication cannot be >> turned on >> and off repeatedly simply based on the receipt of BFD Control >> packets >> from remote systems.) > > I am not sure I understand the last quoted paragraph, can you > elaborate > what are you trying to say? > DW: This is how to thwart the negotiation of auth and turning it on and off. Many thanks again -DWard