Re: [secdir] Secdir last call review of draft-ietf-rtgwg-spf-uloop-pb-statement-09

Stewart Bryant <stewart.bryant@gmail.com> Mon, 07 January 2019 17:05 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B623D130F75; Mon, 7 Jan 2019 09:05:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGt7xlck-RGm; Mon, 7 Jan 2019 09:05:14 -0800 (PST)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CE9A130F72; Mon, 7 Jan 2019 09:05:13 -0800 (PST)
Received: by mail-wm1-x32d.google.com with SMTP id m22so1646379wml.3; Mon, 07 Jan 2019 09:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=htJjBNEDOMa4tWyDUHG8Y1pOE/x+Z9E2l8IMVgiTLT4=; b=NB7oIvOk0lc33pkb316H8iWpU7SEASTIYt6Xe6M0BqdzkcDnRiJ77HtJhJW6hgx5Zv HJpEqgR+uPuXY13Ab0AewFl9Vwv2nLnbKwHNKC7BqFiH2cLjBirYNqn+abBROq768ubi 6N/bcKTr+WlILB0sSabRZa5xTBF/0gbI8eeFm05jgh2IyCa5IQqN2jh3Ap7cql/M1/hA ZtlbCjuu3eXIqqsEGhBZaDTiczdLqET6N2/BpdCyOSQ4V9lonn4yJ/Oy2zxlksoKdURx Zfq2bs9YhI2g9InfrL9sRMUdXsGCWHjs9U+TOBIzCW4SMDpKV6BSiaQjTq+O5lpE2OHK TkMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=htJjBNEDOMa4tWyDUHG8Y1pOE/x+Z9E2l8IMVgiTLT4=; b=Sdz9tcmLrepDlbDoc4HLXm0+3Pm7UDfMMvWFgHOJdDXasOALA0yutEwzSr6e5qWbhw DZEDaCeW7OrIsg8/O5kUM+vzqOHmWNXKVNNBP0OHJ+JsFxkfJGyA78D/+Y8eRLFzKt3j kEpFSb/VPNafTPqiv60m4Tlk3Z34g9br8rDkes8kMvsS28l/0ZPZQovKQX2ZeYI003ZH QwOEgsvTOsR9n/bAvA/DRrOiaJ6r7EzJj6cqstJfRNeeiHrb1qh3er03O7ynYFz6UTIj KvagZtrVrIwYEXq8TavN732t1NvaIyiuvA0wxv7adbyy+kZULE0uge4f2PxDDtQ/nwce LQNg==
X-Gm-Message-State: AJcUukc2P5dd8AQOVRJubPbYPKJ/fyV6DdCqB9b2G/m5jDwqVwJEV7se pYPXIzt2zFvqjcPU/3rNskiYvz5b
X-Google-Smtp-Source: ALg8bN6/+W/lJIZpdF/6r5eC6yrdm7yJ5sWgyTHuYl8f4J2fEkhRz7SsrB+Tcv1N1Z2xZU7PBFG0fA==
X-Received: by 2002:a7b:c315:: with SMTP id k21mr8939699wmj.145.1546880711273; Mon, 07 Jan 2019 09:05:11 -0800 (PST)
Received: from [192.168.2.198] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id m193sm8413808wmb.26.2019.01.07.09.05.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jan 2019 09:05:10 -0800 (PST)
To: Phillip Hallam-Baker <hallam@gmail.com>, secdir@ietf.org
Cc: draft-ietf-rtgwg-spf-uloop-pb-statement.all@ietf.org, ietf@ietf.org, rtgwg@ietf.org
References: <154687749567.23321.13207113394828941966@ietfa.amsl.com>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <62c9b5fb-5c03-0747-fa1e-a513118a35a8@gmail.com>
Date: Mon, 7 Jan 2019 17:05:09 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <154687749567.23321.13207113394828941966@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------6794F38D0BBE857931E87236"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VJwffVVzyVCJvfmEvHKO3ygmp0g>
Subject: Re: [secdir] Secdir last call review of draft-ietf-rtgwg-spf-uloop-pb-statement-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 17:05:16 -0000

On 07/01/2019 16:11, Phillip Hallam-Baker wrote:
> Reviewer: Phillip Hallam-Baker
> Review result: Has Issues
>
> The document describes the problem and solution pretty clearly. Unfortunately,
> there is no discussion of the security considerations which is not appropriate
> for a document addressing an availability which is a security issue.
>
> While microloops can form by chance, some consideration should be given to the
> possibility that an attacker could induce a loop to perform a DoS attack.

In section 1 the text says:

[RFC8405] defines a solution that satisfies this problem statement
    and this document captures the reasoning of the provided solution.

It is safe to assume that the reader of this text would have read 
normative reference RFC8405 and thus would be fully aware of the 
security issues related to the solution being analysed.

An attacker that had access to a network such that they could induce 
microloops would have the ability to do many worse things to the network.

If they were able to attack in-band they could poison the routing system 
to take it down in far more interesting ways. Operators use security at 
the physical and network layer to prevent this.

If they were operating at the physical layer then they could take 
circuits down at will and cause microloops in the base protocol, traffic 
overloads and application malfunction.

Thus if the attacker could deploy either of those attacks in a network 
to induce micro-loops, then any security considerations in this draft 
would count for nothing.

The draft is an analysis, and thus I think that it correctly states that 
it introduces no additional matters for security consideration.

- Stewart