[secdir] Re: Secdir early review of draft-ietf-bfd-stability-13

Christian Huitema <huitema@huitema.net> Tue, 11 June 2024 18:36 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C077C1D4CEC; Tue, 11 Jun 2024 11:36:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVplCiExGw1d; Tue, 11 Jun 2024 11:36:24 -0700 (PDT)
Received: from semfq02.mfg.siteprotect.com (semfq02.mfg.siteprotect.com [64.26.60.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AF51C18DB8A; Tue, 11 Jun 2024 11:36:23 -0700 (PDT)
Received: from smtpauth02.mfg.siteprotect.com ([64.26.60.151]) by se02.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1sH6M0-003WJS-TV; Tue, 11 Jun 2024 14:36:21 -0400
Received: from [192.168.1.106] (unknown [172.56.169.249]) (Authenticated sender: huitema@huitema.net) by smtpauth02.mfg.siteprotect.com (Postfix) with ESMTPSA id 4VzHSH6PWpz2YRNHK; Tue, 11 Jun 2024 14:36:15 -0400 (EDT)
Message-ID: <0cb9d396-58c1-4d7e-aa42-0ffd24ea4bec@huitema.net>
Date: Tue, 11 Jun 2024 11:36:13 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Jeffrey Haas <jhaas@pfrc.org>
References: <171782249784.25815.7552423038264617535@ietfa.amsl.com> <20240610162206.GA1459@pfrc.org> <869fbb88-c236-4cc9-b5e2-457556681eda@huitema.net> <20240611140357.GC4085@pfrc.org>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <20240611140357.GC4085@pfrc.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.151
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.16)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+xX39xSKFcbgn+PqyFTLM6PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wHtTAPE4tIBfhpuDz1GyS8+ybjXWPenX5gX2dNPtf90waE qQxHA2Wf5d0nTfmf5He5Rda6Yd9Tm+9nG9CwcFIQjOTeWc1bxr+IyYQNjXZ6uvU3cnYrlMQFH4wf VuIZwIEWVeoU4q+hWdmd0McQoQybc/vXUrGdgMGl2ZN0wCRUq7fgLSpDJEMwTgKguln1W72Gzz8m jcgYF0balAMC/uNd3WOGcz8xu9rZctX8sgTNov4euIZdCDQhxCRaZ86Ojewex/TNh37+9TBydDVF mUZhg8CBO1Snvm6qXHQp7O9kdX4+8VVR1UcIgNv9kopnWbFDuYiDuYqXv6DeUvbpGBxBZsN/DZ4i BHU1jKlc4dIeTtVzfBpUNIJbCsp5zJU0MGPpxOsB8gG0slV7ra6jI4BSJGlDdAt5iE2wWUUtBv7R wyGL9OyxAMsMu5TiHOeDBqWXHsenVowo8TiQrxT6yMwSkqxYHPHnjKyF8qK+f2qVwmpNZuMl2RpF rF/ORCBqH7EGtpV0foUL7ai8FSlqJ3s5tJgWpi0EXjWF2fsxKnVjGHwrgSC2Cw3YiPqrhSLQcL74 L0nk+TooPV1h2BXu3/c8PBHH57cLkN8Bd0wm8jqRC7iK9ree+gUyHwXcNW6nr8Boh9VoIekQHpwU fpYnEThm4LvIIVmfZUxTEA36IbT+3vGkn8tItHF0OnAdF4BReJUkAx893HKNqggwgygyRt6Am0aE w2cd4srVDfzOXXEzlGpfWecw6jr3t6Pygm04TXbNbtLtUIjMdb1GvM5tzHodiwQzKw+6v3CaIMG6 s7LqJApa2KYbpxQ+5NFmxsE+cIDEMzerJfQa9UAYKsgEV8p+bmH18qnoL56IViqA7sk1MDv++4dz cqr0zSuF2zVwWneOj+44RijFCuwQ8UhSJnW+RAnlwpKczClDWQRI7QmSrYfJzuimIQMKKkOD7B3W qYuSjMBmhzm4rz1rq/+01PILrpfLxiqw5H33TDtJKcymlqKC14iBBXlAZTWMzly2+5mSpa/wqu1N r4Fy4IT84VymWHP0EBLgndUoAi6L9qDL19rfSBrcZ3Fjv2N8xSqGcXe2vGAeV+d+6ytw3FbeGFqR JwxlsxwHTK2czylKVJ3UEg==
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Message-ID-Hash: XKZF5PC7DLXYBESQZIYWVKWYWMDCP67O
X-Message-ID-Hash: XKZF5PC7DLXYBESQZIYWVKWYWMDCP67O
X-MailFrom: huitema@huitema.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-bfd-stability.all@ietf.org, rtg-bfd@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir early review of draft-ietf-bfd-stability-13
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/C0SFFLh6_SD27oHQJY4CBaAqlWw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>


On 6/11/2024 7:03 AM, Jeffrey Haas wrote:
> And again, sequence rollover for replay has the presumption that you're
> using exactly the same contents for the BFD PDU.  The procedures for
> randomizing the Discriminators provide an appropriate nonce to prevent
> replay since the authentication data is computed over the entire BFD PDU.

I agree that if the discriminators change regularly and the change is 
enforced, then the rollover risks are addressed. However, I could not 
find text in either RFC5880 or draft-ietf-bfd-stability-13 that 
specifies how to do that.

RFC5880 specifies that "Your Discriminator" echoes the last value 
received from the peer. On reception, "Your Discriminator" is used to 
find the BFD session context, which implies that this is a somewhat 
stable value. As far as I can tell, "my discriminator" has no effect on 
receive processing, apart from being memorized and echoed in the next 
packets. If one just reads that text, it seems perfectly legit to keep 
the same value for a very long time. Changing the discriminator is 
permissible per section 6.3, but not mandated. The security 
considerations in section 9 suggest randomizing the discriminator at the 
beginning of a session, but do not mandate changing it during the session.

I think we are just missing something simple, like "the local 
discriminator MUST be changed to a new value after N packets have been 
sent", with N << 2^32. If I were implementing this I would pick a 
somewhat low value, to ensure that the code is used sometimes and that 
the behavior is verified.

-- Christian Huitema