Re: [secdir] Spam:*******, Secdir Review of draft-ietf-idr-rfc4893bis-07 (resend of a resend)

"Susan Hares" <shares@ndzh.com> Mon, 16 July 2012 23:28 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AAC821F87A2; Mon, 16 Jul 2012 16:28:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K1xX1PredRFo; Mon, 16 Jul 2012 16:27:58 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web.hickoryhill-consulting.com [64.9.205.140]) by ietfa.amsl.com (Postfix) with ESMTP id E5C5421F8773; Mon, 16 Jul 2012 16:27:55 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=63.133.198.20;
Received: from SKH2012HPLT (unverified [63.133.198.20]) by hickoryhill-consulting.com (SurgeMail 5.2a) with ESMTP id 3458997-1945496 for multiple; Mon, 16 Jul 2012 19:28:40 -0400
From: Susan Hares <shares@ndzh.com>
To: 'Catherine Meadows' <catherine.meadows@nrl.navy.mil>, iesg@ietf.org, secdir@ietf.org, draft-ietf-idr-rfc4893bis.all@tools.ietf.org
References: <9BA4B53E-9772-47D4-B336-3A98FAEB4045@nrl.navy.mil>
In-Reply-To: <9BA4B53E-9772-47D4-B336-3A98FAEB4045@nrl.navy.mil>
Date: Mon, 16 Jul 2012 19:28:37 -0400
Message-ID: <005401cd63aa$baeac2b0$30c04810$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0055_01CD6389.33DCF340"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJKmuJjwEjeN+Alq24qu8oI3WgY1pYyEeWg
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
X-Mailman-Approved-At: Mon, 16 Jul 2012 16:29:56 -0700
Cc: "John G. Scudder" <jgs@juniper.net>, "'Murphy, Sandra'" <Sandra.Murphy@sparta.com>
Subject: Re: [secdir] Spam:*******, Secdir Review of draft-ietf-idr-rfc4893bis-07 (resend of a resend)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2012 23:28:03 -0000

Catherine:

 

I've read and re-read this email for a week (7/9 - 7/16). 

 

Misconfiguration is a fact of life in networks.  Security profiles must deal
with this point.  We can all say you should not misconfigure networks - but
life happens.  Therefore,  I'm confused by your question.  I would consider
it is just a security event the authors pointing happens. 

 

On your second comment

 

"I would also expect that the chance of routing loops arising out conversion
from 4-octet
to 2-octet occurring between confederations would be much less than of their
occurring
within a confederation (although one can't know for sure without knowing
what the 4-octet
to 2-octet mapping is), so following the recommendations in the Security
Considerations would
greatly reduce the probability of such a routing loop occurring.  Is this
correct? " 

 

It depends if someone configures a confederation within a confederation.
[see earlier comment on mis-configuration.] I've copied Sandy Murphy in case
as SIDR chair can put this discussion into a different "security" specific
light.  

 

Confused,

 

Sue 

 

 

From: Catherine Meadows [mailto:catherine.meadows@nrl.navy.mil] 
Sent: Monday, July 09, 2012 2:25 PM
To: iesg@ietf.org; secdir@ietf.org;
draft-ietf-idr-rfc4893bis.all@tools.ietf.org
Cc: Catherine Meadows
Subject: Spam:*******, Secdir Review of draft-ietf-idr-rfc4893bis-07 (resend
of a resend)

 

I managed to screw up the email address again.  Here it is for what I hope
is the last time.

My apologies again to everyone who receives *three* copies of this message.

 

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document describes an added capability for four-octet Autonomous System
(AS) numbers in BGP.  This is intended to  replace the older two-octet AS
numbers,
since that space is filling up.

In order to preserve backward compatibility, AS's using the four-octet
systems (called New
BGP speakers in the document) must advertise both four-octet and two-octet
AS numbers.
This is the case even if the New BGP Speaker does not have a globally unique
two-octet number.
The document says that in this case the two-octet number is obtained by
mapping the four-octet
number to the two-octet space.  The procedure for doing this is not
specified.

The authors identify a risk of routing loops developing when ambiguities
develops as a
result of a BGP speaker using the old system aggregating two or more routes
carrying
4-octet attributes.  In the Security Configurations Section, the authors
point out that an
attacker might be able to exploit this in a denial of service attack.  They
point out that it is
a misconfiguration to assign 4-octet Member AS Numbers in a BGP
confederation until all BGP speakers
within the confederation have transitioned to support 4-octet numbers.

I think that this is a good recommendation.  I just have a couple of minor
comments.

It's not clear to me what the status of "misconfiguration" is in the
hierarchy of IETF.
Is it more like SHALL NOT or SHOULD NOT?  Is there a reason why you're
saying
"misconfiguration" instead of one of those?

I would also expect that the chance of routing loops arising out conversion
from 4-octet
to 2-octet occurring between confederations would be much less than of their
occurring
within a confederation (although one can't know for sure without knowing
what the 4-octet
to 2-octet mapping is), so following the recommendations in the Security
Considerations would
greatly reduce the probability of such a routing loop occurring.  Is this
correct? 

Cathy Meadows

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil