IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-sidr-origin-validation-signaling-09

Tero Kivinen <kivinen@iki.fi> Wed, 23 November 2016 15:00 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE9DA1296C6; Wed, 23 Nov 2016 07:00:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tf8O99npjXiy; Wed, 23 Nov 2016 07:00:56 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84EF3129A40; Wed, 23 Nov 2016 07:00:41 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id uANF0dom005631 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 23 Nov 2016 17:00:39 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id uANF0dSM005637; Wed, 23 Nov 2016 17:00:39 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22581.44823.269032.294446@fireball.acr.fi>
Date: Wed, 23 Nov 2016 17:00:39 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sidr-origin-validation-signaling.all@ietf.org
X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd)
X-Edit-Time: 16 min
X-Total-Time: 5 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/R_Ch7NyiEm1U6rFPxbRv83m8yFI>
Subject: [secdir] Secdir review of draft-ietf-sidr-origin-validation-signaling-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 15:00:57 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is quite short draft explaining how to transmit prefix origin
validation state over BGP. Its security considerations section say:

   This document introduces no new security concerns beyond what is
   described in [RFC6811].

I think this is mostly correct, but I also think that there might be
also new security considerations when you are not doing prefixi origin
validation yourself, but you are trusting someone else to send you
that information. I.e. you need to know whether the sender should be
trusted to send that information and how the BGP information is
protected from tampering (on the other hand if you trust BGP
information from untrusted sources, or allow attackers to modify BGP
messages, you most likely have more serious issues :-)

Adding that kind of text to the security considerations section would
be needed.
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email